Example #1
0
    api.rolesForGroup("swakef", "production"))
context.Logger().message(
    "    metson has Data Manager role for following sites: %s" %
    api.sitesForRole("metson", "Data Manager"))
context.Logger().message(
    "    metson has the following roles for site 'RAL': %s" %
    api.rolesForSite("metson", "RAL"))
context.Logger().message("    metson has the following roles for site 1: %s" %
                         api.rolesForSite("metson", "1"))
context.Logger().message("Test encryption stuff:")
context.Logger().message("    Crypt key: %s" % api.getCryptoKey(1))

context.Logger().message("Admin password is: " + crypt.crypt("admin", "fo"))

context.Logger().message("Password for metson is: %s" %
                         api.getPasswordFromUsername("metson"))

key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ", "")
context.Logger().message("    New key : %s" % key)
new_id = api.addCryptoKey(key)
context.Logger().message("    ID of new key: %s" % new_id)
context.Logger().message("    Check new crypt key: %s" %
                         api.getCryptoKey(new_id))
context.Logger().message("         timestamp: %s" %
                         api.getCryptoKey(new_id)['timestamp'])
context.Logger().message("               key: %s" %
                         api.getCryptoKey(new_id)['key'])
#Encrypt and decrypt a string
context.Logger().message("-----------------------------------")
context.Logger().message("add an encrypt/decrypt test here!!!")
Example #2
0
class SecurityModule (Controller):
    def __init__ (self, context):
        self.context = context
        Controller.__init__ (self, context, __file__)
        self.security_api = SecurityDBApi (context)
        self.context.addService (self.security_api)
        self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER"))
        
    def readyToRun (self):
        pass
 
    @templatepage
    def login (self, requestedPage="../Studio/login", **args):#FIXME: Get the real requested page
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in args.keys():
            requestedPage+="&%s=%s"%(key,args[key])
#        raise cherrypy.HTTPRedirect ("/base/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
#        raise cherrypy.HTTPRedirect (self.context.CmdLineArgs ().opts.baseUrl + "/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
        return {'requestedPage': requestedPage}

    @expose
    def loginReal (self, requestedPage, **args):#FIXME: Get the real requested page
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in args.keys():
            requestedPage+="&%s=%s"%(key,args[key])
        return self.templatePage ("login", {'requestedPage': requestedPage})
    
    @templatepage
    @require_args ("user", "password", "requestedPage", onFail=RedirectorToLogin)
    def authenticate (self, user, password, requestedPage="../Studio/login"): #FIXME: Get the real requested page
        #TODO: adapt to the new schema.
        self.context.Logger().message("Trying to authenticate %s" % user)
        passwdEntry = self.security_api.getPasswordFromUsername (user)
        if not passwdEntry.has_key (0):
            return {'redirect': requestedPage}
        encryptedPassword = passwdEntry[0]['passwd'] 
        #if request.headers['Ssl-Client-S-Dn'] != '(null)':
            #context.Logger().message("Authenticated by certificate")
            #context.Logger().message(request.headers['Ssl-Client-S-Dn'])
            #user = self.security_api.getUsernameFromDN(request.headers['Ssl-Client-S-Dn'])[0]['username']   
        if encryptedPassword == crypt.crypt (password, encryptedPassword):
            self.context.Logger().message("Valid password for user %s" % user)
            cherrypy.response.cookie['dn'] = encryptCookie (user, self.security_api)
            cherrypy.response.cookie['dn']['path'] = '/'
            cherrypy.response.cookie['dn']['max-age'] = 3600*24
            cherrypy.response.cookie['dn']['version'] = 1
            datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
            cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
            cherrypy.response.cookie['authentication_time']["path"] = '/'
            cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
            cherrypy.response.cookie['dn']['version'] = 1
            cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
            cherrypy.response.cookie['originator_hash']['path'] = '/'
            cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
            cherrypy.response.cookie['originator_hash']['version'] = 1
            return {'redirect': requestedPage}
        return {'redirect': requestedPage}
    
    @templatepage
    def logout (self, redirect="../SecurityModule/login", *args, **kw):
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in kw.keys():
            redirect+="&%s=%s"%(key,kw[key])
        cherrypy.response.cookie['dn'] = encryptCookie ("guest", self.security_api)
        cherrypy.response.cookie['dn']['path'] = '/'
        cherrypy.response.cookie['dn']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
        cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
        cherrypy.response.cookie['authentication_time']["path"] = '/'
        cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
        cherrypy.response.cookie['originator_hash']['path'] = '/'
        cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
        cherrypy.response.cookie['originator_hash']['version'] = 1
        return {'redirect': redirect}
    
    @exposeSerialized (serializer = PythonDictSerializer ('user'))
    def userInfo (self, *args, **kw):
        #TODO: add a query to get the DN from the id.
        token = SecurityToken ()
        return {"dn": token.dn}
    
    @expose
    @is_authorized (Role ("Global Admin"), Group ("global"), onFail=RedirectorToLogin ("../SecurityModule/login"))
    def becomeUser (self, username, requestedPage, **args):
        cherrypy.response.cookie['dn'] = encryptCookie (username, self.security_api)
        cherrypy.response.cookie['dn']['path'] = '/'
        cherrypy.response.cookie['dn']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
        cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
        cherrypy.response.cookie['authentication_time']["path"] = '/'
        cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
        cherrypy.response.cookie['originator_hash']['path'] = '/'
        cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
        cherrypy.response.cookie['originator_hash']['version'] = 1
        return self.templatePage ("authenticate", {'redirect': requestedPage})
    
    @expose
    @is_authenticated (onFail=NotAuthenticated)
    def checkIfAuthenticated (self):
        return "This page can be seen only if you are authenticated."
    
    @expose
    @is_authorized (Role ("Global Admin"), Group ("global"), onFail=NotAuthenticated)
    def checkIfAuthorized (self):
        return "This page can be seen only if you are authorized."

    @expose
    def getMasthead(self):
        pass
context.Logger().message("hasResponsibility:")
context.Logger().message("    swakef as a Data Manager: %s" % api.hasRole ("swakef", "Data Manager"))
context.Logger().message("    metson as a Data Manager: %s" % api.hasRole ("metson", "Data Manager"))

context.Logger().message("xForN")
context.Logger().message("    swakef has Prod. Op. role for following groups: %s" % api.groupsForRole("swakef", "Production Operator"))
context.Logger().message("    swakef has the following roles for group 'production': %s" % api.rolesForGroup("swakef", "production"))
context.Logger().message("    metson has Data Manager role for following sites: %s" % api.sitesForRole("metson", "Data Manager"))
context.Logger().message("    metson has the following roles for site 'RAL': %s" % api.rolesForSite("metson", "RAL"))
context.Logger().message("    metson has the following roles for site 1: %s" % api.rolesForSite("metson", "1"))
context.Logger().message("Test encryption stuff:")
context.Logger().message("    Crypt key: %s" % api.getCryptoKey(1))

context.Logger().message("Admin password is: " + crypt.crypt ("admin", "fo"))
 
context.Logger().message("Password for metson is: %s" % api.getPasswordFromUsername ("metson"))
 
 
key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ","")
context.Logger().message("    New key : %s" % key)
new_id = api.addCryptoKey(key)
context.Logger().message("    ID of new key: %s" % new_id)
context.Logger().message("    Check new crypt key: %s" % api.getCryptoKey(new_id))
context.Logger().message("         timestamp: %s" % api.getCryptoKey(new_id)['timestamp'])
context.Logger().message("               key: %s" % api.getCryptoKey(new_id)['key'])
#Encrypt and decrypt a string
context.Logger().message("-----------------------------------")
context.Logger().message("add an encrypt/decrypt test here!!!")

#context.Logger().message("Test getAllUsers")
#print api.getAllUserIds()