def __init__(self, *pargs):
super(IdpProvider, self).__init__('openid', 'OpenID', 'openid', *pargs)
self.mapping = InfoMapping()
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String('database url',
'Database URL for OpenID temp storage',
'openid.sqlite'),
pconfig.String(
'default email domain',
'Used for users missing the email property.' +
' (Leave empty to disable)', ''),
pconfig.String('endpoint url',
'The Absolute URL of the OpenID provider',
'http://localhost:8080/openid/'),
pconfig.Template(
'identity url template',
'The templated URL where identities are exposed.',
'http://localhost:8080/openid/id/%(username)s'),
pconfig.List('trusted roots', 'List of trusted relying parties.'),
pconfig.List('untrusted roots',
'List of untrusted relying parties.'),
pconfig.Choice('enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
def __init__(self, *pargs):
super(IdpProvider, self).__init__('openid', 'openid', *pargs)
self.mapping = InfoMapping()
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String(
'database url',
'Database URL for OpenID temp storage',
'openid.sqlite'),
pconfig.String(
'default email domain',
'Used for users missing the email property.' +
' (Leave empty to disable)',
''),
pconfig.String(
'endpoint url',
'The Absolute URL of the OpenID provider',
'http://localhost:8080/idp/openid/'),
pconfig.Template(
'identity url template',
'The templated URL where identities are exposed.',
'http://localhost:8080/idp/openid/id/%(username)s'),
pconfig.List(
'trusted roots',
'List of trusted relying parties.'),
pconfig.List(
'untrusted roots',
'List of untrusted relying parties.'),
pconfig.Choice(
'enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
class IdpProvider(ProviderBase):
def __init__(self, *pargs):
super(IdpProvider, self).__init__('openid', 'openid', *pargs)
self.mapping = InfoMapping()
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String(
'database url',
'Database URL for OpenID temp storage',
'openid.sqlite'),
pconfig.String(
'default email domain',
'Used for users missing the email property.' +
' (Leave empty to disable)',
''),
pconfig.String(
'endpoint url',
'The Absolute URL of the OpenID provider',
'http://localhost:8080/idp/openid/'),
pconfig.Template(
'identity url template',
'The templated URL where identities are exposed.',
'http://localhost:8080/idp/openid/id/%(username)s'),
pconfig.List(
'trusted roots',
'List of trusted relying parties.'),
pconfig.List(
'untrusted roots',
'List of untrusted relying parties.'),
pconfig.Choice(
'enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
@property
def endpoint_url(self):
url = self.get_config_value('endpoint url')
if url.endswith('/'):
return url
else:
return url+'/'
@property
def default_email_domain(self):
return self.get_config_value('default email domain')
@property
def identity_url_template(self):
url = self.get_config_value('identity url template')
if url.endswith('/'):
return url
else:
return url+'/'
@property
def trusted_roots(self):
return self.get_config_value('trusted roots')
@property
def untrusted_roots(self):
return self.get_config_value('untrusted roots')
@property
def enabled_extensions(self):
return self.get_config_value('enabled extensions')
@property
def default_attribute_mapping(self):
return self.get_config_value('default attribute mapping')
@property
def default_allowed_attributes(self):
return self.get_config_value('default allowed attributes')
def get_tree(self, site):
self.page = OpenID(site, self)
# self.admin = AdminPage(site, self)
return self.page
def used_datastores(self):
return [self.datastore]
def init_idp(self):
self.datastore = OpenIDStore(self.get_config_value('database url'))
self.server = Server(
self.datastore,
op_endpoint=self.endpoint_url)
# Expose OpenID presence in the root
headers = self._root.default_headers
headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
html_heads = self._root.html_heads
HEAD_LINK = '<link rel="%s" href="%s">'
openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
HEAD_LINK % ('openid.server', self.endpoint_url)]
html_heads['openid'] = openid_heads
def on_enable(self):
super(IdpProvider, self).on_enable()
self.init_idp()
self.extensions.enable(self._config['enabled extensions'].get_value())
class IdpProvider(ProviderBase):
def __init__(self, *pargs):
super(IdpProvider, self).__init__('openid', 'OpenID', 'openid', *pargs)
self.mapping = InfoMapping()
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String('database url',
'Database URL for OpenID temp storage',
'openid.sqlite'),
pconfig.String(
'default email domain',
'Used for users missing the email property.' +
' (Leave empty to disable)', ''),
pconfig.String('endpoint url',
'The Absolute URL of the OpenID provider',
'http://localhost:8080/openid/'),
pconfig.Template(
'identity url template',
'The templated URL where identities are exposed.',
'http://localhost:8080/openid/id/%(username)s'),
pconfig.List('trusted roots', 'List of trusted relying parties.'),
pconfig.List('untrusted roots',
'List of untrusted relying parties.'),
pconfig.Choice('enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
@property
def endpoint_url(self):
url = self.get_config_value('endpoint url')
if url.endswith('/'):
return url
else:
return url + '/'
@property
def default_email_domain(self):
return self.get_config_value('default email domain')
@property
def identity_url_template(self):
url = self.get_config_value('identity url template')
if url.endswith('/'):
return url
else:
return url + '/'
@property
def trusted_roots(self):
return self.get_config_value('trusted roots')
@property
def untrusted_roots(self):
return self.get_config_value('untrusted roots')
@property
def enabled_extensions(self):
return self.get_config_value('enabled extensions')
@property
def default_attribute_mapping(self):
return self.get_config_value('default attribute mapping')
@property
def default_allowed_attributes(self):
return self.get_config_value('default allowed attributes')
def get_tree(self, site):
self.page = OpenID(site, self)
# self.admin = AdminPage(site, self)
return self.page
def used_datastores(self):
return [self.datastore]
def init_idp(self):
self.datastore = OpenIDStore(self.get_config_value('database url'))
self.server = Server(self.datastore, op_endpoint=self.endpoint_url)
# Expose OpenID presence in the root
headers = self._root.default_headers
headers['X-XRDS-Location'] = self.endpoint_url + 'XRDS'
html_heads = self._root.html_heads
HEAD_LINK = '<link rel="%s" href="%s">'
openid_heads = [
HEAD_LINK % ('openid2.provider', self.endpoint_url),
HEAD_LINK % ('openid.server', self.endpoint_url)
]
html_heads['openid'] = openid_heads
def on_enable(self):
super(IdpProvider, self).on_enable()
self.init_idp()
self.extensions.enable(self._config['enabled extensions'].get_value())
def get_client_display_name(self, clientid):
# We store this base64-encoded to get around limitations in the url
# routing of cherrypy
return b64decode(clientid)
def consent_to_display(self, consentdata):
return consentdata['attributes']
