def __init__(self, *args, **kw):
"""
base controller constructor
:param *args: generic argument array
:param **kw: generic argument dict
:return: None
"""
self.parent = super(WSGIController, self)
self.parent.__init__(*args, **kw)
# make the OpenID SQL Instance globally available
openid_sql = config.get('openid_sql', None)
if openid_sql is None:
try:
openid_storage = SQLStorage()
config['openid_sql'] = openid_storage
except Exception as exx:
config['openid_sql'] = exx
log.error("Failed to configure openid_sql: %r" % exx)
app_setup_done = config.get('app_setup_done', False)
if app_setup_done is False:
try:
setup_app(config)
config['app_setup_done'] = True
except Exception as exx:
config['app_setup_done'] = False
log.error("Failed to serve request: %r" % exx)
raise exx
l_config = initLinotpConfig()
resolver_setup_done = config.get('resolver_setup_done', False)
if resolver_setup_done is False:
try:
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=l_config, cache_dir=cache_dir)
config['resolver_setup_done'] = True
except Exception as exx:
config['resolver_setup_done'] = False
log.error("Failed to setup resolver: %r" % exx)
raise exx
initResolvers()
return
def __init__(self, *args, **kw):
"""
base controller constructor
:param *args: generic argument array
:param **kw: generic argument dict
:return: None
"""
self.parent = super(WSGIController, self)
self.parent.__init__(*args, **kw)
# make the OpenID SQL Instance globally available
openid_sql = config.get('openid_sql', None)
if openid_sql is None:
try:
openid_storage = SQLStorage()
config['openid_sql'] = openid_storage
except Exception as exx:
config['openid_sql'] = exx
log.error("Failed to configure openid_sql: %r" % exx)
app_setup_done = config.get('app_setup_done', False)
if app_setup_done is False:
try:
setup_app(config)
config['app_setup_done'] = True
except Exception as exx:
config['app_setup_done'] = False
log.error("Failed to serve request: %r" % exx)
raise exx
l_config = initLinotpConfig()
resolver_setup_done = config.get('resolver_setup_done', False)
if resolver_setup_done is False:
try:
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=l_config, cache_dir=cache_dir)
config['resolver_setup_done'] = True
except Exception as exx:
config['resolver_setup_done'] = False
log.error("Failed to setup resolver: %r" % exx)
raise exx
initResolvers()
return
def create_context(self, request, environment):
"""
create the request context for all controllers
"""
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
request_context['Policies'] = parse_policies(linotp_config)
request_context['translate'] = translate
request_context['CacheManager'] = environment['beaker.cache']
initResolvers()
request_params = {}
try:
request_params.update(request.params)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Params'] = request_params
authUser = None
try:
authUser = getUserFromRequest(request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['AuthUser'] = authUser
request_context['UserLookup'] = {}
requestUser = None
try:
requestUser = getUserFromParam(request_params)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['RequestUser'] = requestUser
client = None
try:
client = get_client(request=request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Client'] = client
request_context['Audit'] = Audit
request_context['audit'] = Audit.initialize(request, client=client)
defaultRealm = ""
try:
defaultRealm = getDefaultRealm(linotp_config)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['defaultRealm'] = defaultRealm
realms = None
try:
realms = getRealms()
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Realms'] = realms
request_context['hsm'] = None
if hasattr(self, "hsm"):
request_context['hsm'] = self.hsm
# copy some system entries from pylons
syskeys = {
"radius.nas_identifier": "LinOTP",
"radius.dictfile": "/etc/linotp2/dictionary"
}
sysconfig = {}
for key, default in syskeys.items():
sysconfig[key] = config.get(key, default)
request_context['SystemConfig'] = sysconfig
def create_context(self, request, environment):
"""
create the request context for all controllers
"""
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
request_context['Policies'] = parse_policies(linotp_config)
request_context['translate'] = translate
request_context['CacheManager'] = environment['beaker.cache']
request_context['Path'] = environment.get("PATH_INFO", "") or ""
request_context['hsm'] = self.hsm
request_params = {}
try:
request_params.update(request.params)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Params'] = request_params
initResolvers()
client = None
try:
client = get_client(request=request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Client'] = client
request_context['Audit'] = Audit
request_context['audit'] = Audit.initialize(request, client=client)
authUser = None
try:
authUser = getUserFromRequest(request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['AuthUser'] = authUser
request_context['UserLookup'] = {}
requestUser = None
try:
requestUser = getUserFromParam(request_params)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['RequestUser'] = requestUser
defaultRealm = ""
try:
defaultRealm = getDefaultRealm(linotp_config)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['defaultRealm'] = defaultRealm
realms = None
try:
realms = getRealms()
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Realms'] = realms
# ------------------------------------------------------------------ --
# for the setup of encrypted data, we require the hsm is instatiated
# and available in the request context
if not self.secret_key:
init_key_partition(linotp_config, partition=0)
# ------------------------------------------------------------------ --
# copy some system entries from pylons
syskeys = {
"radius.nas_identifier": "LinOTP",
"radius.dictfile": "/etc/linotp2/dictionary"
}
sysconfig = {}
for key, default in syskeys.items():
sysconfig[key] = config.get(key, default)
request_context['SystemConfig'] = sysconfig
def create_context(self, request, environment):
"""
create the request context for all controllers
"""
linotp_config = getLinotpConfig()
# make the request id available in the request context
request_context['RequestId'] = environment['REQUEST_ID']
# a request local cache to get the user info from the resolver
request_context['UserLookup'] = {}
# a request local cache to get the resolver from user and realm
request_context['UserRealmLookup'] = {}
request_context['Config'] = linotp_config
request_context['Policies'] = parse_policies(linotp_config)
request_context['translate'] = translate
request_context['CacheManager'] = environment['beaker.cache']
routes = environment.get('pylons.routes_dict', {})
path = "/%s/%s" % (routes['controller'], routes['action'])
request_context['Path'] = path
request_context['hsm'] = self.hsm
initResolvers()
client = None
try:
client = get_client(request=request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Client'] = client
request_context['Audit'] = Audit
request_context['audit'] = Audit.initialize(request, client=client)
authUser = None
try:
authUser = getUserFromRequest(request)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['AuthUser'] = authUser
request_context['UserLookup'] = {}
# ------------------------------------------------------------------ --
# get the current resolvers
resolvers = []
try:
resolvers = getResolverList(config=linotp_config)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Resolvers'] = resolvers
# ------------------------------------------------------------------ --
# get the current realms
realms = {}
try:
realms = getRealms()
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['Realms'] = realms
# ------------------------------------------------------------------ --
defaultRealm = ""
try:
defaultRealm = getDefaultRealm(linotp_config)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r" % exx)
request_context['defaultRealm'] = defaultRealm
# ------------------------------------------------------------------ --
# load the requesting user
from linotp.useridresolver.UserIdResolver import (
ResolverNotAvailable)
requestUser = None
try:
requestUser = getUserFromParam(self.request_params)
except UnicodeDecodeError as exx:
log.error("Failed to decode request parameters %r", exx)
except (ResolverNotAvailable, NoResolverFound) as exx:
log.error("Failed to connect to server %r", exx)
request_context['RequestUser'] = requestUser
# ------------------------------------------------------------------ --
# load the providers
from linotp.provider import Provider_types
from linotp.provider import getProvider
provider = {}
for provider_type in Provider_types.keys():
provider[provider_type] = getProvider(provider_type)
request_context['Provider'] = provider
# ------------------------------------------------------------------ --
# for the setup of encrypted data, we require the hsm is instatiated
# and available in the request context
if not self.secret_key:
init_key_partition(linotp_config, partition=0)
# ------------------------------------------------------------------ --
# copy some system entries from pylons
syskeys = {
"radius.nas_identifier": "LinOTP",
"radius.dictfile": "/etc/linotp2/dictionary"
}
sysconfig = {}
for key, default in syskeys.items():
sysconfig[key] = config.get(key, default)
request_context['SystemConfig'] = sysconfig
def create_context(self, request):
"""
create the request context for all controllers
"""
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
request_context['Policies'] = getPolicies()
request_context['translate'] = translate
initResolvers()
request_params = {}
try:
request_params.update(request.params)
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['Params'] = request_params
authUser = None
try:
authUser = getUserFromRequest(request)
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['AuthUser'] = authUser
requestUser = None
try:
requestUser = getUserFromParam(request_params, True)
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['RequestUser'] = requestUser
client = None
try:
client = get_client(request=request)
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['Client'] = client
request_context['Audit'] = Audit
request_context['audit'] = Audit.initialize(request,
client=client)
defaultRealm = ""
try:
defaultRealm = getDefaultRealm(linotp_config)
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['defaultRealm'] = defaultRealm
realms = None
try:
realms = getRealms()
except UnicodeDecodeError as exx:
log.error("Faild to decode request parameters %r" % exx)
request_context['Realms'] = realms
request_context['hsm'] = None
if hasattr(self, "hsm"):
request_context['hsm'] = self.hsm
# copy some system entries from pylons
syskeys = {
"radius.nas_identifier": "LinOTP",
"radius.dictfile": "/etc/linotp2/dictionary"
}
sysconfig = {}
for key, default in syskeys.items():
try:
sysconfig[key] = config.get(key, default)
except:
log.info('no sytem config entry %s' % key)
request_context['SystemConfig'] = sysconfig
def __init__(self, *args, **kw):
"""
base controller constructor
:param *args: generic argument array
:param **kw: generic argument dict
:return: None
"""
self.sep = None
self.parent = super(WSGIController, self)
self.parent.__init__(*args, **kw)
# make the OpenID SQL Instance globally available
openid_sql = config.get('openid_sql', None)
if openid_sql is None:
try:
openid_storage = SQLStorage()
config['openid_sql'] = openid_storage
except Exception as exx:
config['openid_sql'] = exx
log.error("Failed to configure openid_sql: %r" % exx)
app_setup_done = config.get('app_setup_done', False)
if app_setup_done is False:
try:
setup_app(config)
config['app_setup_done'] = True
except Exception as exx:
config['app_setup_done'] = False
log.error("Failed to serve request: %r" % exx)
raise exx
# set the decryption device before loading linotp config,
# so it contains the decrypted values as well
glo = getGlobalObject()
self.sep = glo.security_provider
try:
hsm = self.sep.getSecurityModule()
c.hsm = hsm
except Exception as exx:
log.error('failed to assign hsm device: %r' % exx)
raise exx
l_config = initLinotpConfig()
resolver_setup_done = config.get('resolver_setup_done', False)
if resolver_setup_done is False:
try:
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=l_config, cache_dir=cache_dir)
config['resolver_setup_done'] = True
except Exception as exx:
config['resolver_setup_done'] = False
log.error("Failed to setup resolver: %r" % exx)
raise exx
initResolvers()
return
def __init__(self, *args, **kw):
"""
base controller constructor
:param *args: generic argument array
:param **kw: generic argument dict
:return: None
"""
self.sep = None
self.set_language(request.headers)
self.base_auth_user = ''
self.parent = super(WSGIController, self)
self.parent.__init__(*args, **kw)
# make the OpenID SQL Instance globally available
openid_sql = config.get('openid_sql', None)
if openid_sql is None:
try:
openid_storage = SQLStorage()
config['openid_sql'] = openid_storage
except Exception as exx:
config['openid_sql'] = exx
log.error("Failed to configure openid_sql: %r" % exx)
app_setup_done = config.get('app_setup_done', False)
if app_setup_done is False:
try:
setup_app(config)
config['app_setup_done'] = True
except Exception as exx:
config['app_setup_done'] = False
log.error("Failed to serve request: %r" % exx)
raise exx
# set the decryption device before loading linotp config,
# so it contains the decrypted values as well
glo = getGlobalObject()
self.sep = glo.security_provider
try:
hsm = self.sep.getSecurityModule()
c.hsm = hsm
except Exception as exx:
log.error('failed to assign hsm device: %r' % exx)
raise exx
l_config = initLinotpConfig()
resolver_setup_done = config.get('resolver_setup_done', False)
if resolver_setup_done is False:
try:
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=l_config, cache_dir=cache_dir)
config['resolver_setup_done'] = True
except Exception as exx:
config['resolver_setup_done'] = False
log.error("Failed to setup resolver: %r" % exx)
raise exx
initResolvers()
return
def authenticate(self, environ, identity):
log.info("[authenticate] entering repoze authenticate function.")
# log.debug( identity )
username = None
realm = None
options = {}
realmbox = "False"
authenticate = True
if isSelfTest():
authenticate = False
try:
if isSelfTest():
if ('login' not in identity
and 'repoze.who.plugins.auth_tkt.userid' in identity):
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
username = identity['login']
realm = identity['realm']
password = identity['password']
options.update(identity)
realmbox = options.get("realmbox", "False")
except KeyError as e:
log.exception("[authenticate] Keyerror in identity: %r." % e)
return None
# convert string to boolean
realm_mbox = False
if realmbox.lower() == 'true':
realm_mbox = True
# check username/realm, password
with request_context_safety():
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
# add the cache manager to the context
glo = getGlobalObject()
cache_manager = glo.cache_manager
request_context['CacheManager'] = cache_manager
# and also add the hsm - enables us to do otp validation :-)
sep = glo.security_provider
hsm = sep.getSecurityModule()
request_context['hsm'] = hsm
resolver_context = initResolvers()
request_context.update(resolver_context)
user = get_authenticated_user(username,
realm,
password,
realm_box=realm_mbox,
authenticate=authenticate,
options=options)
if not user:
return None
authUser = "******" % (user.login, user.realm)
return authUser
def authenticate(self, environ, identity):
log.debug("Authentication through repoze.")
username = None
realm = None
options = {}
realmbox = "False"
authenticate = True
if isSelfTest():
authenticate = False
try:
if isSelfTest():
if ('login' not in identity
and 'repoze.who.plugins.auth_tkt.userid' in identity):
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
username = identity['login']
realm = identity['realm']
password = identity['password']
options.update(identity)
realmbox = options.get("realmbox", "False")
except KeyError as e:
log.exception("Keyerror in repoze identity: %r." % e)
return None
# convert string to boolean
realm_mbox = False
if realmbox.lower() == 'true':
realm_mbox = True
# check username/realm, password
with request_context_safety():
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
# add the cache manager to the context
glo = getGlobalObject()
cache_manager = glo.cache_manager
request_context['CacheManager'] = cache_manager
# and also add the hsm - enables us to do otp validation :-)
sep = glo.security_provider
hsm = sep.getSecurityModule()
request_context['hsm'] = hsm
# initialize the base context
# - copied for the dumb repoze middleware
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=linotp_config, cache_dir=cache_dir)
resolver_context = initResolvers()
request_context.update(resolver_context)
# prepare the request local user cache
if 'UserLookup' not in request_context:
request_context['UserLookup'] = {}
user = get_authenticated_user(username,
realm,
password,
realm_box=realm_mbox,
authenticate=authenticate,
options=options)
if not user:
return None
authUser = "******" % (user.login, user.realm)
return authUser