Changeset 8030

Timestamp:

29/02/12 13:13:19 (9 years ago)

Author:

rwilkinson

Message:

Reorganised into ndg.oauth.client and ndg.oauth.server package
structures. Removed development test application and references to
Pylons and other unused packages.

Location:

trunk/ndg_oauth

Files:

• .project (added)
• .pydevproject (added)
• README.txt (added)
• ndg_oauth_client (moved) (moved from trunk/ndg_oauth/client)
• ndg_oauth_client/LICENSE (added)
• ndg_oauth_client/MANIFEST.in (deleted)
• ndg_oauth_client/README.txt (deleted)
• ndg_oauth_client/development.ini (deleted)
• ndg_oauth_client/get_url_app_proxy.ini (modified) (4 diffs)
• ndg_oauth_client/ndg (added)
• ndg_oauth_client/ndg/__init__.py (added)
• ndg_oauth_client/ndg/oauth (added)
• ndg_oauth_client/ndg/oauth/__init__.py (added)
• ndg_oauth_client/ndg/oauth/client (copied) (copied from trunk/ndg_oauth/client/ndgoauthclient)
• ndg_oauth_client/ndg/oauth/client/config (deleted)
• ndg_oauth_client/ndg/oauth/client/controllers (deleted)
• ndg_oauth_client/ndg/oauth/client/lib/app_globals.py (deleted)
• ndg_oauth_client/ndg/oauth/client/lib/base.py (deleted)
• ndg_oauth_client/ndg/oauth/client/lib/helpers.py (deleted)
• ndg_oauth_client/ndg/oauth/client/lib/oauth2_myproxy_client.py (modified) (1 diff)
• ndg_oauth_client/ndg/oauth/client/lib/oauth2client.py (modified) (1 diff)
• ndg_oauth_client/ndg/oauth/client/model (deleted)
• ndg_oauth_client/ndg/oauth/client/public (deleted)
• ndg_oauth_client/ndg/oauth/client/templates (deleted)
• ndg_oauth_client/ndg/oauth/client/tests (deleted)
• ndg_oauth_client/ndg/oauth/client/websetup.py (deleted)
• ndg_oauth_client/ndg/oauth/client/wsgi/oauth2_client.py (modified) (1 diff)
• ndg_oauth_client/ndgoauthclient (deleted)
• ndg_oauth_client/serve.py (modified) (1 diff)
• ndg_oauth_client/setup.cfg (modified) (1 diff)
• ndg_oauth_client/setup.py (modified) (2 diffs)
• ndg_oauth_client/test_app.ini (modified) (2 diffs)
• ndg_oauth_server (moved) (moved from trunk/ndg_oauth/server)
• ndg_oauth_server/LICENSE (added)
• ndg_oauth_server/README.txt (deleted)
• ndg_oauth_server/client_register.ini (modified) (2 diffs)
• ndg_oauth_server/development.ini (modified) (5 diffs)
• ndg_oauth_server/ndg (added)
• ndg_oauth_server/ndg/__init__.py (added)
• ndg_oauth_server/ndg/oauth (added)
• ndg_oauth_server/ndg/oauth/__init__.py (added)
• ndg_oauth_server/ndg/oauth/server (copied) (copied from trunk/ndg_oauth/server/ndgoauthserver)
• ndg_oauth_server/ndg/oauth/server/config (deleted)
• ndg_oauth_server/ndg/oauth/server/lib/access_token/bearer_token_generator.py (modified) (3 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/access_token/make_access_token.py (modified) (2 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/access_token/myproxy_cert_token_generator.py (modified) (3 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/app_globals.py (deleted)
• ndg_oauth_server/ndg/oauth/server/lib/authenticate/certificate_client_authenticator.py (modified) (1 diff)
• ndg_oauth_server/ndg/oauth/server/lib/authenticate/noop_client_authenticator.py (modified) (1 diff)
• ndg_oauth_server/ndg/oauth/server/lib/authenticate/test_authenticator.py (modified) (1 diff)
• ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py (modified) (7 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/authorize/authorizer.py (modified) (3 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/authorize/authorizer_storing_identifier.py (modified) (3 diffs)
• ndg_oauth_server/ndg/oauth/server/lib/base.py (deleted)
• ndg_oauth_server/ndg/oauth/server/lib/environment.py (deleted)
• ndg_oauth_server/ndg/oauth/server/lib/helpers.py (deleted)
• ndg_oauth_server/ndg/oauth/server/lib/register/access_token.py (modified) (1 diff)
• ndg_oauth_server/ndg/oauth/server/lib/register/authorization_grant.py (modified) (1 diff)
• ndg_oauth_server/ndg/oauth/server/lib/render (added)
• ndg_oauth_server/ndg/oauth/server/lib/render/__init__.py (added)
• ndg_oauth_server/ndg/oauth/server/lib/render/factory.py (added)
• ndg_oauth_server/ndg/oauth/server/lib/render/genshi_renderer.py (added)
• ndg_oauth_server/ndg/oauth/server/lib/render/renderer_interface.py (added)
• ndg_oauth_server/ndg/oauth/server/tests (deleted)
• ndg_oauth_server/ndg/oauth/server/websetup.py (deleted)
• ndg_oauth_server/ndg/oauth/server/wsgi/authorization_filter.py (modified) (8 diffs)
• ndg_oauth_server/ndg/oauth/server/wsgi/oauth2_server.py (modified) (2 diffs)
• ndg_oauth_server/ndgoauthserver (deleted)
• ndg_oauth_server/setup.cfg (modified) (1 diff)
• ndg_oauth_server/setup.py (modified) (2 diffs)

trunk/ndg_oauth/ndg_oauth_client/get_url_app_proxy.ini

@@ -41 +41 @@
 
 [filter:OAuth2Client]
-paste.filter_app_factory = ndgoauthclient.wsgi.oauth2_client:Oauth2ClientMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.oauth.client.wsgi.oauth2_client:Oauth2ClientMiddleware.filter_app_factory
 oauth2.session_key = %(beakerSessionKeyName)s
 # Default:
@@ -52 +52 @@
 oauth2.client_id=22
 # OAuth authorization server URLs
-oauth2.authorization_endpoint=https://ice.badc.rl.ac.uk:443/oas/oauth/authorize
-oauth2.access_token_endpoint=https://ice.badc.rl.ac.uk:443/oas/oauth/access_token
-#oauth2.authorization_endpoint=https://ice.badc.rl.ac.uk:5000/oauth/authorize
-#oauth2.access_token_endpoint=https://ice.badc.rl.ac.uk:5000/oauth/access_token
-#
+oauth2.authorization_endpoint=https://localhost:443/oas/oauth/authorize
+oauth2.access_token_endpoint=https://localhost:443/oas/oauth/access_token
+# Relative base path included in OAuth client URLs
 oauth2.base_url_path=/oauth2
 
@@ -73 +71 @@
 
 [app:App]
-paste.app_factory = ndgoauthclient.wsgi.get_url_app:GetUrlApp.app_factory
-url = http://ice.badc.rl.ac.uk:8080/thredds/dodsC/test/testData.nc.ascii
+paste.app_factory = ndg.oauth.client.wsgi.get_url_app:GetUrlApp.app_factory
+url = http://localhost:8080/thredds/dodsC/test/testData.nc.ascii
 
 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
@@ -110 +108 @@
 level = DEBUG
 handlers =
-qualname = ndgoauthclient
+qualname = ndg.oauth.client
 
 [handler_console]

trunk/ndg_oauth/ndg_oauth_client/ndg/oauth/client/lib/oauth2_myproxy_client.py

@@ -10 +10 @@
 import base64
 
-from ndgoauthclient.lib.oauth2client import Oauth2Client
-import ndgoauthclient.lib.openssl_cert as openssl_cert
+from ndg.oauth.client.lib.oauth2client import Oauth2Client
+import ndg.oauth.client.lib.openssl_cert as openssl_cert
 
 class Oauth2MyProxyClient(Oauth2Client):

trunk/ndg_oauth/ndg_oauth_client/ndg/oauth/client/lib/oauth2client.py

@@ -13 +13 @@
 import uuid
 
-import ndgoauthclient.lib.urlfetcher as urlfetcher
+import ndg.oauth.client.lib.urlfetcher as urlfetcher
 
 log = logging.getLogger(__name__)

trunk/ndg_oauth/ndg_oauth_client/ndg/oauth/client/wsgi/oauth2_client.py

@@ -13 +13 @@
 from webob import Request
 
-from ndgoauthclient.lib.oauth2client import Oauth2ClientConfig
-from ndgoauthclient.lib.oauth2_myproxy_client import Oauth2MyProxyClient
+from ndg.oauth.client.lib.oauth2client import Oauth2ClientConfig
+from ndg.oauth.client.lib.oauth2_myproxy_client import Oauth2MyProxyClient
 from ndg.httpsclient.ssl_context_util import SSlContextConfig
 

trunk/ndg_oauth/ndg_oauth_client/serve.py

@@ -1 +1 @@
 from paste.script.serve import ServeCommand
 
-ServeCommand("serve").run(["test_app.ini"])
+ServeCommand("serve").run(["get_url_app_proxy.ini"])
+#ServeCommand("serve").run(["test_app.ini"])
 #ServeCommand("serve").run(["development.ini"])

trunk/ndg_oauth/ndg_oauth_client/setup.cfg

@@ -1 +1 @@
 [egg_info]
 tag_svn_revision = true
-
-[easy_install]
-find_links = http://www.pylonshq.com/download/
-
-[nosetests]
-with-pylons = test.ini
-
-# Babel configuration
-[compile_catalog]
-domain = ndgoauthclient
-directory = ndgoauthclient/i18n
-statistics = true
-
-[extract_messages]
-add_comments = TRANSLATORS:
-output_file = ndgoauthclient/i18n/ndgoauthclient.pot
-width = 80
-
-[init_catalog]
-domain = ndgoauthclient
-input_file = ndgoauthclient/i18n/ndgoauthclient.pot
-output_dir = ndgoauthclient/i18n
-
-[update_catalog]
-domain = ndgoauthclient
-input_file = ndgoauthclient/i18n/ndgoauthclient.pot
-output_dir = ndgoauthclient/i18n
-previous = true

trunk/ndg_oauth/ndg_oauth_client/setup.py

@@ +1 @@
+__author__ = "R B Wilkinson"
+__date__ = "29/02/12"
+__copyright__ = "(C) 2012 Science and Technology Facilities Council"
+__license__ = "BSD - see LICENSE file in top-level directory"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = "$Id$"
+
 try:
     from setuptools import setup, find_packages
@@ -6 +13 @@
     from setuptools import setup, find_packages
 
+_long_description = """\
+This is an OAuth 2.0 client library and WSGI middleware filter.
+
+Its intended use is to make requests to the NDG OAuth server, which returns as
+access tokens certificates obtained from a MyProxy server.
+
+ndg.oauth.client.lib.oauth2client:Oauth2Client is a client that calls a
+specified callable with an access token obtained from a configured OAuth server.
+ndg.oauth.client.lib.oauth2_myproxy_client:Oauth2MyProxyClient extends this to
+handle key creation for obtaining MyProxy certificates.
+
+The filter ndg.oauth.client.wsgi.oauth2_client:Oauth2ClientMiddleware uses
+Oauth2MyProxyClient and sets the obtained access token in the WSGI environ. The
+token contains the key/certificate pair so that it can be used by other WSGI
+applications or middleware to authenticate.
+
+Prerequisites
+=============
+This has been developed and tested for Python 2.6.
+
+Installation
+============
+Installation can be performed using easy_install or pip.  
+
+Configuration
+=============
+Examples of configuration files for WSGI stacks are:
+test_app.ini:
+  This configures a simple test application that simply displays the key and
+  certificate.
+get_url_app_proxy.ini:
+  This is a more complex example that uses the NDG Security proxy. The
+  application makes a request to a configured URL using the security proxy. The
+  proxy uses a key/certificate pair obtained using NDG OAuth to authenticate the
+  request.
+"""
+
 setup(
-    name='ndgoauthclient',
-    version='0.1.1',
-    description='OAuth 2.0 client',
-    author='R. B. Wilkinson',
-    #author_email='',
-    #url='',
-    install_requires=[
-        "Pylons>=1.0",
-        "Genshi>=0.4",
+    name =                      'ndg_oauth_client',
+    version =                   '0.2.0',
+    description =               'OAuth 2.0 client',
+    author =                    'R. B. Wilkinson',
+    maintainer =                'Philip Kershaw',
+    maintainer_email =          'Philip.Kershaw@stfc.ac.uk',
+    #url ='',
+    license =                   'BSD - See LICENCE file for details',
+    install_requires =[
+        "PasteScript",
+        "Beaker",
+        "WebOb",
+        "pyOpenSSL",
+        "ndg_httpsclient",
+        "pyasn1",
     ],
-    setup_requires=["PasteScript>=1.6.3"],
-    packages=find_packages(exclude=['ez_setup']),
-    include_package_data=True,
-    test_suite='nose.collector',
-    package_data={'ndgoauthclient': ['i18n/*/LC_MESSAGES/*.mo']},
-    #message_extractors={'ndgoauthclient': [
-    #        ('**.py', 'python', None),
-    #        ('public/**', 'ignore', None)]},
-    zip_safe=False,
-    paster_plugins=['PasteScript', 'Pylons'],
-    entry_points="""
-    [paste.app_factory]
-    main = ndgoauthclient.config.middleware:make_app
-
-    [paste.app_install]
-    main = pylons.util:PylonsInstaller
-    """,
+    packages =find_packages(),
+    zip_safe =False,
 )

trunk/ndg_oauth/ndg_oauth_client/test_app.ini

@@ -39 +39 @@
 
 [filter:OAuth2Client]
-paste.filter_app_factory = ndgoauthclient.wsgi.oauth2_client:Oauth2ClientMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.oauth.client.wsgi.oauth2_client:Oauth2ClientMiddleware.filter_app_factory
 oauth2.session_key = %(beakerSessionKeyName)s
+# Default:
+#oauth2.oauth2_token_key = oauth2client.token
 # OAuth client configuration
-oauth2.client_cert = /home/rwilkinson_local/dev/oauthclient/certificate/usercert.pem
-oauth2.client_key = /home/rwilkinson_local/dev/oauthclient/certificate/userkey.pem
-oauth2.ca_dir = /home/rwilkinson_local/dev/oauthclient/ca
+oauth2.client_cert = /home/rwilkinson_local/dev/ndg_oauth/certificate/usercert.pem
+oauth2.client_key = /home/rwilkinson_local/dev/ndg_oauth/certificate/userkey.pem
+oauth2.ca_dir = /home/rwilkinson_local/dev/ndg_oauth/ca
 # ca_cert_file = /home/rwilkinson_local/dev/oauthclient/ca.pem
 oauth2.client_id=22
 # OAuth authorization server URLs
-#oauth2.authorization_endpoint=https://ice.badc.rl.ac.uk:443/oauth/authorize
-#oauth2.access_token_endpoint=https://ice.badc.rl.ac.uk:443/oauth/access_token
-oauth2.authorization_endpoint=https://ice.badc.rl.ac.uk:5000/oauth/authorize
-oauth2.access_token_endpoint=https://ice.badc.rl.ac.uk:5000/oauth/access_token
-#
+oauth2.authorization_endpoint=https://localhost:443/oas/oauth/authorize
+oauth2.access_token_endpoint=https://localhost:443/oas/oauth/access_token
+# Relative base path included in OAuth client URLs
 oauth2.base_url_path=/oauth2
 
 [app:App]
-paste.app_factory = ndgoauthclient.wsgi.wsgi_test_app:WsgiTestApp.app_factory
+paste.app_factory = ndg.oauth.client.wsgi.wsgi_test_app:WsgiTestApp.app_factory
 
 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
@@ -92 +92 @@
 level = DEBUG
 handlers =
-qualname = ndgoauthclient
+qualname = ndg.oauth.client
 
 [handler_console]

trunk/ndg_oauth/ndg_oauth_server/client_register.ini

@@ -10 +10 @@
 #id=477bfc8c-a739-45b3-a63b-5b1662cc12d7
 type=confidential
-redirect_uris=http://ice.badc.rl.ac.uk:5001/client/redirect_target
-authentication_data=/O=STFC/OU=BADC/OU=simpleCA-ice.badc.rl.ac.uk/OU=badc.rl.ac.uk/CN=test1.client
+redirect_uris=http://localhost:5001/client/redirect_target
+authentication_data=/O=STFC/OU=BADC/OU=simpleCA-localhost/OU=badc.rl.ac.uk/CN=test1.client
 
 [client:test2]
@@ -18 +18 @@
 #id=691ad8cc-293c-4fbe-b8eb-980fcd621157
 type=confidential
-redirect_uris=http://ice.badc.rl.ac.uk:5002/oauth2/oauth_redirect
-authentication_data=/O=STFC/OU=BADC/OU=simpleCA-ice.badc.rl.ac.uk/OU=badc.rl.ac.uk/CN=test.client
+redirect_uris=http://localhost:5002/oauth2/oauth_redirect
+authentication_data=/O=STFC/OU=BADC/OU=simpleCA-localhost/OU=badc.rl.ac.uk/CN=test.client

trunk/ndg_oauth/ndg_oauth_server/development.ini

@@ -1 +1 @@
 #
-# ndgoauthserver - Pylons development environment configuration
+# NDG OAuth Server - Pylons development environment configuration
 #
 # The %(here)s variable will be replaced with the parent directory of this file
@@ -51 +51 @@
 # fully qualified domain name or else set the MYPROXY_SERVER environment
 # variable.  See the documentation for the MyProxyClient egg for details
-myproxy.client.hostname = ice.badc.rl.ac.uk
+myproxy.client.hostname = localhost
 #myproxy.client.port = 7512
 
@@ -62 +62 @@
 [filter:OAuth2Authz]
 # Authorization filter configuration options - defaults are commented out.
-paste.filter_app_factory = ndgoauthserver.wsgi.authorization_filter:Oauth2AuthorizationMiddleware.filter_app_factory
+paste.filter_app_factory = ndg.oauth.server.wsgi.authorization_filter:Oauth2AuthorizationMiddleware.filter_app_factory
 oauth2authorization.base_url_path=/client_authorization
-oauth2authorization.client_authorization_form=%(here)s/ndgoauthserver/templates/auth_client_form.html
+oauth2authorization.client_authorization_form=%(here)s/ndg/oauth/server/templates/auth_client_form.html
 #oauth2authorization.client_authorizations_key=client_authorizations
 oauth2authorization.client_register=%(here)s/client_register.ini
@@ -71 +71 @@
 
 [app:OAuth2Server]
-paste.app_factory = ndgoauthserver.wsgi.oauth2_server:Oauth2ServerMiddleware.app_factory
+paste.app_factory = ndg.oauth.server.wsgi.oauth2_server:Oauth2ServerMiddleware.app_factory
 
 # OAuth2 server configuration options - defaults are commented out.
@@ -133 +133 @@
 level = DEBUG
 handlers =
-qualname = ndgoauthserver
+qualname = ndg.oauth.server
 
 [handler_console]

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/access_token/bearer_token_generator.py

@@ -10 +10 @@
 import uuid
 
-from ndgoauthserver.lib.access_token.access_token_interface import AccessTokenInterface
-from ndgoauthserver.lib.register.access_token import AccessToken
+from ndg.oauth.server.lib.access_token.access_token_interface import AccessTokenInterface
+from ndg.oauth.server.lib.register.access_token import AccessToken
 
 class BearerTokenGenerator(AccessTokenInterface):
@@ -32 +32 @@
         Gets an access token with an ID that is a random UUID used as a bearer
         token.
-        @type token_request: ndgoauthserver.lib.access_token.AccessTokenRequest
+        @type token_request: ndg.oauth.server.lib.access_token.AccessTokenRequest
         @param token_request: access token request
 
-        @type grant: ndgoauthserver.lib.register.authorization_grant.AuthorizationGrant
+        @type grant: ndg.oauth.server.lib.register.authorization_grant.AuthorizationGrant
         @param grant: authorization grant
 
@@ -41 +41 @@
         @param request: HTTP request object
 
-        @rtype: ndgoauthserver.lib.register.access_token.AccessToken
+        @rtype: ndg.oauth.server.lib.register.access_token.AccessToken
         @return: access token or None if an error occurs
         """

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/access_token/make_access_token.py

@@ -10 +10 @@
 from datetime import datetime
 
-from ndgoauthserver.lib.oauth.oauth_exception import OauthException
-from ndgoauthserver.lib.oauth.access_token import AccessTokenResponse
+from ndg.oauth.server.lib.oauth.oauth_exception import OauthException
+from ndg.oauth.server.lib.oauth.access_token import AccessTokenResponse
 
 AUTHORIZATION_CODE_GRANT_TYPE = 'authorization_code'
@@ -49 +49 @@
     # This requires that the client has authenticated itself so that the
     # client identity is known.
-    # TODO client_id is None if client authentication is not configured. Is there
-    # a better way to signal that authentication is disabled for testing?
+    # client_id is None if client authentication is not configured - this
+    # signals that authentication is disabled for testing.
     if client_id and (grant.client_id != client_id):
         raise OauthException('invalid_grant', 'Token granted for different client')

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/access_token/myproxy_cert_token_generator.py

@@ -11 +11 @@
 import logging
 
-from ndgoauthserver.lib.access_token.access_token_interface import AccessTokenInterface
-from ndgoauthserver.lib.register.access_token import AccessToken
+from ndg.oauth.server.lib.access_token.access_token_interface import AccessTokenInterface
+from ndg.oauth.server.lib.register.access_token import AccessToken
 
 log = logging.getLogger(__name__)
@@ -41 +41 @@
         """
         Gets an access token using MyProxyClient.
-        @type token_request: ndgoauthserver.lib.access_token.AccessTokenRequest
+        @type token_request: ndg.oauth.server.lib.access_token.AccessTokenRequest
         @param token_request: access token request
 
-        @type grant: ndgoauthserver.lib.register.authorization_grant.AuthorizationGrant
+        @type grant: ndg.oauth.server.lib.register.authorization_grant.AuthorizationGrant
         @param grant: authorization grant
 
@@ -50 +50 @@
         @param request: HTTP request object
 
-        @rtype: ndgoauthserver.lib.register.access_token.AccessToken
+        @rtype: ndg.oauth.server.lib.register.access_token.AccessToken
         @return: access token or None if an error occurs
         """

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authenticate/certificate_client_authenticator.py

@@ -8 +8 @@
 __revision__ = "$Id$"
 
-from ndgoauthserver.lib.authenticate.client_authenticator_interface import ClientAuthenticatorInterface
-from ndgoauthserver.lib.oauth.oauth_exception import OauthException
-from ndgoauthserver.lib.register.client import ClientRegister
+from ndg.oauth.server.lib.authenticate.client_authenticator_interface import ClientAuthenticatorInterface
+from ndg.oauth.server.lib.oauth.oauth_exception import OauthException
+from ndg.oauth.server.lib.register.client import ClientRegister
 
 class CertificateClientAuthenticator(ClientAuthenticatorInterface):

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authenticate/noop_client_authenticator.py

@@ -8 +8 @@
 __revision__ = "$Id$"
 
-from ndgoauthserver.lib.authenticate.client_authenticator_interface import ClientAuthenticatorInterface
+from ndg.oauth.server.lib.authenticate.client_authenticator_interface import ClientAuthenticatorInterface
 
 class NoopClientAuthenticator(ClientAuthenticatorInterface):

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authenticate/test_authenticator.py

@@ -8 +8 @@
 __revision__ = "$Id$"
 
-from ndgoauthserver.lib.authenticate.authenticator_interface import AuthenticatorInterface
+from ndg.oauth.server.lib.authenticate.authenticator_interface import AuthenticatorInterface
 
 class TestAuthenticator(AuthenticatorInterface):

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py

@@ -13 +13 @@
 import urllib
 
-from ndgoauthserver.lib.access_token.make_access_token import make_access_token
-from ndgoauthserver.lib.oauth.access_token import AccessTokenRequest
-from ndgoauthserver.lib.oauth.authorize import AuthorizeRequest, AuthorizeResponse
-from ndgoauthserver.lib.oauth.oauth_exception import OauthException
-from ndgoauthserver.lib.register.access_token import AccessTokenRegister
-from ndgoauthserver.lib.register.client import ClientRegister
-from ndgoauthserver.lib.register.authorization_grant import AuthorizationGrantRegister
+from ndg.oauth.server.lib.access_token.make_access_token import make_access_token
+from ndg.oauth.server.lib.oauth.access_token import AccessTokenRequest
+from ndg.oauth.server.lib.oauth.authorize import AuthorizeRequest, AuthorizeResponse
+from ndg.oauth.server.lib.oauth.oauth_exception import OauthException
+from ndg.oauth.server.lib.register.access_token import AccessTokenRegister
+from ndg.oauth.server.lib.register.client import ClientRegister
+from ndg.oauth.server.lib.register.authorization_grant import AuthorizationGrantRegister
 
 log = logging.getLogger(__name__)
@@ -33 +33 @@
         self.client_authenticator = client_authenticator
         self.access_token_generator = access_token_generator
-        # TODO Need configuration
         self.access_token_register = AccessTokenRegister(config)
         self.authorization_grant_register = AuthorizationGrantRegister(config)
@@ -39 +38 @@
     def authorize(self, request, client_authorized):
         """Handle an authorization request.
+
+        It is assumed that the caller has checked whether the user is
+        authenticated and that the user has authorised the client and scope.
 
         Request query parameters (from http://tools.ietf.org/html/draft-ietf-oauth-v2-22):
@@ -128 +130 @@
                 return (None, httplib.BAD_REQUEST, 'An authorization request has been made without a return URI.')
 
-
-            # TODO Check this:
-            # Assume other preconditions enforced elsewhere:
-            # o User authenticated.
-            # o User authorises the client and scope.
+            # Preconditions satisfied - generate grant.
             (grant, code) = self.authorizer.generate_authorization_grant(auth_request, request)
             auth_response = AuthorizeResponse(code, auth_request.state)
@@ -150 +148 @@
         completed.
 
-        @type resp: ndgoauthserver.lib.oauth.authorize.AuthorizeRequest
+        @type resp: ndg.oauth.server.lib.oauth.authorize.AuthorizeRequest
         @param resp: OAuth authorize request
         
-        @type resp: ndgoauthserver.lib.oauth.authorize.AuthorizeResponse
+        @type resp: ndg.oauth.server.lib.oauth.authorize.AuthorizeResponse
         @param resp: OAuth authorize response
 
@@ -299 +297 @@
     def _access_token_response(self, resp):
         """Constructs the JSON response to an access token request.
-        @type resp: ndgoauthserver.lib.oauth.access_token.AccessTokenResponse
+        @type resp: ndg.oauth.server.lib.oauth.access_token.AccessTokenResponse
         @param resp: OAuth access token response
 
@@ -334 +332 @@
         o Optionally, must use the POST method.
         o Parameters must not be repeated.
-        If the request is directly from the client:
-        o TODO Must be authenticated.
+        If the request is directly from the client, the user must be
+        authenticated - it is assumed that the caller has checked this.
 
         Raises OauthException if any check fails.

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorize/authorizer.py

@@ -11 +11 @@
 import uuid
 
-from ndgoauthserver.lib.authorize.authorizer_interface import AuthorizerInterface
-from ndgoauthserver.lib.register.authorization_grant import AuthorizationGrant
+from ndg.oauth.server.lib.authorize.authorizer_interface import AuthorizerInterface
+from ndg.oauth.server.lib.register.authorization_grant import AuthorizationGrant
 
 log = logging.getLogger(__name__)
@@ -26 +26 @@
     def generate_authorization_grant(self, auth_request, request):
         """Generates an authorization grant.
-        @type auth_request: ndgoauthserver.lib.oauth.authorize.AuthorizeRequest
+        @type auth_request: ndg.oauth.server.lib.oauth.authorize.AuthorizeRequest
         @param auth_request: authorization request
 
@@ -33 +33 @@
 
         @rtype: tuple (
-            ndgoauthserver.lib.register.authorization_grant.AuthorizationGrant
+            ndg.oauth.server.lib.register.authorization_grant.AuthorizationGrant
             str
         )

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorize/authorizer_storing_identifier.py

@@ -11 +11 @@
 import uuid
 
-from ndgoauthserver.lib.authorize.authorizer_interface import AuthorizerInterface
-from ndgoauthserver.lib.oauth.oauth_exception import OauthException
-from ndgoauthserver.lib.register.authorization_grant import AuthorizationGrant
+from ndg.oauth.server.lib.authorize.authorizer_interface import AuthorizerInterface
+from ndg.oauth.server.lib.oauth.oauth_exception import OauthException
+from ndg.oauth.server.lib.register.authorization_grant import AuthorizationGrant
 
 log = logging.getLogger(__name__)
@@ -39 +39 @@
     def generate_authorization_grant(self, auth_request, request):
         """Generates an authorization grant.
-        @type auth_request: ndgoauthserver.lib.oauth.authorize.AuthorizeRequest
+        @type auth_request: ndg.oauth.server.lib.oauth.authorize.AuthorizeRequest
         @param auth_request: authorization request
 
@@ -46 +46 @@
 
         @rtype: tuple (
-            ndgoauthserver.lib.register.authorization_grant.AuthorizationGrant
+            ndg.oauth.server.lib.register.authorization_grant.AuthorizationGrant
             str
         )

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/access_token.py

@@ -11 +11 @@
 import logging
 
-from ndgoauthserver.lib.register.register_base import RegisterBase
+from ndg.oauth.server.lib.register.register_base import RegisterBase
 
 log = logging.getLogger(__name__)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/register/authorization_grant.py

@@ -11 +11 @@
 import logging
 
-from ndgoauthserver.lib.register.register_base import RegisterBase
+from ndg.oauth.server.lib.register.register_base import RegisterBase
 
 log = logging.getLogger(__name__)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/wsgi/authorization_filter.py

@@ -14 +14 @@
 from webob import Request
 
-from ndgoauthserver.lib.register.client import ClientRegister
-from ndgoauthserver.lib.register.client_authorization import ClientAuthorization, ClientAuthorizationRegister
+from ndg.oauth.server.lib.register.client import ClientRegister
+from ndg.oauth.server.lib.register.client_authorization import (
+                            ClientAuthorization, ClientAuthorizationRegister)
+from ndg.oauth.server.lib.render.factory import callModuleObject
+from ndg.oauth.server.lib.render.renderer_interface import RendererInterface
 
 log = logging.getLogger(__name__)
@@ -34 +37 @@
     CLIENT_AUTHORIZATIONS_KEY_OPTION = 'client_authorizations_key'
     CLIENT_REGISTER_OPTION = 'client_register'
+    RENDERER_CLASS_OPTION = 'renderer_class'
     SESSION_KEY_OPTION = 'session_key_name'
     USER_IDENTIFIER_KEY_OPTION = 'user_identifier_key'
@@ -43 +47 @@
     propertyDefaults = {
         BASE_URL_PATH_OPTION: 'client_authorization',
+        RENDERER_CLASS_OPTION: 'ndg.oauth.server.lib.render.genshi_renderer.GenshiRenderer',
         SESSION_KEY_OPTION: 'beaker.session.oauth2authorization',
         CLIENT_AUTHORIZATIONS_KEY_OPTION: 'client_authorizations',
@@ -71 +76 @@
         self._set_configuration(prefix, local_conf)
         self.client_register = ClientRegister(self.client_register_file)
+        self.renderer = callModuleObject(self.renderer_class,
+                                         objectName=None, moduleFilePath=None, 
+                                         objectType=RendererInterface,
+                                         objectArgs=None, objectProperties=None)
 
     def __call__(self, environ, start_response):
@@ -129 +138 @@
         if client_authorizations:
             log.debug("_set_client_authorizations_in_environ %s", client_authorizations.__repr__())
-            # TODO Should this be a deep copy so that the session copy cannot
-            # be modified by other filters?
             environ[self.client_authorizations_env_key] = client_authorizations
         else:
@@ -198 +205 @@
         """
         client = self.client_register.register.get(client_id)
-        tmpl_file = open(self.client_authorization_form)
-        tmpl = MarkupTemplate(tmpl_file)
-        tmpl_file.close()
+#        tmpl_file = open(self.client_authorization_form)
+#        tmpl = MarkupTemplate(tmpl_file)
+#        tmpl_file.close()
         submit_url = req.application_url + self.base_path + '/client_auth'
         c = {'client_name': client.name,
@@ -206 +213 @@
              'scope': scope,
              'submit_url': submit_url}
-        response = tmpl.generate(c=c).render('html')
+#        response = tmpl.generate(c=c).render('html')
+        response = self.renderer.render(self.client_authorization_form, c)
         start_response(self._get_http_status_string(httplib.OK),
            [('Content-type', 'text/html'),
@@ -273 +281 @@
         self.base_path = cls._get_config_option(prefix, local_conf, cls.BASE_URL_PATH_OPTION)
         self.client_register_file = cls._get_config_option(prefix, local_conf, cls.CLIENT_REGISTER_OPTION)
+        self.renderer_class = cls._get_config_option(prefix, local_conf, cls.RENDERER_CLASS_OPTION)
         self.session_env_key = cls._get_config_option(prefix, local_conf, cls.SESSION_KEY_OPTION)
         self.client_authorization_form = cls._get_config_option(prefix, local_conf, cls.CLIENT_AUTHORIZATION_FORM_OPTION)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/wsgi/oauth2_server.py

@@ -15 +15 @@
 from webob import Request
 
-from ndgoauthserver.lib.access_token.bearer_token_generator import BearerTokenGenerator
-from ndgoauthserver.lib.access_token.myproxy_cert_token_generator import MyProxyCertTokenGenerator
-from ndgoauthserver.lib.authenticate.certificate_client_authenticator import CertificateClientAuthenticator
-from ndgoauthserver.lib.authenticate.noop_client_authenticator import NoopClientAuthenticator
-from ndgoauthserver.lib.authorization_server import AuthorizationServer
-from ndgoauthserver.lib.authorize.authorizer import Authorizer
-from ndgoauthserver.lib.authorize.authorizer_storing_identifier import AuthorizerStoringIdentifier
+from ndg.oauth.server.lib.access_token.bearer_token_generator import BearerTokenGenerator
+from ndg.oauth.server.lib.access_token.myproxy_cert_token_generator import MyProxyCertTokenGenerator
+from ndg.oauth.server.lib.authenticate.certificate_client_authenticator import CertificateClientAuthenticator
+from ndg.oauth.server.lib.authenticate.noop_client_authenticator import NoopClientAuthenticator
+from ndg.oauth.server.lib.authorization_server import AuthorizationServer
+from ndg.oauth.server.lib.authorize.authorizer import Authorizer
+from ndg.oauth.server.lib.authorize.authorizer_storing_identifier import AuthorizerStoringIdentifier
 
 log = logging.getLogger(__name__)
@@ -34 +34 @@
     o MyProxyClientMiddleware
     o Middleware to set user's decisions for authorization of OAuth clients in
-      the environ, e.g., ndgoauthserver.wsgi.authorization_filter.
+      the environ, e.g., ndg.oauth.server.wsgi.authorization_filter.
     """
     PARAM_PREFIX = 'oauth2server.'

trunk/ndg_oauth/ndg_oauth_server/setup.cfg

@@ -2 +2 @@
 #tag_build = dev
 tag_svn_revision = true
-
-[easy_install]
-find_links = http://www.pylonshq.com/download/
-
-[nosetests]
-with-pylons = test.ini
-
-# Babel configuration
-[compile_catalog]
-domain = ndgoauthserver
-directory = ndgoauthserver/i18n
-statistics = true
-
-[extract_messages]
-add_comments = TRANSLATORS:
-output_file = ndgoauthserver/i18n/ndgoauthserver.pot
-width = 80
-
-[init_catalog]
-domain = ndgoauthserver
-input_file = ndgoauthserver/i18n/ndgoauthserver.pot
-output_dir = ndgoauthserver/i18n
-
-[update_catalog]
-domain = ndgoauthserver
-input_file = ndgoauthserver/i18n/ndgoauthserver.pot
-output_dir = ndgoauthserver/i18n
-previous = true

trunk/ndg_oauth/ndg_oauth_server/setup.py

@@ +1 @@
+__author__ = "R B Wilkinson"
+__date__ = "29/02/12"
+__copyright__ = "(C) 2012 Science and Technology Facilities Council"
+__license__ = "BSD - see LICENSE file in top-level directory"
+__contact__ = "Philip.Kershaw@stfc.ac.uk"
+__revision__ = "$Id$"
+
 try:
     from setuptools import setup, find_packages
@@ -6 +13 @@
     from setuptools import setup, find_packages
 
+_long_description = """\
+This is an OAuth 2.0 server library and WSGI middleware filter.
+
+Prerequisites
+=============
+This has been developed and tested for Python 2.6.
+
+Installation
+============
+Installation can be performed using easy_install or pip.  
+
+Configuration
+=============
+An example of configuration is provided in the file development.ini. This
+configures the components needed to authenticate users, obtain user
+authorisation for an OAuth client and obtain a certificate to use as an access
+token using MyProxyClient.
+"""
+
 setup(
-    name='ndgoauthserver',
-    version='0.1.1',
-    description='OAuth 2.0 server providing MyProxy certificates as access tokens',
-    author='R. B. Wilkinson',
-    #author_email='',
-    #url='',
-    install_requires=[
-        "Pylons>=1.0",
-        "Genshi>=0.4",
+    name =                      'ndg_oauth_server',
+    version =                   '0.2.0',
+    description =               'OAuth 2.0 server providing MyProxy certificates as access tokens',
+    long_description =          _long_description,
+    author =                    'R. B. Wilkinson',
+    maintainer =                'Philip Kershaw',
+    maintainer_email =          'Philip.Kershaw@stfc.ac.uk',
+    #url ='',
+    license =                   'BSD - See LICENCE file for details',
+    install_requires =[
+        "PasteScript",
+        "Beaker",
+        "WebOb",
+        "repoze.who",
+        "MyProxyWebService",
+        "Genshi",
     ],
-    setup_requires=["PasteScript>=1.6.3"],
-    packages=find_packages(exclude=['ez_setup']),
-    include_package_data=True,
-    test_suite='nose.collector',
-    package_data={'ndgoauthserver': ['i18n/*/LC_MESSAGES/*.mo']},
-    #message_extractors={'ndgoauthserver': [
-    #        ('**.py', 'python', None),
-    #        ('public/**', 'ignore', None)]},
-    zip_safe=False,
-    paster_plugins=['PasteScript', 'Pylons'],
-    entry_points="""
-    [paste.app_factory]
-    main = ndgoauthserver.config.middleware:make_app
-
-    [paste.app_install]
-    main = pylons.util:PylonsInstaller
-    """,
+    packages =find_packages(),
+    zip_safe =False,
 )