def decorator(function):
context = Context()
context.addService(Logger("SECURITY_MODULE"))
def wrapper(self, *__args, **__kw):
# Check if there is a user.
token = SecurityToken()
context.Logger().message("Checking authentication for user %s" %
(token.dn))
# NOTE: this part should be clarified once front-end/back-end
# certificate-based auth. rules will be in place
# so we we should just fail over to login/pw schema
### If user browser provide cert, extract this info and update token
userDN = ""
try:
import cherrypy, time
# print "###",cherrypy.request.headers
# userDN = cherrypy.request.headers['Ssl-Client-S-Dn']
# access = cherrypy.request.headers['Ssl-Client-Verify']
# if userDN!='(null)' and access=='SUCCESS':
userDN = cherrypy.request.headers['Cms-Client-S-Dn']
access = cherrypy.request.headers['Cms-Auth-Status']
if userDN != '(null)' and access == 'OK':
context.Logger().message("Found DN in user certificate")
# SiteDB usees token.dn as username rather then DN itself, so name is misleading
userName = self.securityApi.getUsernameFromDN(
userDN)[0]['username']
token.impl.dn = userName
# token.impl.dn = userDN
aTime = time.strftime("%Y-%m-%dT%H:%M:%S", time.gmtime())
token.impl.authenticationTime = aTime
except:
# traceback.print_exc()
# redirect to https://cmsweb.cern.ch/sitedb/people/showAllEntries
# return redirectionToSiteDB(userDN)
pass
if token.dn in (None, "guest"):
return onFail(self)
# Check that the session has not expired.
if not token.authenticationTime:
return onFail(self)
authenticationTime = datetime(
*strptime(token.authenticationTime, "%Y-%m-%dT%H:%M:%S")[0:6])
currentTime = datetime.now()
# TODO: this should come from the configuration file.
maxPeriod = timedelta(seconds=3600 * 24)
if authenticationTime + maxPeriod < currentTime:
context.Logger().message(
"Cookie has expired, authorisation failed.")
return onFail(self)
return function(self, *__args, **__kw)
return wrapper
def decorator (function):
context = Context ()
context.addService (Logger ("SECURITY_MODULE"))
def wrapper (self, *__args, **__kw):
# Check if there is a user.
token = SecurityToken ()
context.Logger().message("Checking authentication for user %s" % (token.dn) )
# NOTE: this part should be clarified once front-end/back-end
# certificate-based auth. rules will be in place
# so we we should just fail over to login/pw schema
### If user browser provide cert, extract this info and update token
userDN = ""
try:
import cherrypy,time
# print "###",cherrypy.request.headers
# userDN = cherrypy.request.headers['Ssl-Client-S-Dn']
# access = cherrypy.request.headers['Ssl-Client-Verify']
# if userDN!='(null)' and access=='SUCCESS':
userDN = cherrypy.request.headers['Cms-Client-S-Dn']
access = cherrypy.request.headers['Cms-Auth-Status']
if userDN!='(null)' and access=='OK':
context.Logger().message("Found DN in user certificate")
# SiteDB usees token.dn as username rather then DN itself, so name is misleading
userName = self.securityApi.getUsernameFromDN(userDN)[0]['username']
token.impl.dn = userName
# token.impl.dn = userDN
aTime = time.strftime("%Y-%m-%dT%H:%M:%S",time.gmtime())
token.impl.authenticationTime = aTime
except:
# traceback.print_exc()
# redirect to https://cmsweb.cern.ch/sitedb/people/showAllEntries
# return redirectionToSiteDB(userDN)
pass
if token.dn in (None, "guest"):
return onFail (self)
# Check that the session has not expired.
if not token.authenticationTime:
return onFail (self)
authenticationTime = datetime(*strptime(token.authenticationTime, "%Y-%m-%dT%H:%M:%S")[0:6])
currentTime = datetime.now ()
# TODO: this should come from the configuration file.
maxPeriod = timedelta (seconds=3600*24)
if authenticationTime + maxPeriod < currentTime:
context.Logger().message("Cookie has expired, authorisation failed.")
return onFail (self)
return function (self, *__args, **__kw)
return wrapper
from Framework import Context
from Framework.Logger import Logger
from Tools.SiteDBCore import SiteDBApi
context = Context ()
context.addService (Logger ("sitedbtest"))
api = SiteDBApi (context)
api.connect ()
print api.getTierList ()
from Framework import Context
class A:
def __init__(self, arg):
self.__arg = arg
def arg(self):
return self.__arg
mainContext = Context()
mainContext.addService(A(0))
context = {}
for i in range(1, 3):
context[i] = Context(mainContext)
context[i].addService(A(i))
for i in range(1, 3):
assert context[i].A().arg() != 0
assert context[i].A().arg() == i
def __init__ (self):
self.context = Context ()
self.context.addService (OptionParser ())
self.parser = self.context.OptionParser ()
self.__addOptions ()
class CmsWebApplication (object):
def __init__ (self):
self.context = Context ()
self.context.addService (OptionParser ())
self.parser = self.context.OptionParser ()
self.__addOptions ()
def __addOptions (self):
self.parser.add_option ("--profile",
help="start server in profiler mode",
default=False,
action="store_true",
dest="profile")
self.parser.add_option ("--pid-file",
help="File in which it is specified the pid of wanted instance",
default="pid.txt",
dest="pidFile",
metavar="FILE")
self.parser.add_option ("--force-kill",
help="Uses SIGKILL rather than SIGTERM",
default=False,
action="store_true",
dest="forceKill",
metavar="FILE")
def openFilename (option, opt_str, value, parser, *args, **kwargs):
try:
f=open (value, 'a')
except IOError:
print "WARNING: Unable to open log file %s. Using stderr." % value
f=sys.stderr
setattr (parser.values, option.dest, f)
self.parser.add_option ("--log-file",
help="FILE to which redirect log messages",
dest="logFile",
default=sys.stderr,
action="callback",
callback=openFilename,
metavar="FILENAME",
type="str",
nargs=1)
self.parser.add_option ("--log-level",
help="detail LEVEL for the main log",
dest="logLevel",
default=10,
metavar="LEVEL",
type="int")
def run (self):
if "--help" in sys.argv:
g_Logger.detailLevel = -100
validOptions = getValidOptions (sys.argv)
opts, args = self.parser.parse_args (args=validOptions)
g_Logger.stream = opts.logFile
if "--help" not in sys.argv:
g_Logger.detailLevel = opts.logLevel
if not len (args):
args = ["start"]
factory = CommandFactory (self.context, opts, args)
startCommand = factory.createByName (args[0])
if not startCommand:
"Command %s not known." % args[0]
sys.exit (1)
startCommand.run ()
startCommand.finish ()
from Framework import Context
class A:
def __init__(self, arg):
self.__arg = arg
def arg(self):
return self.__arg
mainContext = Context()
mainContext.addService(A(0))
context = {}
for i in range(1, 3):
context[i] = Context(mainContext)
context[i].addService(A(i))
for i in range(1, 3):
assert context[i].A().arg() != 0
assert context[i].A().arg() == i
from Framework import Context
from Framework.Logger import Logger
from Tools.SiteDBCore import SiteDBApi
context = Context()
context.addService(Logger("sitedbtest"))
api = SiteDBApi(context)
api.connect()
print api.getTierList()
from Framework import Context
from Framework.Logger import Logger
from Crypto.Cipher import Blowfish
from base64 import b64encode, b64decode
import crypt
import time, calendar, datetime
from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi
print "**** Security Module tests ****"
context = Context()
context.addService(Logger("securitymoduletest"))
api = SecurityDBApi(context)
context.Logger().message("Test roles:")
context.Logger().message(
" swakef as prod operator: %s" %
api.hasGroupResponsibility("swakef", "production", "Production Operator"))
context.Logger().message(
" metson as RAL DM: %s" %
api.hasSiteResponsibility("metson", "RAL", "Data Manager"))
context.Logger().message(
" metson as site 1 Site Admin: %s" %
api.hasSiteResponsibility("metson", "1", "Site Admin"))
context.Logger().message("hasGroup:")
context.Logger().message(" swakef as member of production group: %s" %
api.hasGroup("swakef", "production"))
context.Logger().message(" metson as member of production group: %s" %
def __init__(self, foo):
self.__foo = foo
def foo(self):
return self.__foo
class C(object):
def __init__(self, foo):
self.__foo = foo
def foo(self):
return self.__foo
c1 = Context()
c2 = Context(c1)
c1.addService(A("Service A on C1"))
c2.addService(A("Service A on C2"))
c1.addService(B("Service B on C1"))
c2.addService(C("Service C on C2"))
assert type(c1.A()) == type(A(""))
assert type(c2.A()) == type(A(""))
assert type(c1.B()) == type(B(""))
assert type(c2.B()) == type(B(""))
assert type(c2.C()) == type(C(""))
assert type(c1.A().foo()) == type(str())
assert c1.A().foo() == "Service A on C1"
assert c2.A().foo() == "Service A on C2"
from Framework import Context
class Component(object):
def foo(self):
return "A component"
c = Context()
c.addService(Component())
assert c.Component().foo() == "A component"
from Framework import Context
from Framework.Logger import Logger
from Crypto.Cipher import Blowfish
from base64 import b64encode, b64decode
import crypt
import time, calendar, datetime
from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi
print "**** Security Module tests ****"
context = Context ()
context.addService (Logger ("securitymoduletest"))
api = SecurityDBApi (context)
context.Logger().message("Test roles:")
context.Logger().message(" swakef as prod operator: %s" % api.hasGroupResponsibility ("swakef", "production", "Production Operator"))
context.Logger().message(" metson as RAL DM: %s" % api.hasSiteResponsibility ("metson", "RAL", "Data Manager"))
context.Logger().message(" metson as site 1 Site Admin: %s" % api.hasSiteResponsibility ("metson", "1", "Site Admin"))
context.Logger().message("hasGroup:")
context.Logger().message(" swakef as member of production group: %s" % api.hasGroup ("swakef", "production"))
context.Logger().message(" metson as member of production group: %s" % api.hasGroup ("metson", "production"))
context.Logger().message(" metson as member of global group: %s" % api.hasGroup ("metson", "global"))
context.Logger().message("hasSite:")
context.Logger().message(" swakef as associated to RAL: %s" % api.hasSite ("swakef", "RAL"))
context.Logger().message(" metson as associated to RAL: %s" % api.hasSite("metson", "RAL"))
context.Logger().message(" metson as associated to site 1: %s" % api.hasSite("metson", "1"))
context.Logger().message("hasResponsibility:")
from Framework import Context
class A(object):
"""docstring for A"""
def __init__(self, arg):
self.arg = arg
class B(object):
"""docstring for B"""
def __init__(self, arg):
self.arg = arg
c1=Context ()
c2=Context (c1)
c3=Context (c1)
c1.addService (A("Foo"))
assert c2.A ().arg == "Foo"
c2.addService (A("Bar"))
c2.addService (B("Bar"))
assert c1.A ().arg == "Foo"
assert c2.A ().arg == "Bar"
assert c3.A ().arg == "Foo"
c4=Context (c2)
assert c4.A ().arg == "Bar"
