Ignore:
Timestamp:
29/01/10 14:07:36 (11 years ago)
Author:
pjkersha
Message:
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authn.py

    r6264 r6440  
    3030                                              SessionHandlerMiddleware)   
    3131 
     32from ndg.security.server.wsgi.ssl import AuthKitSSLAuthnMiddleware 
    3233 
    3334class AuthnException(NDGSecurityMiddlewareError): 
     
    5152    '''HTTP Basic Authentication Middleware  
    5253    ''' 
    53      
    5454    AUTHN_FUNC_ENV_KEYNAME = ('ndg.security.server.wsgi.authn.' 
    5555                              'HTTPBasicAuthMiddleware.authenticate') 
     
    280280        quotedReturn2URI = urllib.quote(return2URI, safe='') 
    281281        return2URIQueryArg = urllib.urlencode( 
    282                     {AuthnRedirectInitiatorMiddleware.RETURN2URI_ARGNAME:  
    283                      quotedReturn2URI}) 
     282            {AuthnRedirectInitiatorMiddleware.RETURN2URI_ARGNAME:  
     283             quotedReturn2URI}) 
    284284 
    285285        redirectURI = self.redirectURI 
     
    306306        """ 
    307307        if status.startswith(cls.TRIGGER_HTTP_STATUS_CODE): 
    308             log.debug("%s.checker caught status [%s]: invoking authentication" 
    309                       " handler", cls.__name__, cls.TRIGGER_HTTP_STATUS_CODE) 
     308            log.debug("%s.checker caught status [%s]: invoking authentication " 
     309                      "handler", cls.__name__, cls.TRIGGER_HTTP_STATUS_CODE) 
    310310            return True 
    311311        else: 
     
    326326    which performs a similar function. 
    327327    """ 
     328     
    328329    @NDGSecurityMiddlewareBase.initCall 
    329330    def __call__(self, environ, start_response): 
     
    345346             
    346347        # Check for a return URI setting in the beaker session and if the user 
    347         # is authenticated, redirect to this URL deleting the beaker session 
     348        # has just been authenticated by the AuthKit SSL Client authentication 
     349        # middleware.  If so, redirect to this URL deleting the beaker session 
    348350        # URL setting 
    349351        return2URI = session.get(self.__class__.RETURN2URI_ARGNAME)     
    350         if self.isAuthenticated and return2URI: 
     352        if self.sslAuthnSucceeded and return2URI: 
    351353            del session[self.__class__.RETURN2URI_ARGNAME] 
    352354            session.save() 
     
    366368                               doc="Boolean indicating if AuthKit " 
    367369                                   "'REMOTE_USER' environment variable is set") 
     370     
     371    _sslAuthnSucceeded = lambda self: self.environ.get( 
     372                    AuthKitSSLAuthnMiddleware.AUTHN_SUCCEEDED_ENVIRON_KEYNAME, 
     373                    False) 
     374         
     375    sslAuthnSucceeded = property(fget=_sslAuthnSucceeded, 
     376                                 doc="Boolean indicating SSL authentication " 
     377                                     "has succeeded in " 
     378                                     "AuthKitSSLAuthnMiddleware upstream of " 
     379                                     "this middleware") 
     380     
    368381    def __init__(self, app, app_conf, **local_conf): 
    369382        super(AuthKitRedirectResponseMiddleware, self).__init__(app, app_conf, 
Note: See TracChangeset for help on using the changeset viewer.