api.rolesForGroup("swakef", "production"))
context.Logger().message(
" metson has Data Manager role for following sites: %s" %
api.sitesForRole("metson", "Data Manager"))
context.Logger().message(
" metson has the following roles for site 'RAL': %s" %
api.rolesForSite("metson", "RAL"))
context.Logger().message(" metson has the following roles for site 1: %s" %
api.rolesForSite("metson", "1"))
context.Logger().message("Test encryption stuff:")
context.Logger().message(" Crypt key: %s" % api.getCryptoKey(1))
context.Logger().message("Admin password is: " + crypt.crypt("admin", "fo"))
context.Logger().message("Password for metson is: %s" %
api.getPasswordFromUsername("metson"))
key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ", "")
context.Logger().message(" New key : %s" % key)
new_id = api.addCryptoKey(key)
context.Logger().message(" ID of new key: %s" % new_id)
context.Logger().message(" Check new crypt key: %s" %
api.getCryptoKey(new_id))
context.Logger().message(" timestamp: %s" %
api.getCryptoKey(new_id)['timestamp'])
context.Logger().message(" key: %s" %
api.getCryptoKey(new_id)['key'])
#Encrypt and decrypt a string
context.Logger().message("-----------------------------------")
context.Logger().message("add an encrypt/decrypt test here!!!")
class SecurityModule (Controller):
def __init__ (self, context):
self.context = context
Controller.__init__ (self, context, __file__)
self.security_api = SecurityDBApi (context)
self.context.addService (self.security_api)
self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER"))
def readyToRun (self):
pass
@templatepage
def login (self, requestedPage="../Studio/login", **args):#FIXME: Get the real requested page
# VK: requested page is truncated at first &, all parameters passed via args, put them back
for key in args.keys():
requestedPage+="&%s=%s"%(key,args[key])
# raise cherrypy.HTTPRedirect ("/base/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
# raise cherrypy.HTTPRedirect (self.context.CmdLineArgs ().opts.baseUrl + "/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
return {'requestedPage': requestedPage}
@expose
def loginReal (self, requestedPage, **args):#FIXME: Get the real requested page
# VK: requested page is truncated at first &, all parameters passed via args, put them back
for key in args.keys():
requestedPage+="&%s=%s"%(key,args[key])
return self.templatePage ("login", {'requestedPage': requestedPage})
@templatepage
@require_args ("user", "password", "requestedPage", onFail=RedirectorToLogin)
def authenticate (self, user, password, requestedPage="../Studio/login"): #FIXME: Get the real requested page
#TODO: adapt to the new schema.
self.context.Logger().message("Trying to authenticate %s" % user)
passwdEntry = self.security_api.getPasswordFromUsername (user)
if not passwdEntry.has_key (0):
return {'redirect': requestedPage}
encryptedPassword = passwdEntry[0]['passwd']
#if request.headers['Ssl-Client-S-Dn'] != '(null)':
#context.Logger().message("Authenticated by certificate")
#context.Logger().message(request.headers['Ssl-Client-S-Dn'])
#user = self.security_api.getUsernameFromDN(request.headers['Ssl-Client-S-Dn'])[0]['username']
if encryptedPassword == crypt.crypt (password, encryptedPassword):
self.context.Logger().message("Valid password for user %s" % user)
cherrypy.response.cookie['dn'] = encryptCookie (user, self.security_api)
cherrypy.response.cookie['dn']['path'] = '/'
cherrypy.response.cookie['dn']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
cherrypy.response.cookie['authentication_time']["path"] = '/'
cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
cherrypy.response.cookie['originator_hash']['path'] = '/'
cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
cherrypy.response.cookie['originator_hash']['version'] = 1
return {'redirect': requestedPage}
return {'redirect': requestedPage}
@templatepage
def logout (self, redirect="../SecurityModule/login", *args, **kw):
# VK: requested page is truncated at first &, all parameters passed via args, put them back
for key in kw.keys():
redirect+="&%s=%s"%(key,kw[key])
cherrypy.response.cookie['dn'] = encryptCookie ("guest", self.security_api)
cherrypy.response.cookie['dn']['path'] = '/'
cherrypy.response.cookie['dn']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
cherrypy.response.cookie['authentication_time']["path"] = '/'
cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
cherrypy.response.cookie['originator_hash']['path'] = '/'
cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
cherrypy.response.cookie['originator_hash']['version'] = 1
return {'redirect': redirect}
@exposeSerialized (serializer = PythonDictSerializer ('user'))
def userInfo (self, *args, **kw):
#TODO: add a query to get the DN from the id.
token = SecurityToken ()
return {"dn": token.dn}
@expose
@is_authorized (Role ("Global Admin"), Group ("global"), onFail=RedirectorToLogin ("../SecurityModule/login"))
def becomeUser (self, username, requestedPage, **args):
cherrypy.response.cookie['dn'] = encryptCookie (username, self.security_api)
cherrypy.response.cookie['dn']['path'] = '/'
cherrypy.response.cookie['dn']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
cherrypy.response.cookie['authentication_time']["path"] = '/'
cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
cherrypy.response.cookie['dn']['version'] = 1
cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
cherrypy.response.cookie['originator_hash']['path'] = '/'
cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
cherrypy.response.cookie['originator_hash']['version'] = 1
return self.templatePage ("authenticate", {'redirect': requestedPage})
@expose
@is_authenticated (onFail=NotAuthenticated)
def checkIfAuthenticated (self):
return "This page can be seen only if you are authenticated."
@expose
@is_authorized (Role ("Global Admin"), Group ("global"), onFail=NotAuthenticated)
def checkIfAuthorized (self):
return "This page can be seen only if you are authorized."
@expose
def getMasthead(self):
pass
context.Logger().message("hasResponsibility:")
context.Logger().message(" swakef as a Data Manager: %s" % api.hasRole ("swakef", "Data Manager"))
context.Logger().message(" metson as a Data Manager: %s" % api.hasRole ("metson", "Data Manager"))
context.Logger().message("xForN")
context.Logger().message(" swakef has Prod. Op. role for following groups: %s" % api.groupsForRole("swakef", "Production Operator"))
context.Logger().message(" swakef has the following roles for group 'production': %s" % api.rolesForGroup("swakef", "production"))
context.Logger().message(" metson has Data Manager role for following sites: %s" % api.sitesForRole("metson", "Data Manager"))
context.Logger().message(" metson has the following roles for site 'RAL': %s" % api.rolesForSite("metson", "RAL"))
context.Logger().message(" metson has the following roles for site 1: %s" % api.rolesForSite("metson", "1"))
context.Logger().message("Test encryption stuff:")
context.Logger().message(" Crypt key: %s" % api.getCryptoKey(1))
context.Logger().message("Admin password is: " + crypt.crypt ("admin", "fo"))
context.Logger().message("Password for metson is: %s" % api.getPasswordFromUsername ("metson"))
key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ","")
context.Logger().message(" New key : %s" % key)
new_id = api.addCryptoKey(key)
context.Logger().message(" ID of new key: %s" % new_id)
context.Logger().message(" Check new crypt key: %s" % api.getCryptoKey(new_id))
context.Logger().message(" timestamp: %s" % api.getCryptoKey(new_id)['timestamp'])
context.Logger().message(" key: %s" % api.getCryptoKey(new_id)['key'])
#Encrypt and decrypt a string
context.Logger().message("-----------------------------------")
context.Logger().message("add an encrypt/decrypt test here!!!")
#context.Logger().message("Test getAllUsers")
#print api.getAllUserIds()
