def service_error(self, message, html=None): """ :return A error response which is used to show error messages in the client """ message = {"ExceptionMessage": message, "HTML": html} resp = ServiceError(json.dumps(message)) return resp(self.environ, self.start_response)
def application(environ, start_response): session = Session(environ['beaker.session']) path = environ.get('PATH_INFO', '').lstrip('/') resp = None for regex, callback in URLS: match = re.search(regex, path) if match is not None: try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = path logger.info("callback: %s" % callback) try: resp = callback(environ, session, path) except Exception, err: print >> sys.stderr, "%s" % err message = traceback.format_exception(*sys.exc_info()) print >> sys.stderr, message logger.exception("%s" % err) resp = ServiceError("%s" % err) if isinstance(resp, tuple): return resp[0](environ, start_response, **resp[1]) elif isinstance(resp, Response): return resp(environ, start_response) else: break
def run_test_instance(self, iss, tag): _port = self.get_port(iss, tag) args = [ "optest.py", "-i", unquote_plus(iss), "-t", unquote_plus(tag), "-p", str(_port), "-M", self.mako_dir ] for _fl in self.flows: args.extend(["-f", _fl]) if self.path2port: args.extend(["-m", self.path2port]) ppmap = read_path2port_map(self.path2port) try: _path = ppmap[str(_port)] except KeyError: _errtxt = 'Port not in path2port map file {}'.format( self.path2port) logger.error(_errtxt) return ServiceError(_errtxt) url = '{}{}'.format(self.test_tool_base, _path) else: url = '{}:{}'.format(self.test_tool_base[:-1], _port) _econf = self.rest.read_conf(iss, tag) if _econf['tool']['insecure']: args.append('-k') args.append(self.test_tool_conf) _key = '{}:{}'.format(iss, tag) # If already running - kill try: pid = self.running_processes[_key] except KeyError: pass else: logger.info('kill {}'.format(pid)) subprocess.call(['kill', pid]) logger.info(args) if False: # Only on Windows DETACHED_PROCESS = 0x00000008 process = subprocess.Popen(args, creationflags=DETACHED_PROCESS).pid else: process = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # continues immediately if process.pid: logger.info("process id: {}".format(process.pid)) self.running_processes['{}:{}'.format(iss, tag)] = process.pid time.sleep(5) return url
def registration(environ, events): _op = environ["oic.op"] if environ["REQUEST_METHOD"] == "POST": return wsgi_wrapper(environ, _op.registration_endpoint, events) elif environ["REQUEST_METHOD"] == "GET": return wsgi_wrapper(environ, _op.read_registration, events) else: return ServiceError("Method not supported")
def run_test_instance(self, iss, tag): _port = self.assigned_ports.register_port(iss, tag) args = [ self.test_script, "-i", unquote_plus(iss), "-t", unquote_plus(tag), "-p", str(_port), "-M", self.mako_dir, "-f", self.flowdir ] if self.path2port: args.extend(["-m", self.path2port]) ppmap = read_path2port_map(self.path2port) try: _path = ppmap[str(_port)] except KeyError: _errtxt = 'Port not in path2port map file {}'.format( self.path2port) logger.error(_errtxt) return ServiceError(_errtxt) url = '{}{}'.format(self.test_tool_base, _path) else: url = '{}:{}'.format(self.test_tool_base[:-1], _port) typ, _econf = self.rest.read_conf(iss, tag) if _econf['tool']['insecure']: args.append('-k') args.append(self.test_tool_conf) # If already running - kill try: pid = isrunning(unquote_plus(iss), unquote_plus(tag)) except KeyError: pass else: if pid: logger.info('kill {}'.format(pid)) subprocess.call(['kill', str(pid)]) # Now get it running args.append('&') logger.info("Test tool command: {}".format(" ".join(args))) # spawn independent process os.system(" ".join(args)) pid = 0 for i in range(0, 10): time.sleep(1) pid = isrunning(unquote_plus(iss), unquote_plus(tag)) if pid: break if pid: logger.info("process id: {}".format(pid)) self.running_processes[self.key(iss, tag)] = pid return url else: return None
def application(environ, start_response): session = environ['beaker.session'] path = environ.get('PATH_INFO', '').lstrip('/') try: _cli = session["client"] except KeyError: _cli = session["client"] = make_client(**KW_ARGS) session["done"] = [] _flows = KW_ARGS["flows"] if path == "robots.txt": return static(environ, start_response, "static/robots.txt") elif path.startswith("static/"): return static(environ, start_response, path) elif path.startswith("export/"): return static(environ, start_response, path) if path == "": # list session["done"] = [] session["flows"] = make_list(**KW_ARGS) return flow_list(environ, start_response, node_dict(_flows, session["flows"]), session["done"]) elif path in list(_flows.keys()): try: redirs = KW_ARGS["cinfo"]["client"]["redirect_uris"] except KeyError: redirs = KW_ARGS["cinfo"]["registered"]["redirect_uris"] conversation = Conversation(_flows[path], _cli, redirs) session["rf_args"] = { "profiles": KW_ARGS["profiles"], "test_id": path, "conv": conversation, "conf": KW_ARGS["conf"], "profile": KW_ARGS["profile"] } try: resp = run_flow(**session["rf_args"]) except Exception as err: resp = ServiceError("%s" % err) return resp(environ, start_response) else: if resp: return resp(environ, start_response) else: session["done"].append(path) return flow_list(environ, start_response, node_dict(_flows, session["flows"]), session["done"]) else: logger.debug("unknown side: %s" % path) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def service_error(self, message, event_id=None, html=None): """ :return A error response which is used to show error messages in the client """ if event_id: message += " Please reference to this event by: " + event_id response_message = {"ExceptionMessage": message + "", "HTML": html} resp = ServiceError(json.dumps(response_message)) return resp(self.environ, self.start_response)
def registration(environ, start_response, session, trace): trace.info(HEADER % "ClientRegistration") _oas = session["op"] if environ["REQUEST_METHOD"] == "POST": return wsgi_wrapper(environ, start_response, _oas.registration_endpoint, session, trace) elif environ["REQUEST_METHOD"] == "GET": return wsgi_wrapper(environ, start_response, _oas.read_registration, session, trace) else: resp = ServiceError("Method not supported") return resp(environ, start_response)
def registration(environ, start_response, session_info, events, jlog, **kwargs): events.store(EV_REQUEST, Operation("ClientRegistration")) _op = session_info["op"] if environ["REQUEST_METHOD"] == "POST": return wsgi_wrapper(environ, start_response, _op.registration_endpoint, session_info, events, jlog) elif environ["REQUEST_METHOD"] == "GET": return wsgi_wrapper(environ, start_response, _op.read_registration, session_info, events, jlog) else: resp = ServiceError("Method not supported") return resp(environ, start_response)
def application(environ, start_response): """ The main WSGI application. Dispatch the current request to the functions from above and store the regular expression captures in the WSGI environment as `oic.url_args` so that the functions from above can access the url placeholders. If nothing matches call the `not_found` function. :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ global OAS # user = environ.get("REMOTE_USER", "") path = environ.get('PATH_INFO', '').lstrip('/') LOGGER.info("path: %s" % path) if path == "robots.txt": return static(environ, start_response, "static/robots.txt") environ["oic.oas"] = OAS if path.startswith("static/"): return static(environ, start_response, path) for regex, callback in URLS: match = re.search(regex, path) if match is not None: try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = path LOGGER.debug("callback: %s" % callback) try: return callback(environ, start_response) except Exception as err: print("{}".format(err), file=sys.stderr) message = traceback.format_exception(*sys.exc_info()) print(message, file=sys.stderr) LOGGER.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) LOGGER.debug("unknown side: %s" % path) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def registration(environ, start_response, logger): _oas = environ["oic.oas"] if environ["REQUEST_METHOD"] == "POST": return wsgi_wrapper(environ, start_response, _oas.registration_endpoint, logger=logger) elif environ["REQUEST_METHOD"] == "GET": return wsgi_wrapper(environ, start_response, _oas.read_registration, logger=logger) else: resp = ServiceError("Method not supported") return resp(environ, start_response)
def _create_authzreq(self, role, session, acr_value=""): request_args = role.get_request_args(acr_value, session) try: url, body, ht_args, csi = role.request_info( AuthorizationRequest, "GET", request_args=request_args) except Exception: message = traceback.format_exception(*sys.exc_info()) resp = ServiceError(message) else: resp_headers = [("Location", str(url))] if ht_args: resp_headers.extend([(a, b) for a, b in list(ht_args.items())]) resp = Redirect(url, headers=resp_headers) return resp
def uid(environ, session, path): query = parse_qs(environ["QUERY_STRING"]) if "uid" in query: try: link = RP.find_srv_discovery_url(resource=query["uid"][0]) except requests.ConnectionError: return ServiceError("Webfinger lookup failed, connection error") session["srv_discovery_url"] = link md5 = hashlib.md5() md5.update(link) opkey = base64.b16encode(md5.digest()) client = create_client(opkey) SERVER_ENV["OIC_CLIENT"][opkey] = client session["opkey"] = opkey return {"client": client, "link": link} else: return BadRequest()
def application(environ, start_response): """ The main WSGI application. Dispatch the current request to the functions from above and store the regular expression captures in the WSGI environment as `oic.url_args` so that the functions from above can access the url placeholders. If nothing matches call the `not_found` function. :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ global OAS # user = environ.get("REMOTE_USER", "") path = environ.get('PATH_INFO', '').lstrip('/') logger = logging.getLogger('oicServer') environ["oic.oas"] = OAS for regex, callback in URLS: match = re.search(regex, path) if match is not None: try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = path logger.info("callback: %s" % callback) try: return callback(environ, start_response, logger) except Exception as err: print(str(err), file=sys.stderr) message = traceback.format_exception(*sys.exc_info()) print(message, file=sys.stderr) logger.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) resp = Response(template_lookup=LOOKUP, mako_template="index.html") return resp(environ, start_response)
def run_test(self, tester, _path, _sid, environ, start_response): _op = '{} {}'.format(environ['REQUEST_METHOD'], _path) resp = tester.run(_path, sid=_sid, op=_op, **self.kwargs) if resp: logger.info('Response class: {}'.format(resp.__class__.__name__)) if isinstance(resp, requests.Response): try: loc = resp.headers['location'] except KeyError: logger.info('Response type: {}, missing location'.format( type(resp))) resp = ServiceError('Wrong response: {}:{}'.format( resp.status_code, resp.text)) return resp(environ, start_response), 0 else: try: tester.conv.events.store('Cookie', resp.headers['set-cookie']) except KeyError: pass # For me ! if loc.startswith(tester.base_url): _path = loc[len(tester.base_url):] if _path[0] == '/': _path = _path[1:] return 0, _path else: if self.internal: _url = absolute_url( loc, tester.sh['test_conf']['start_page']) logging.info('Redirect not to me => {}'.format(_url)) res = tester.conv.entity.server.http_request(_url) logging.info('{} response'.format(res.status_code)) logging.debug('txt: {}'.format(res.text)) res = tester.display_test_list() return res, 0 else: res = SeeOther(loc) return res(environ, start_response), 0 elif resp is True or resp is False or resp is None: return tester.display_test_list(), 0 else: return resp(environ, start_response), 0
def application(self, environ, start_response): logger.info("Connection from: %s" % environ["REMOTE_ADDR"]) session = environ['beaker.session'] path = environ.get('PATH_INFO', '').lstrip('/') logger.info("path: %s" % path) self.events.store(EV_REQUEST, path) try: sh = session['session_info'] except KeyError: sh = SessionHandler(**self.kwargs) sh.session_init() session['session_info'] = sh inut = WebIO(session=sh, **self.kwargs) inut.environ = environ inut.start_response = start_response tester = WebTester(inut, sh, **self.kwargs) if path == "robots.txt": return static_mime("static/robots.txt", environ, start_response) elif path.startswith("static/"): return static_mime(path, environ, start_response) elif path == "list": try: qs = parse_qs(get_post(environ)) except Exception as err: pass else: sh['test_conf'] = dict([(k, v[0]) for k, v in qs.items()]) self.session_conf[sh['sid']] = sh return tester.display_test_list() elif path == '' or path == 'config': sid = rndstr(24) sh['sid'] = sid try: args = sh['test_conf'] except: args = {} return tester.do_config(sid, **args) elif path in self.kwargs['flows'].keys(): # Run flow try: _ = tester.sh['test_conf'] except KeyError: resp = SeeOther('/') return resp(environ, start_response) try: _sid = tester.sh['sid'] except KeyError: _sid = rndstr(24) tester.sh['sid'] = _sid self.session_conf[_sid] = sh resp = tester.run(path, sid=_sid, **self.kwargs) if isinstance(resp, requests.Response): loc = resp.headers['location'] #tester.conv.events.store('Cookie', resp.headers['set-cookie']) if loc.startswith(tester.base_url): path = loc[len(tester.base_url):] else: return resp elif resp is True or resp is False or resp is None: return tester.display_test_list() else: return resp(environ, start_response) elif path == 'display': return inut.flow_list() elif path == "opresult": resp = SeeOther("/display#{}".format( self.pick_grp(sh['conv'].test_id))) return resp(environ, start_response) elif path.startswith("test_info"): p = path.split("/") try: return inut.test_info(p[1]) except KeyError: return inut.not_found() elif path == 'all': for test_id in sh['flow_names']: resp = tester.run(test_id, **self.kwargs) if resp is True or resp is False: continue elif resp: return resp(environ, start_response) else: resp = ServiceError('Unkown service error') return resp(environ, start_response) return tester.display_test_list() # Whatever gets here should be of the form <session_id>/<path> try: sid, _path = path.split('/', 1) except ValueError: pass else: if _path.startswith("static/"): return static_mime(_path, environ, start_response) try: _sh = self.session_conf[sid] except KeyError: resp = ServiceError("Unknown session") return resp(environ, start_response) tester.sh = _sh if 'HTTP_AUTHORIZATION' in environ: _sh['conv'].events.store('HTTP_AUTHORIZATION', environ['HTTP_AUTHORIZATION']) _p = _path.split('?') if _p[0] in _sh['conv'].entity.endpoints(): resp = self.handle(environ, tester, sid, *_p) self.session_conf[sid] = tester.sh return resp(environ, start_response) for endpoint, service in self.endpoints.items(): if _path == endpoint: logger.info("service: {}".format(service)) try: resp = self.handle(environ, tester, sid, service) return resp(environ, start_response) except Exception as err: print("%s" % err) message = traceback.format_exception(*sys.exc_info()) print(message) logger.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ) logger.debug("unknown side: %s" % path) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def application(self, environ, start_response): logger.info("Connection from: %s" % environ["REMOTE_ADDR"]) path = environ.get('PATH_INFO', '').lstrip('/') logger.info("path: %s" % path) _io = IO(rest=self.rest, environ=environ, start_response=start_response, lookup=self.lookup, baseurl=self.baseurl) if path == "robots.txt": return _io.static("static/robots.txt") elif path == "favicon.ico": return _io.static("static/favicon.ico") elif path.startswith("static/"): return _io.static(path) elif path.startswith("export/"): return _io.static(path) if path == '': return _io.main() if path == 'new': return _io.new_iss() if path == 'entity': return _io.list_iss() elif path.startswith('entity/'): p = path.split('/') while p[-1] == '': p = p[:-1] if len(p) == 2: return _io.list_tag(p[1]) elif len(p) == 3: return _io.show_tag(p) elif len(p) == 4: _com = p[-1] if _com == 'action': _qs = parse_qs(environ.get('QUERY_STRING')) try: _act = _qs['action'][0] except KeyError: resp = BadRequest('missing query parameter') return resp(environ, start_response) if _act == 'delete': return _io.delete_instance(p[1:3], pid=self.get_pid(p[1:3]), app=self) elif _act == 'restart': return _io.restart_instance(self, p[1:3]) elif _act == 'configure': return _io.update_instance(*p[1:3]) else: resp = BadRequest('Unknown action') return resp(environ, start_response) elif path.startswith('form/'): return self.form_handling(path, _io) elif path == 'create': loc = self.basic_entity_configuration(_io) resp = SeeOther(loc) return resp(_io.environ, _io.start_response) elif path.startswith('run/'): _iss, _tag = get_iss_and_tag(path) if _iss == '' or _tag == '': resp = BadRequest('Path must be of the form /run/<iss>/<tag>') return resp(environ, start_response) _qiss = quote_plus(_iss) _qtag = quote_plus(_tag) _info = parse_qs(get_post(environ)) ent_conf = expand_dict(_info) if not verify_config(ent_conf): resp = BadRequest('Incorrect configuration') else: self.rest.write(_qiss, _qtag, ent_conf) resp = self.run_test_instance(_qiss, _qtag) if not isinstance(resp, Response): resp = SeeOther(resp) return resp(_io.environ, _io.start_response) elif path.startswith('model/'): p = path.split('/') prof = p[1] if verify_profile(prof): info = create_model(prof) if info: res = Response(json.dumps(info), content='applicaton/json') else: res = ServiceError() else: res = BadRequest('Syntax error in profile specification') return res(environ, start_response) elif path.startswith('register/'): _iss, _tag = get_iss_and_tag(path) _qiss = quote_plus(_iss) _qtag = quote_plus(_tag) _met = environ.get('REQUEST_METHOD') if _met == 'GET': return self.assigned_ports.register_port(_qiss, _qtag) elif _met == 'DELETE': return self.return_port(_qiss, _qtag) else: # check if this a REST request _iss, _tag = get_iss_and_tag(path) _qiss = quote_plus(_iss) _qtag = quote_plus(_tag) _path = '/{}/{}'.format(_qiss, _qtag) _met = environ.get('REQUEST_METHOD') if _met == 'GET': resp = self.rest.read(_qiss, _qtag, _path) elif _met == 'POST': resp = self.rest.replace(_qiss, _qtag, get_post(environ), _path) elif _met == 'PUT': resp = self.rest.store(_qiss, _qtag, get_post(environ)) elif _met == 'DELETE': resp = self.rest.delete(_qiss, _qtag) else: resp = BadRequest('Unsupported request method') return resp(environ, start_response)
elif path == "resource_set": query = parse_qs(environ["QUERY_STRING"]) uid = query["user"][0] res = AUTHZSRV.resource_sets_by_user(uid) resp = Response(json.dumps([r.to_dict() for r in res])) elif path == "perm_reg": query = parse_qs(environ["QUERY_STRING"]) for key, val in query.items(): if key in ["requestor", "resource_id", "user"]: query[key] = val[0] pre_trace("-->AS", "store_permission", query=query) try: AUTHZSRV.store_permission(**query) except Exception, err: post_trace("<--AS", exception="%s" % err) resp = ServiceError("%s" % err) else: post_trace("<--AS", status="OK") resp = Response("OK") elif path.startswith("access/info"): query = parse_qs(environ["QUERY_STRING"]) path = path[len("access/"):] pre_trace("C-->", "Access info", query=query, path=path) try: resp = CLIENT.get_info(query["requester"][0], path) except Exception, err: post_trace("C<--", exception="%s" % err) resp = ServiceError("%s" % err) else: post_trace("C<--", **repack_response(resp)) else:
def application(self, environ, start_response): """ :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ path = environ.get('PATH_INFO', '').lstrip('/') response_encoder = ResponseEncoder(environ=environ, start_response=start_response) parameters = parse_qs(environ["QUERY_STRING"]) session_info = { "addr": get_client_address(environ), 'cookie': environ.get("HTTP_COOKIE", ''), 'path': path, 'parameters': parameters } jlog = JLog(LOGGER, session_info['addr']) jlog.info(session_info) if path == "robots.txt": return static(environ, start_response, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, path) elif path.startswith("tar/"): return static(environ, start_response, path) elif path.startswith("log"): return display_log(path, environ, start_response, lookup=LOOKUP) elif path.startswith('clear/'): return clear_log(path, environ, start_response, lookup=LOOKUP) elif path.startswith('mktar/'): return make_tar(path, environ, start_response, lookup=LOOKUP) elif path.startswith("_static/"): return static(environ, start_response, path) elif path.startswith("jwks.json"): try: mode, endpoint = extract_mode(self.op_args["baseurl"]) events = Events() events.store('Init', '===========================================') op, path, jlog.id = self.op_setup(environ, mode, events, self.test_conf, endpoint) jwks = op.generate_jwks(mode) resp = Response(jwks, headers=[('Content-Type', 'application/json')]) return resp(environ, start_response) except KeyError: # Try to load from static file return static(environ, start_response, "static/jwks.json") events = Events() events.store('Init', '===========================================') if path == "test_list": return rp_test_list(environ, start_response) elif path == "": return registration(environ, start_response) elif path == "generate_client_credentials": client_id, client_secret = generate_static_client_credentials( parameters) return response_encoder.return_json( json.dumps({"client_id": client_id, "client_secret": client_secret})) elif path == "3rd_party_init_login": return rp_support_3rd_party_init_login(environ, start_response) # path should be <oper_id>/<test_id>/<endpoint> try: mode = parse_path(path) except ValueError: resp = BadRequest('Illegal path') return resp(environ, start_response) try: endpoint = mode['endpoint'] except KeyError: _info = {'error': 'No endpoint', 'mode': mode} events.store(EV_FAULT, _info) jlog.error(_info) resp = BadRequest('Illegal path') return resp(environ, start_response) if endpoint == ".well-known/webfinger": session_info['endpoint'] = endpoint try: _p = urlparse(parameters["resource"][0]) except KeyError: events.store(EV_FAULT, FailedOperation('webfinger', 'No resource defined')) jlog.error({'reason': 'No resource defined'}) resp = ServiceError("No resource defined") return resp(environ, start_response) if _p.scheme in ["http", "https"]: events.store(EV_REQUEST, Operation(name='webfinger', type='url', path=_p.path)) mode = parse_path(_p.path) elif _p.scheme == "acct": _l, _ = _p.path.split('@') _a = _l.split('.') if len(_a) == 2: _oper_id = _a[0] _test_id = _a[1] elif len(_a) > 2: _oper_id = ".".join(_a[:-1]) _test_id = _a[-1] else: _oper_id = _a[0] _test_id = 'default' mode.update({'oper_id': _oper_id, 'test_id': _test_id}) events.store(EV_REQUEST, Operation(name='webfinger', type='acct', oper_id=_oper_id, test_id=_test_id)) else: _msg = "Unknown scheme: {}".format(_p.scheme) events.events(EV_FAULT, FailedOperation('webfinger', _msg)) jlog.error({'reason': _msg}) resp = ServiceError(_msg) return resp(environ, start_response) elif endpoint == "claim": authz = environ["HTTP_AUTHORIZATION"] _ev = Operation('claim') try: assert authz.startswith("Bearer") except AssertionError: resp = BadRequest() else: _ev.authz = authz events.store(EV_REQUEST, _ev) tok = authz[7:] # mode, endpoint = extract_mode(self.op_args["baseurl"]) _op, _, sid = self.op_setup(environ, mode, events, self.test_conf, endpoint) try: _claims = _op.claim_access_token[tok] except KeyError: resp = BadRequest() else: del _op.claim_access_token[tok] _info = Message(**_claims) jwt_key = _op.keyjar.get_signing_key() resp = Response(_info.to_jwt(key=jwt_key, algorithm="RS256"), content='application/jwt') return resp(environ, start_response) if mode: session_info.update(mode) jlog.id = mode['oper_id'] try: _op, path, jlog.id = self.op_setup(environ, mode, events, self.test_conf, endpoint) except UnknownTestID as err: resp = BadRequest('Unknown test ID: {}'.format(err.args[0])) return resp(environ, start_response) session_info["op"] = _op session_info["path"] = path session_info['test_conf'] = self.test_conf[session_info['test_id']] for regex, callback in URLS: match = re.search(regex, endpoint) if match is not None: _op = HTTPRequest(endpoint=endpoint, method=environ["REQUEST_METHOD"]) try: _op.authz = environ["HTTP_AUTHORIZATION"] except KeyError: pass events.store(EV_HTTP_REQUEST, _op) try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = endpoint jlog.info({'callback': callback.__name__}) try: return callback(environ, start_response, session_info, events, op_arg=self.op_args, jlog=jlog) except Exception as err: print("%s" % err) message = traceback.format_exception(*sys.exc_info()) print(message) events.store(EV_EXCEPTION, err) LOGGER.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) LOGGER.debug("unknown page: '{}'".format(endpoint)) events.store(EV_FAULT, 'No such page: {}'.format(endpoint)) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def application(environ, start_response): session = environ['beaker.session'] path = environ.get('PATH_INFO', '').lstrip('/') try: _cli = session["client"] except KeyError: _cli = session["client"] = Client( client_authn_method=CLIENT_AUTHN_METHOD, keyjar=KEYJAR) _cli.kid = KIDD #_cli.allow["issuer_mismatch"] = True _cli.jwks_uri = JWKS_URI for arg, val in CONF.CLIENT_INFO.items(): setattr(_cli, arg, val) session["done"] = [] if path == "robots.txt": return static(environ, start_response, LOGGER, "static/robots.txt") elif path.startswith("static/"): return static(environ, start_response, LOGGER, path) elif path.startswith("export/"): return static(environ, start_response, LOGGER, path) if path == "": # list return flow_list(environ, start_response, FLOWS.FLOWS, session["done"]) elif path in FLOWS.FLOWS.keys(): session["flow"] = FLOWS.FLOWS[path] session["index"] = 0 session["item"] = path session["test_id"] = path try: resp = run_flow(_cli, session["index"], session, path) except Exception as err: resp = ServiceError("%s" % err) return resp(environ, start_response) else: if resp: return resp(environ, start_response) else: return flow_list(environ, start_response, FLOWS.FLOWS, session["done"]) elif path in ["authz_cb", "authz_post"]: if path != "authz_post": args = session["flow"]["flow"][session["index"] - 1]["args"] if args["response_type"] != ["code"]: return opresult_fragment(environ, start_response) # Got a real Authn response ctype = "urlencoded" if path == "authz_post": query = parse_qs(get_post(environ)) info = query["fragment"][0] else: info = environ["QUERY_STRING"] LOGGER.info("Response: %s" % info) try: _cli = session["client"] response = _cli.parse_response(AuthorizationResponse, info, ctype, session["state"], keyjar=_cli.keyjar) except ResponseError as err: LOGGER.error("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) except Exception as err: _spec = session["flow"]["flow"][session["index"] - 1] try: assert isinstance(err, _spec["error"]) except KeyError: raise else: pass try: resp = run_flow(_cli, session["index"], session, session["test_id"]) except Exception as err: LOGGER.error("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) else: if resp: return resp(environ, start_response) else: return flow_list(environ, start_response, FLOWS.FLOWS, session["done"]) else: LOGGER.debug("unknown side: %s" % path) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
start_response, trace, index) except Exception, err: return err_response(environ, start_response, session, "run_sequence", err) elif path in ["authz_cb", "authz_post"]: if path != "authz_post": if session["response_type"] and not \ session["response_type"] == ["code"]: return opresult_fragment(environ, start_response) try: sequence_info = session["seq_info"] index = session["index"] ots = session["ots"] conv = session["conv"] except KeyError as err: resp = ServiceError(str(err)) return resp(environ, start_response) req_c, resp_c = sequence_info["sequence"][index] if resp_c: # None in cases where no OIDC response is expected _ctype = resp_c.ctype # parse the response if path == "authz_post": query = parse_qs(get_post(environ)) info = query["fragment"][0] _ctype = "urlencoded" elif resp_c.where == "url": info = environ["QUERY_STRING"] _ctype = "urlencoded" else: # resp_c.where == "body"
def application(environ, start_response): session = Session(environ['beaker.session']) path = environ.get('PATH_INFO', '').lstrip('/') if path == "robots.txt": return static(environ, start_response, LOGGER, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, LOGGER, path) query = parse_qs(environ["QUERY_STRING"]) if path == "logout": try: logoutUrl = session.getClient().endsession_endpoint logoutUrl += "?" + urllib.urlencode( {"post_logout_redirect_uri": SERVER_ENV["base_url"]}) try: logoutUrl += "&" + urllib.urlencode({ "id_token_hint": id_token_as_signed_jwt( session.getClient(), "HS256")}) except: pass session.clearSession() resp = Redirect(str(logoutUrl)) return resp(environ, start_response) except: pass if session.getCallback(): _uri = "%s%s" % (conf.BASE, path) for _cli in SERVER_ENV["OIC_CLIENT"].values(): if _uri in _cli.redirect_uris: session.setCallback(False) func = getattr(RP, "callback") return func(environ, SERVER_ENV, start_response, query, session) if path == "rpAcr": return choose_acr_value(environ, start_response, session) if path == "rpAuth": # Only called if multiple arc_values (that is authentications) exists. if "acr" in query and query["acr"][0] in session.get_acr_values(): func = getattr(RP, "create_authnrequest") return func(environ, SERVER_ENV, start_response, session, query["acr"][0]) if session.getClient() is not None: session.setCallback(True) func = getattr(RP, "begin") return func(environ, SERVER_ENV, start_response, session, "") if path == "rp": if "uid" in query: try: link = RP.find_srv_discovery_url(resource=query["uid"][0]) except requests.ConnectionError: resp = ServiceError("Webfinger lookup failed, connection error") return resp(environ, start_response) RP.srv_discovery_url = link md5 = hashlib.md5() md5.update(link) opkey = base64.b16encode(md5.digest()) session.setCallback(True) func = getattr(RP, "begin") return func(environ, SERVER_ENV, start_response, session, opkey) return opbyuid(environ, start_response)
def application(environ, start_response): session = Session(environ['beaker.session']) path = environ.get('PATH_INFO', '').lstrip('/') if path == "robots.txt": return static(environ, start_response, LOGGER, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, LOGGER, path) query = parse_qs(environ["QUERY_STRING"]) if path == "logout": try: logoutUrl = session['client'].end_session_endpoint plru = "{}post_logout".format(SERVER_ENV["base_url"]) logoutUrl += "?" + urlencode({"post_logout_redirect_uri": plru}) try: logoutUrl += "&" + urlencode({ "id_token_hint": id_token_as_signed_jwt(session['client'], "HS256") }) except AttributeError as err: pass session.clear() resp = SeeOther(str(logoutUrl)) return resp(environ, start_response) except Exception as err: LOGGER.exception("Failed to handle logout") if path == "post_logout": return post_logout(environ, start_response) if session['callback']: _uri = "%s%s" % (conf.BASE, path) for _cli in SERVER_ENV["OIC_CLIENT"].values(): if _uri in _cli.redirect_uris: session['callback'] = False func = getattr(RP, "callback") return func(environ, SERVER_ENV, start_response, query, session) if path == "rpAcr": return choose_acr_value(environ, start_response, session) if path == "rpAuth": # Only called if multiple arc_values (that is authentications) exists. if "acr" in query and query["acr"][0] in session['acr_values']: func = getattr(RP, "create_authnrequest") return func(environ, SERVER_ENV, start_response, session, query["acr"][0]) if session["client"] is not None: session['callback'] = True func = getattr(RP, "begin") return func(environ, SERVER_ENV, start_response, session, "") if path == "rp": if "uid" in query: try: link = RP.find_srv_discovery_url(resource=query["uid"][0]) except requests.ConnectionError: resp = ServiceError( "Webfinger lookup failed, connection error") return resp(environ, start_response) RP.srv_discovery_url = link h = hashlib.sha256() h.update(link.encode("utf-8")) opkey = base64.b16encode(h.digest()).decode("utf-8") session['callback'] = True func = getattr(RP, "begin") return func(environ, SERVER_ENV, start_response, session, opkey) return opbyuid(environ, start_response)
def application(environ, start_response): """ :param environ: The HTTP application environment :param start_response: The application to run when the handling of the request is done :return: The response as a list of lines """ global OAS session = environ['beaker.session'] path = environ.get('PATH_INFO', '').lstrip('/') response_encoder = ResponseEncoder(environ=environ, start_response=start_response) parameters = parse_qs(environ["QUERY_STRING"]) if path == "robots.txt": return static(environ, start_response, "static/robots.txt") if path.startswith("static/"): return static(environ, start_response, path) elif path.startswith("log"): return display_log(environ, start_response) elif path.startswith("_static/"): return static(environ, start_response, path) trace = Trace() if path == "test_list": return rp_test_list(environ, start_response) elif path == "": return registration(environ, start_response) elif path == "generate_client_credentials": client_id, client_secret = generate_static_client_credentials(parameters) return response_encoder.return_json( json.dumps({"client_id": client_id, "client_secret": client_secret})) elif path == "claim": _oas = session["op"] authz = environ["HTTP_AUTHORIZATION"] try: assert authz.startswith("Bearer") except AssertionError: resp = BadRequest() else: tok = authz[7:] try: _claims = _oas.claim_access_token[tok] except KeyError: resp = BadRequest() else: del _oas.claim_access_token[tok] resp = Response(json.dumps(_claims), content='application/json') return resp(environ, start_response) mode, endpoint = extract_mode(path) if endpoint == ".well-known/webfinger": _p = urlparse(parameters["resource"][0]) if _p.scheme in ["http", "https"]: mode = {"test_id": _p.path[1:]} elif _p.scheme == "acct": _l, _ = _p.path.split('@') mode = {"test_id": _l} else: resp = ServiceError("Unknown scheme: {}".format(_p.scheme)) return resp(environ, start_response) if mode: session["test_id"] = mode["test_id"] if "op" not in session: session["op"] = setup_op(mode, COM_ARGS, OP_ARG) session["mode_path"] = mode2path(mode) else: # may be a new mode _path = mode2path(mode) if session["mode_path"] != _path: session["op"] = setup_op(mode, COM_ARGS, OP_ARG) session["mode_path"] = _path for regex, callback in URLS: match = re.search(regex, endpoint) if match is not None: trace.request("PATH: %s" % endpoint) trace.request("METHOD: %s" % environ["REQUEST_METHOD"]) try: trace.request( "HTTP_AUTHORIZATION: %s" % environ["HTTP_AUTHORIZATION"]) except KeyError: pass try: environ['oic.url_args'] = match.groups()[0] except IndexError: environ['oic.url_args'] = endpoint LOGGER.info("callback: %s" % callback) try: return callback(environ, start_response, session, trace) except Exception as err: print >> sys.stderr, "%s" % err message = traceback.format_exception(*sys.exc_info()) print >> sys.stderr, message LOGGER.exception("%s" % err) resp = ServiceError("%s" % err) return resp(environ, start_response) LOGGER.debug("unknown side: %s" % endpoint) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def application(self, environ, start_response): session = environ['beaker.session'] jlog = JLog(logger, session.id) path = environ.get('PATH_INFO', '').lstrip('/') jlog.info({"remote_addr": environ["REMOTE_ADDR"], "path": path}) # self.events.store(EV_REQUEST, path) try: sh = session['session_info'] except KeyError: sh = SessionHandler(**self.kwargs) #sh.session_init() session['session_info'] = sh info = WebIh(session=sh, **self.kwargs) info.environ = environ info.start_response = start_response tester = WebTester(info, sh, **self.kwargs) if 'path' in self.kwargs and path.startswith(self.kwargs['path']): _path = path[len(kwargs['path']) + 1:] else: _path = path if _path == "robots.txt": return static_mime("static/robots.txt", environ, start_response) elif _path.startswith("static/"): return static_mime(_path, environ, start_response) if _path == "list": try: qs = parse_qs(get_or_post(environ)) except Exception as err: jlog.error({'message': err}) qs = {} else: if qs: sh['test_conf'] = dict([(k, v[0]) for k, v in qs.items()]) # self.session_conf[sh['sid']] = sh else: return self.init_session(tester, sh) logger.info('test_conf: {}'.format(sh['test_conf'])) if 'start_page' not in sh['test_conf']: resp = BadRequest('You MUST provide a start_page') return resp(environ, start_response) info.profile = tester.sh.profile = qs['response_type'][0] sh.session_init() if 'test_id' in qs: (res, _path) = self.run_test(tester, qs['test_id'][0], sh['sid'], environ, start_response) if res: return res else: res = tester.display_test_list() return res elif _path == '' or _path == 'config': return self.init_session(tester, sh) elif _path in self.kwargs['flows'].keys(): # Run flow # Will use the same test configuration try: _ = tester.sh['test_conf'] except KeyError: return self.init_session(tester, sh) try: _sid = tester.sh['sid'] except KeyError: _sid = self.store_session_handler(sh) # First time around this should not be set try: _ = self.session_conf[_sid]['flow'] except KeyError: pass else: return self.init_session(tester, sh, _path) (res, _path) = self.run_test(tester, _path, _sid, environ, start_response) if res: return res elif _path == 'display': return info.flow_list() elif _path == "opresult": try: _display_path = '/{}/display'.format(self.kwargs['path']) except KeyError: _display_path = '/display' resp = SeeOther("{}#{}".format(_display_path, self.pick_grp(sh['conv'].test_id))) return resp(environ, start_response) elif _path.startswith("test_info"): p = _path.split("/") try: return info.test_info(p[1]) except KeyError: return info.not_found() elif _path == 'all': for test_id in sh['flow_names']: resp = tester.run(test_id, **self.kwargs) if resp is True or resp is False: continue elif resp: return resp(environ, start_response) else: resp = ServiceError('Unkown service error') return resp(environ, start_response) return tester.display_test_list() # Whatever gets here should be of the form <session_id>/<path> try: sid, _path = _path.split('/', 1) except ValueError: pass else: if _path.startswith("static/"): return static_mime(_path, environ, start_response) try: _sh = self.session_conf[sid] except KeyError: resp = ServiceError("Unknown session") return resp(environ, start_response) tester.sh = _sh if 'HTTP_AUTHORIZATION' in environ: _sh['conv'].events.store('HTTP_AUTHORIZATION', environ['HTTP_AUTHORIZATION']) _p = _path.split('?') _sh['conv'].events.store( 'http request', '{} /{}'.format(environ['REQUEST_METHOD'], _path)) if _p[0] in _sh['conv'].entity.endpoints(): resp = self.handle(environ, tester, sid, *_p) self.session_conf[sid] = tester.sh # The only redirect should be the one to the redirect_uri if isinstance(resp, SeeOther): if self.internal: # res = self.see_other_to_get(resp, sh) # res is probably a redirect # send the user back to the test list page return info.flow_list() else: return resp(environ, start_response) elif isinstance(resp, Response): return resp(environ, start_response) else: return resp for endpoint, service in self.endpoints.items(): if _path == endpoint: jlog.info({"service": service}) try: resp = self.handle(environ, tester, sid, service) return resp(environ, start_response) except Exception as err: print("%s" % err) message = traceback.format_exception(*sys.exc_info()) print(message) jlog.exception(err) resp = ServiceError("%s" % err) return resp(environ) jlog.debug({"unknown side": path}) resp = NotFound("Couldn't find the side you asked for!") return resp(environ, start_response)
def application(self, environ, start_response): logger.info("Connection from: %s" % environ["REMOTE_ADDR"]) path = environ.get('PATH_INFO', '').lstrip('/') logger.info("path: %s" % path) _io = IO(rest=self.rest, environ=environ, start_response=start_response, lookup=self.lookup) if path == "robots.txt": return _io.static("static/robots.txt") elif path == "favicon.ico": return _io.static("static/favicon.ico") elif path.startswith("static/"): return _io.static(path) elif path.startswith("export/"): return _io.static(path) if path == '': return _io.get_iss() elif path.startswith('form/'): return self.form_handling(path, _io) elif path == 'create': loc = self.basic_entity_configuration(_io) resp = SeeOther(loc) return resp(_io.environ, _io.start_response) elif path.startswith('run/'): _iss, _tag = get_iss_and_tag(path) if _iss == '' or _tag == '': resp = BadRequest('Path must be of the form /run/<iss>/<tag>') return resp(environ, start_response) _qiss = quote_plus(_iss) _qtag = quote_plus(_tag) _info = parse_qs(get_post(environ)) ent_conf = expand_dict(_info) self.rest.write(_qiss, _qtag, ent_conf) resp = self.run_test_instance(_qiss, _qtag) if not isinstance(resp, Response): resp = SeeOther(resp) return resp(_io.environ, _io.start_response) elif path.startswith('model/'): p = path.split('/') prof = p[1] if verify_profile(prof): info = create_model(prof) if info: res = Response(json.dumps(info), content='applicaton/json') else: res = ServiceError() else: res = BadRequest('Syntax error in profile specification') return res(environ, start_response) else: # check if this a REST request _iss, _tag = get_iss_and_tag(path) _qiss = quote_plus(_iss) _qtag = quote_plus(_tag) _path = '/{}/{}'.format(_qiss, _qtag) _met = environ.get('REQUEST_METHOD') if _met == 'GET': resp = self.rest.read(_qiss, _qtag, _path) elif _met == 'POST': resp = self.rest.replace(_qiss, _qtag, get_post(environ), _path) elif _met == 'PUT': resp = self.rest.store(_qiss, _qtag, get_post(environ)) elif _met == 'DELETE': resp = self.rest.delete(_qiss, _qtag) else: resp = BadRequest('Unsupported request method') return resp(environ, start_response)
_trace = session["trace"] = Trace() _cli = None if not request: # Do response first if client: _cli = client else: _cli = SERVER_ENV["OIC_CLIENT"][session["opkey"]] try: _phase, _flow, resp = do_response(_phase, _cli, _trace, session, flow, environ) except FatalError: return display_result(_trace) except Exception: message = traceback.format_exception(*sys.exc_info()) resp = ServiceError("%s" % message) if resp: return resp(environ, start_response) if _phase is None: # end of a flow resp = display_result(_trace) return resp(environ, start_response) # The request in a phase if _cli: client = _cli if link: kwargs = {"endpoint": link} else: kwargs = {}