def create_login_page_box(referer='', ln=CFG_SITE_LANG):
# List of referer regexep and message to print
_ = gettext_set_language(ln)
login_referrer2msg = (
(re.compile(r"/search"), "<p>" + _("This collection is restricted. If you think you have right to access it, please authenticate yourself.") + "</p>"),
(re.compile(r"/%s/\d+/files/.+" % CFG_SITE_RECORD), "<p>" + _("This file is restricted. If you think you have right to access it, please authenticate yourself.") + "</p>"),
)
msg = ""
for regexp, txt in login_referrer2msg:
if regexp.search(referer):
msg = txt
break
internal = None
for system in CFG_EXTERNAL_AUTHENTICATION.keys():
if CFG_EXTERNAL_AUTHENTICATION[system] is None:
internal = system
break
register_available = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and internal
## Let's retrieve all the login method that are not dedicated to robots
methods = [method[0] for method in CFG_EXTERNAL_AUTHENTICATION.iteritems() if not method[1] or not method[1].robot_login_method_p()]
methods.sort()
return websession_templates.tmpl_login_form(
ln = ln,
referer = referer,
internal = internal,
register_available = register_available,
methods = methods,
selected_method = CFG_EXTERNAL_AUTH_DEFAULT,
msg = msg,
)
def create_login_page_box(referer='', ln=CFG_SITE_LANG):
# List of referer regexep and message to print
_ = gettext_set_language(ln)
login_referrer2msg = (
(re.compile(r"/search"), "<p>" +
_("This collection is restricted. If you think you have right to access it, please authenticate yourself."
) + "</p>"),
(re.compile(r"/%s/\d+/files/.+" % CFG_SITE_RECORD), "<p>" +
_("This file is restricted. If you think you have right to access it, please authenticate yourself."
) + "</p>"),
(re.compile(r"openid-invalid"),
"<p>" + _("The OpenID identifier is invalid") + "</p>"),
(re.compile(r"openid-python"), "<p>%s</p><p>%s</p>" %
(_("python-openid package must be installed: run make install-openid-package or download manually from https://github.com/openid/python-openid/"
),
_("Please inform the <a href='mailto%s'>administator</a>" %
CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"oauth-rauth"), "<p>%s</p><p>%s</p>" %
(_("rauth package must be installed: run make install-oauth-package or download manually from https://github.com/litl/rauth/"
),
_("Please inform the <a href='mailto%s'>administator</a>" %
CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"oauth-config"), "<p>%s</p><p>%s</p>" %
(_("The configuration isn't set properly"),
_("Please inform the <a href='mailto%s'>administator</a>" %
CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"connection-error"), "<p>%s</p>" %
(_("Cannot connect the provider. Please try again later."))),
)
msg = ""
for regexp, txt in login_referrer2msg:
if regexp.search(referer):
msg = txt
break
internal = None
for system in CFG_EXTERNAL_AUTHENTICATION.keys():
if CFG_EXTERNAL_AUTHENTICATION[system] is None:
internal = system
break
register_available = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and internal
## Let's retrieve all the login method that are not dedicated to robots
methods = [
method[0] for method in CFG_EXTERNAL_AUTHENTICATION.iteritems()
if not method[1] or not method[1].robot_login_method_p()
]
methods.sort()
return websession_templates.tmpl_login_form(
ln=ln,
referer=referer,
internal=internal,
register_available=register_available,
methods=methods,
selected_method=CFG_EXTERNAL_AUTH_DEFAULT,
msg=msg,
)
def test_create_example_url(self, email, login_method, robot, ip, assertion=None, timeout=None, referer=None, groups=None, nickname=None):
"""
Create a test URL to test the robot login.
@param email: email of the user we want to login as.
@type email: string
@param login_method: the login_method name as specified in CFG_EXTERNAL_AUTHENTICATION.
@type login_method: string
@param robot: the identifier of this robot.
@type robot: string
@param assertion: any further data we want to send to.
@type: json serializable mapping
@param ip: the IP of the user.
@type: string
@param timeout: timeout when the URL will expire (in seconds from the Epoch)
@type timeout: float
@param referer: the URL where to land after successful login.
@type referer: string
@param groups: the list of optional group of the user.
@type groups: list of string
@param nickname: the optional nickname of the user.
@type nickname: string
@return: the URL to login as the user.
@rtype: string
"""
from invenio.access_control_config import CFG_EXTERNAL_AUTHENTICATION
from invenio.urlutils import create_url
if assertion is None:
assertion = {}
assertion[self.email_attribute_name] = email
if nickname:
assertion[self.nickname_attribute_name] = nickname
if groups:
assertion[self.groups_attribute_name] = self.groups_separator.join(groups)
if timeout is None:
timeout = time.time() + CFG_ROBOT_URL_TIMEOUT
assertion[self.timeout_attribute_name] = timeout
if referer is None:
referer = CFG_SITE_URL
if login_method is None:
for a_login_method, details in CFG_EXTERNAL_AUTHENTICATION.iteritems():
if details[2]:
login_method = a_login_method
break
robot_keys = load_robot_keys()
assertion[self.userip_attribute_name] = ip
assertion = json.dumps(assertion)
if self.use_zlib:
assertion = base64.urlsafe_b64encode(compress(assertion))
shared_key = robot_keys[login_method][robot]
digest = self.sign(shared_key, assertion)
return create_url("%s%s" % (CFG_SITE_SECURE_URL, "/youraccount/robotlogin"), {
'assertion': assertion,
'robot': robot,
'login_method': login_method,
'digest': digest,
'referer': referer})
def test_create_example_url(self, email, login_method, robot, ip, assertion=None, timeout=None, referer=None, groups=None, nickname=None):
"""
Create a test URL to test the robot login.
@param email: email of the user we want to login as.
@type email: string
@param login_method: the login_method name as specified in CFG_EXTERNAL_AUTHENTICATION.
@type login_method: string
@param robot: the identifier of this robot.
@type robot: string
@param assertion: any further data we want to send to.
@type: json serializable mapping
@param ip: the IP of the user.
@type: string
@param timeout: timeout when the URL will expire (in seconds from the Epoch)
@type timeout: float
@param referer: the URL where to land after successful login.
@type referer: string
@param groups: the list of optional group of the user.
@type groups: list of string
@param nickname: the optional nickname of the user.
@type nickname: string
@return: the URL to login as the user.
@rtype: string
"""
from invenio.access_control_config import CFG_EXTERNAL_AUTHENTICATION
from invenio.urlutils import create_url
if assertion is None:
assertion = {}
assertion[self.email_attribute_name] = email
if nickname:
assertion[self.nickname_attribute_name] = nickname
if groups:
assertion[self.groups_attribute_name] = self.groups_separator.join(groups)
if timeout is None:
timeout = time.time() + CFG_ROBOT_URL_TIMEOUT
assertion[self.timeout_attribute_name] = timeout
if referer is None:
referer = CFG_SITE_URL
if login_method is None:
for a_login_method, details in CFG_EXTERNAL_AUTHENTICATION.iteritems():
if details[2]:
login_method = a_login_method
break
robot_keys = load_robot_keys()
assertion[self.userip_attribute_name] = ip
assertion = json.dumps(assertion)
if self.use_zlib:
assertion = base64.urlsafe_b64encode(compress(assertion))
shared_key = robot_keys[login_method][robot]
digest = self.sign(shared_key, assertion)
return create_url("%s%s" % (CFG_SITE_SECURE_URL, "/youraccount/robotlogin"), {
'assertion': assertion,
'robot': robot,
'login_method': login_method,
'digest': digest,
'referer': referer})
def create_login_page_box(referer='', ln=CFG_SITE_LANG):
# List of referer regexep and message to print
_ = gettext_set_language(ln)
login_referrer2msg = (
(re.compile(r"/search"), "<p>" + _("This collection is restricted. If you think you have right to access it, please authenticate yourself.") + "</p>"),
(re.compile(r"/%s/\d+/files/.+" % CFG_SITE_RECORD), "<p>" + _("This file is restricted. If you think you have right to access it, please authenticate yourself.") + "</p>"),
(re.compile(r"openid-invalid"), "<p>" + _("The OpenID identifier is invalid") + "</p>"),
(re.compile(r"openid-python"), "<p>%s</p><p>%s</p>" % (_("python-openid package must be installed: run make install-openid-package or download manually from https://github.com/openid/python-openid/"), _("Please inform the <a href='mailto%s'>administator</a>" % CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"oauth-rauth"), "<p>%s</p><p>%s</p>" % (_("rauth package must be installed: run make install-oauth-package or download manually from https://github.com/litl/rauth/"), _("Please inform the <a href='mailto%s'>administator</a>" % CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"oauth-config"), "<p>%s</p><p>%s</p>" % (_("The configuration isn't set properly"), _("Please inform the <a href='mailto%s'>administator</a>" % CFG_SITE_ADMIN_EMAIL))),
(re.compile(r"connection-error"), "<p>%s</p>" % (_("Cannot connect the provider. Please try again later."))),
)
msg = ""
for regexp, txt in login_referrer2msg:
if regexp.search(referer):
msg = txt
break
internal = None
for system in CFG_EXTERNAL_AUTHENTICATION.keys():
if CFG_EXTERNAL_AUTHENTICATION[system] is None:
internal = system
break
register_available = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and internal
## Let's retrieve all the login method that are not dedicated to robots
methods = [method[0] for method in CFG_EXTERNAL_AUTHENTICATION.iteritems() if not method[1] or not method[1].robot_login_method_p()]
methods.sort()
return websession_templates.tmpl_login_form(
ln = ln,
referer = referer,
internal = internal,
register_available = register_available,
methods = methods,
selected_method = CFG_EXTERNAL_AUTH_DEFAULT,
msg = msg,
)
