def startRequest(environ, start_response):
"""
Start the cert request cycle. This will create a random that is set in a cookie
which will be later read so that the state can be managed (state meaning an
asset in the asset store). If successful, this returns a redirect to the main
site.
"""
# get the name from the url if it was specified there.
#print >> environ['wsgi.errors'], "cfg file = " + environ['oa4mp.config.file']
logit(environ, "starting new request")
oa4mp = OA4MPService()
configFile = environ['oa4mp.config.file']
configName = environ['oa4mp.config.name']
try:
config = Config(configFile, configName)
cfg = config.read()
except:
logit(environ, 'Error reading configuration')
return failure(environ, start_response)
# print >> environ['wsgi.errors'], "service uri = " + cfg['serviceUri']
id = 'oa4mp-' + hashlib.sha1(str(random.random()) +
str(random.random())).hexdigest()
logit(environ, "created id = " + id)
try:
key, redirectUri = oa4mp.requestCert(id, cfg)
except:
logit(environ, 'Error in request Cert for id=' + id)
return failure(environ, start_response)
headers = [
('Content-Type', 'text/html'),
(
'Set-Cookie', CERT_REQUEST_ID + '=' + id + ";"
), # cookie -- don't set path since API for reading doesn't support it!!!
('Location', redirectUri)
] # Location header + 302 status code = redirect
logit(environ, "set cookie")
# foo = [('Content-Type', 'text/html'),
# Status of 302 required for redirect.
start_response('302 FOUND', headers)
# If the 302 redirect works as it should, then the body will never be seen. In case something happens
# the user should at least have a chance to continue manually.
body = '<html><body>Please follow this <a href="'
body = body + str(
redirectUri
) #or the body is converted to unicode and cannot be used as a response.
body = body + '">link</a>!</body></html>\n'
logit(environ,
"done with initial request, redirect uri = " + str(redirectUri))
return body
def callback(environ, start_response):
try:
return _callback(environ, start_response)
finally:
configFile = environ[CONFIG_FILE_KEY]
configName = environ[CONFIG_NAME_KEY]
config = Config(configFile, configName)
cfg = config.read()
store = FileStore(cfg=cfg)
# Perform required cleanup task. Given the difficulty of controlling threads
# in WSGI having an invocation at the end of the call back is an acceptable trade-off
# This might have to be improved later...
store.cleanup()
def callback(environ, start_response):
try:
return _callback(environ, start_response)
finally:
configFile = environ[CONFIG_FILE_KEY]
configName = environ[CONFIG_NAME_KEY]
config = Config(configFile, configName)
cfg = config.read()
store = FileStore(cfg=cfg)
# Perform required cleanup task. Given the difficulty of controlling threads
# in WSGI having an invocation at the end of the call back is an acceptable trade-off
# This might have to be improved later...
store.cleanup()
def _callback(environ, start_response):
"""
The callback, to wit, this will take the oauth token returned by the server, swap it for an
access token then get the cert, storing it as an asset.
"""
# Standard canonical way to interpret the request values is to run the wsgi environment
# through the cgi module
form = cgi.FieldStorage(fp=environ['wsgi.input'],
environ=environ,
keep_blank_values=1)
# Get data from fields
token = unquote(form.getvalue('oauth_token', None))
v = unquote(form.getvalue('oauth_verifier', None))
configFile = environ[CONFIG_FILE_KEY]
configName = environ[CONFIG_NAME_KEY]
logging.info('using cfg file=' + environ['oa4mp.config.file'] + ', name=' +
environ['oa4mp.config.name'])
config = Config(configFile, configName)
cfg = config.read()
logit(environ, "skin=" + cfg["skin"])
id = None
fileStore = FileStore(cfg)
if environ.has_key('HTTP_COOKIE'):
for cookie in map(strip, re.split(';', environ['HTTP_COOKIE'])):
try:
(key, value) = re.split('=', cookie)
if key == CERT_REQUEST_ID:
id = value
if fileStore.get(id) != None:
# jump out once you find the first one that works.
# If they have cruft in their browser
# such as from repeated failed earlier attempts,
# we can't figure which is the right one
break
else:
logit(environ,
'No asset found for id=' + id + ', skipping it.')
except ValueError, e:
logging.exception('Benign error parsing cookie=' + cookie +
'. Skipping...')
def startRequest(environ, start_response):
"""
Start the cert request cycle. This will create a random that is set in a cookie
which will be later read so that the state can be managed (state meaning an
asset in the asset store). If successful, this returns a redirect to the main
site.
"""
# get the name from the url if it was specified there.
#print >> environ['wsgi.errors'], "cfg file = " + environ['oa4mp.config.file']
logit(environ, "starting new request")
oa4mp = OA4MPService()
configFile = environ['oa4mp.config.file']
configName = environ['oa4mp.config.name']
try:
config = Config(configFile, configName)
cfg = config.read()
except:
logit(environ, 'Error reading configuration')
return failure(environ, start_response)
# print >> environ['wsgi.errors'], "service uri = " + cfg['serviceUri']
id = 'oa4mp-' + hashlib.sha1(str(random.random()) + str(random.random())).hexdigest()
logit(environ, "created id = " + id)
try:
key, redirectUri = oa4mp.requestCert(id, cfg)
except:
logit(environ,'Error in request Cert for id=' + id)
return failure(environ,start_response)
headers = [('Content-Type', 'text/html'),
('Set-Cookie', CERT_REQUEST_ID + '=' + id + ";"),# cookie -- don't set path since API for reading doesn't support it!!!
('Location', redirectUri)]# Location header + 302 status code = redirect
logit(environ, "set cookie");# foo = [('Content-Type', 'text/html'),
# Status of 302 required for redirect.
start_response('302 FOUND', headers)
# If the 302 redirect works as it should, then the body will never be seen. In case something happens
# the user should at least have a chance to continue manually.
body= '<html><body>Please follow this <a href="'
body = body + str(redirectUri) #or the body is converted to unicode and cannot be used as a response.
body = body + '">link</a>!</body></html>\n'
logit(environ, "done with initial request, redirect uri = " + str(redirectUri))
return body
def _callback(environ, start_response):
"""
The callback, to wit, this will take the oauth token returned by the server, swap it for an
access token then get the cert, storing it as an asset.
"""
# Standard canonical way to interpret the request values is to run the wsgi environment
# through the cgi module
form = cgi.FieldStorage(fp=environ['wsgi.input'],
environ=environ,
keep_blank_values=1)
# Get data from fields
token = unquote(form.getvalue('oauth_token', None))
v = unquote(form.getvalue('oauth_verifier', None))
configFile = environ[CONFIG_FILE_KEY]
configName = environ[CONFIG_NAME_KEY]
logging.info('using cfg file=' + environ['oa4mp.config.file'] + ', name=' + environ['oa4mp.config.name'])
config = Config(configFile, configName)
cfg = config.read()
logit(environ, "skin=" + cfg["skin"])
id = None
fileStore = FileStore(cfg)
if environ.has_key('HTTP_COOKIE'):
for cookie in map(strip, re.split(';', environ['HTTP_COOKIE'])):
try:
(key, value ) = re.split('=', cookie)
if key == CERT_REQUEST_ID:
id = value
if fileStore.get(id) != None:
# jump out once you find the first one that works.
# If they have cruft in their browser
# such as from repeated failed earlier attempts,
# we can't figure which is the right one
break
else:
logit(environ,'No asset found for id=' + id + ', skipping it.')
except ValueError, e:
logging.exception('Benign error parsing cookie=' + cookie + '. Skipping...')
