Ignore:
Timestamp:
29/01/10 14:07:36 (11 years ago)
Author:
pjkersha
Message:
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/openid/relyingparty/__init__.py

    r6354 r6440  
    5454    middleware to return to following OpenID sign in. 
    5555    ''' 
     56    OPENID_RP_PREFIX = 'openid.relyingparty.' 
     57    IDP_WHITELIST_CONFIG_FILEPATH_OPTNAME = 'idpWhitelistConfigFilePath' 
     58    SIGNIN_INTERFACE_MIDDLEWARE_CLASS_OPTNAME = 'signinInterfaceMiddlewareClass' 
     59    SIGNIN_INTERFACE_PREFIX = 'signinInterface.' 
     60     
     61    AUTHKIT_COOKIE_SIGNOUTPATH_OPTNAME = 'authkit.cookie.signoutpath' 
     62    AUTHKIT_OPENID_TMPL_OPTNAME_PREFIX = 'authkit.openid.template.' 
     63    AUTHKIT_OPENID_TMPL_OBJ_OPTNAME = AUTHKIT_OPENID_TMPL_OPTNAME_PREFIX + 'obj' 
     64    AUTHKIT_OPENID_TMPL_STRING_OPTNAME = AUTHKIT_OPENID_TMPL_OPTNAME_PREFIX + \ 
     65        'string' 
     66    AUTHKIT_OPENID_TMPL_FILE_OPTNAME = AUTHKIT_OPENID_TMPL_OPTNAME_PREFIX + \ 
     67        'file' 
     68     
    5669    sslPropertyDefaults = { 
    57         'idpWhitelistConfigFilePath': None 
     70        IDP_WHITELIST_CONFIG_FILEPATH_OPTNAME: None 
    5871    } 
    5972    propertyDefaults = { 
    60         'signinInterfaceMiddlewareClass': None, 
     73        SIGNIN_INTERFACE_MIDDLEWARE_CLASS_OPTNAME: None, 
    6174        'baseURL': '' 
    6275    } 
     
    6477    propertyDefaults.update(NDGSecurityMiddlewareBase.propertyDefaults) 
    6578     
    66     def __init__(self, app, global_conf, prefix='openid.relyingparty.',  
     79    def __init__(self, app, global_conf, prefix=OPENID_RP_PREFIX,  
    6780                 **app_conf): 
    6881        """Add AuthKit and Beaker middleware dependencies to WSGI stack and  
     
    8396        # Whitelisting of IDPs.  If no config file is set, no validation is 
    8497        # executed 
     98        cls = OpenIDRelyingPartyMiddleware 
     99         
    85100        idpWhitelistConfigFilePath = app_conf.get( 
    86                                         prefix + 'idpWhitelistConfigFilePath') 
     101                            prefix + cls.IDP_WHITELIST_CONFIG_FILEPATH_OPTNAME) 
    87102        if idpWhitelistConfigFilePath is not None: 
    88103            self._initIdPValidation(idpWhitelistConfigFilePath) 
    89104         
    90105        # Check for sign in template settings 
    91         if prefix+'signinInterfaceMiddlewareClass' in app_conf: 
    92             if 'authkit.openid.template.obj' in app_conf or \ 
    93                'authkit.openid.template.string' in app_conf or \ 
    94                'authkit.openid.template.file' in app_conf: 
    95                 log.warning("OpenID Relying Party " 
    96                             "'signinInterfaceMiddlewareClass' " 
    97                             "setting overrides 'authkit.openid.template.*' " 
    98                             "AuthKit settings") 
     106        if prefix+cls.SIGNIN_INTERFACE_MIDDLEWARE_CLASS_OPTNAME in app_conf: 
     107            if (cls.AUTHKIT_OPENID_TMPL_OBJ_OPTNAME in app_conf or  
     108                cls.AUTHKIT_OPENID_TMPL_STRING_OPTNAME in app_conf or  
     109                cls.AUTHKIT_OPENID_TMPL_FILE_OPTNAME in app_conf): 
    99110                 
    100             signinInterfacePrefix = prefix+'signinInterface.' 
     111                log.warning("OpenID Relying Party %r setting overrides " 
     112                            "'%s*' AuthKit settings", 
     113                            cls.AUTHKIT_OPENID_TMPL_OPTNAME_PREFIX, 
     114                            cls.SIGNIN_INTERFACE_MIDDLEWARE_CLASS_OPTNAME) 
     115                 
     116            signinInterfacePrefix = prefix+cls.SIGNIN_INTERFACE_PREFIX 
     117             
     118            className = app_conf[ 
     119                        prefix + cls.SIGNIN_INTERFACE_MIDDLEWARE_CLASS_OPTNAME] 
    101120            classProperties = {'prefix': signinInterfacePrefix} 
    102121            classProperties.update(app_conf) 
    103             app = instantiateClass( 
    104                            app_conf[prefix+'signinInterfaceMiddlewareClass'],  
    105                            None,   
    106                            objectType=SigninInterface,  
    107                            classArgs=(app, global_conf), 
    108                            classProperties=classProperties)             
     122             
     123            app = instantiateClass(className,  
     124                                   None,   
     125                                   objectType=SigninInterface,  
     126                                   classArgs=(app, global_conf), 
     127                                   classProperties=classProperties)             
    109128             
    110129            # Delete sign in interface middleware settings 
     
    114133                        del conf[k] 
    115134         
    116             app_conf['authkit.openid.template.string'] = app.makeTemplate() 
     135            app_conf[ 
     136                    cls.AUTHKIT_OPENID_TMPL_STRING_OPTNAME] = app.makeTemplate() 
    117137                 
    118         self.signoutPath = app_conf.get('authkit.cookie.signoutpath') 
     138        self.signoutPath = app_conf.get(cls.AUTHKIT_COOKIE_SIGNOUTPATH_OPTNAME) 
    119139 
    120140        app = authkit.authenticate.middleware(app, app_conf) 
     
    157177        interface 
    158178        - Manage AuthKit verify and process actions setting the referrer URI 
    159         to manage redirects 
     179        to manage redirects correctly 
    160180         
    161181        @type environ: dict 
     
    193213            not referrerPathInfo.endswith(self._authKitVerifyPath) and  
    194214            not referrerPathInfo.endswith(self._authKitProcessPath)): 
    195             # Subvert authkit.authenticate.open_id.AuthOpenIDHandler.process 
     215             
     216            # An app has redirected to the Relying Party interface setting the 
     217            # special ndg.security.r query argument.  Subvert  
     218            # authkit.authenticate.open_id.AuthOpenIDHandler.process 
    196219            # reassigning it's session 'referer' key to the URI specified in 
    197             # the referrer query argument set in the request URI 
     220            # ndg.security.r in the request URI 
    198221            session['referer'] = referrer 
    199222            session.save() 
     
    230253                _status = status 
    231254                for name, val in header: 
    232                     if name.lower() == 'content-type' and \ 
    233                        val.startswith('text/html'): 
     255                    if (name.lower() == 'content-type' and  
     256                        val.startswith('text/html')): 
    234257                        _status = self.getStatusMessage(401) 
    235258                        break 
     
    293316        Exception.__init__(self, msg, **kw) 
    294317         
     318         
    295319class SigninInterfaceInitError(SigninInterfaceError): 
    296320    """Error with initialisation of SigninInterface.  Raise from __init__""" 
    297321    errorMsg = "SigninInterface initialisation error" 
    298322     
     323     
    299324class SigninInterfaceConfigError(SigninInterfaceError): 
    300325    """Error with configuration settings.  Raise from __init__""" 
    301326    errorMsg = "SigninInterface configuration error"     
     327 
    302328 
    303329class SigninInterface(NDGSecurityMiddlewareBase): 
Note: See TracChangeset for help on using the changeset viewer.