api.rolesForGroup("swakef", "production")) context.Logger().message( " metson has Data Manager role for following sites: %s" % api.sitesForRole("metson", "Data Manager")) context.Logger().message( " metson has the following roles for site 'RAL': %s" % api.rolesForSite("metson", "RAL")) context.Logger().message(" metson has the following roles for site 1: %s" % api.rolesForSite("metson", "1")) context.Logger().message("Test encryption stuff:") context.Logger().message(" Crypt key: %s" % api.getCryptoKey(1)) context.Logger().message("Admin password is: " + crypt.crypt("admin", "fo")) context.Logger().message("Password for metson is: %s" % api.getPasswordFromUsername("metson")) key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ", "") context.Logger().message(" New key : %s" % key) new_id = api.addCryptoKey(key) context.Logger().message(" ID of new key: %s" % new_id) context.Logger().message(" Check new crypt key: %s" % api.getCryptoKey(new_id)) context.Logger().message(" timestamp: %s" % api.getCryptoKey(new_id)['timestamp']) context.Logger().message(" key: %s" % api.getCryptoKey(new_id)['key']) #Encrypt and decrypt a string context.Logger().message("-----------------------------------") context.Logger().message("add an encrypt/decrypt test here!!!")
class SecurityModule (Controller): def __init__ (self, context): self.context = context Controller.__init__ (self, context, __file__) self.security_api = SecurityDBApi (context) self.context.addService (self.security_api) self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER")) def readyToRun (self): pass @templatepage def login (self, requestedPage="../Studio/login", **args):#FIXME: Get the real requested page # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in args.keys(): requestedPage+="&%s=%s"%(key,args[key]) # raise cherrypy.HTTPRedirect ("/base/SecurityModule/loginReal?requestedPage=%s" % requestedPage) # raise cherrypy.HTTPRedirect (self.context.CmdLineArgs ().opts.baseUrl + "/SecurityModule/loginReal?requestedPage=%s" % requestedPage) return {'requestedPage': requestedPage} @expose def loginReal (self, requestedPage, **args):#FIXME: Get the real requested page # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in args.keys(): requestedPage+="&%s=%s"%(key,args[key]) return self.templatePage ("login", {'requestedPage': requestedPage}) @templatepage @require_args ("user", "password", "requestedPage", onFail=RedirectorToLogin) def authenticate (self, user, password, requestedPage="../Studio/login"): #FIXME: Get the real requested page #TODO: adapt to the new schema. self.context.Logger().message("Trying to authenticate %s" % user) passwdEntry = self.security_api.getPasswordFromUsername (user) if not passwdEntry.has_key (0): return {'redirect': requestedPage} encryptedPassword = passwdEntry[0]['passwd'] #if request.headers['Ssl-Client-S-Dn'] != '(null)': #context.Logger().message("Authenticated by certificate") #context.Logger().message(request.headers['Ssl-Client-S-Dn']) #user = self.security_api.getUsernameFromDN(request.headers['Ssl-Client-S-Dn'])[0]['username'] if encryptedPassword == crypt.crypt (password, encryptedPassword): self.context.Logger().message("Valid password for user %s" % user) cherrypy.response.cookie['dn'] = encryptCookie (user, self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return {'redirect': requestedPage} return {'redirect': requestedPage} @templatepage def logout (self, redirect="../SecurityModule/login", *args, **kw): # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in kw.keys(): redirect+="&%s=%s"%(key,kw[key]) cherrypy.response.cookie['dn'] = encryptCookie ("guest", self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return {'redirect': redirect} @exposeSerialized (serializer = PythonDictSerializer ('user')) def userInfo (self, *args, **kw): #TODO: add a query to get the DN from the id. token = SecurityToken () return {"dn": token.dn} @expose @is_authorized (Role ("Global Admin"), Group ("global"), onFail=RedirectorToLogin ("../SecurityModule/login")) def becomeUser (self, username, requestedPage, **args): cherrypy.response.cookie['dn'] = encryptCookie (username, self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return self.templatePage ("authenticate", {'redirect': requestedPage}) @expose @is_authenticated (onFail=NotAuthenticated) def checkIfAuthenticated (self): return "This page can be seen only if you are authenticated." @expose @is_authorized (Role ("Global Admin"), Group ("global"), onFail=NotAuthenticated) def checkIfAuthorized (self): return "This page can be seen only if you are authorized." @expose def getMasthead(self): pass
context.Logger().message("hasResponsibility:") context.Logger().message(" swakef as a Data Manager: %s" % api.hasRole ("swakef", "Data Manager")) context.Logger().message(" metson as a Data Manager: %s" % api.hasRole ("metson", "Data Manager")) context.Logger().message("xForN") context.Logger().message(" swakef has Prod. Op. role for following groups: %s" % api.groupsForRole("swakef", "Production Operator")) context.Logger().message(" swakef has the following roles for group 'production': %s" % api.rolesForGroup("swakef", "production")) context.Logger().message(" metson has Data Manager role for following sites: %s" % api.sitesForRole("metson", "Data Manager")) context.Logger().message(" metson has the following roles for site 'RAL': %s" % api.rolesForSite("metson", "RAL")) context.Logger().message(" metson has the following roles for site 1: %s" % api.rolesForSite("metson", "1")) context.Logger().message("Test encryption stuff:") context.Logger().message(" Crypt key: %s" % api.getCryptoKey(1)) context.Logger().message("Admin password is: " + crypt.crypt ("admin", "fo")) context.Logger().message("Password for metson is: %s" % api.getPasswordFromUsername ("metson")) key = "MyFakeKey" + str(datetime.datetime.now()).replace(" ","") context.Logger().message(" New key : %s" % key) new_id = api.addCryptoKey(key) context.Logger().message(" ID of new key: %s" % new_id) context.Logger().message(" Check new crypt key: %s" % api.getCryptoKey(new_id)) context.Logger().message(" timestamp: %s" % api.getCryptoKey(new_id)['timestamp']) context.Logger().message(" key: %s" % api.getCryptoKey(new_id)['key']) #Encrypt and decrypt a string context.Logger().message("-----------------------------------") context.Logger().message("add an encrypt/decrypt test here!!!") #context.Logger().message("Test getAllUsers") #print api.getAllUserIds()