def setup(config): """Setup SAML2 auth - to be called when the app starts.""" # Ensure python-lasso is available. if not lasso_loaded: raise Exception( 'SAML2 enabled in settings but python-lasso could not be loaded.\n' 'Download Lasso from <http://lasso.entrouvert.org/>.' ) # Register the authentication policy. config.set_authentication_policy(AuthTktAuthenticationPolicy( config.get_settings()['saml2.auth_secret'], hashalg='sha512', callback=get_user_principals, )) # Add routes for SAML2 views. config.add_route('saml2_login', '/login') config.add_route('saml2_login_metadata', '/login_metadata') config.add_route('saml2_login_success', '/login_success') config.add_route('saml2_logout', '/logout') # Register SAML2 views. Avoid using the "view_config" decorator as we don't # want the views to be added when SAML2 is disabled. def add_view(view, **kwargs): config.add_view( view, permission=NO_PERMISSION_REQUIRED, http_cache=0, **kwargs ) add_view(login_view, route_name='saml2_login', renderer='json') add_view(login_metadata_view, route_name='saml2_login_metadata', renderer='string') add_view(login_success_view, route_name='saml2_login_success') add_view(logout_view, route_name='saml2_logout', renderer='json') # The default 403 (forbidden) view produces HTML; change it to a JSON one. forbidden_view_config(renderer='json')(forbidden_view)
def setup(config): """Setup SAML2 auth - to be called when the app starts.""" # Ensure python-lasso is available. if not lasso_loaded: raise Exception( 'SAML2 enabled in settings but python-lasso could not be loaded.\n' 'Download Lasso from <http://lasso.entrouvert.org/>.') # Register the authentication policy. config.set_authentication_policy( AuthTktAuthenticationPolicy( config.get_settings()['saml2.auth_secret'], hashalg='sha512', callback=get_user_principals, )) # Add routes for SAML2 views. config.add_route('saml2_login', '/login') config.add_route('saml2_login_metadata', '/login_metadata') config.add_route('saml2_login_success', '/login_success') config.add_route('saml2_logout', '/logout') # Register SAML2 views. Avoid using the "view_config" decorator as we don't # want the views to be added when SAML2 is disabled. def add_view(view, **kwargs): config.add_view(view, permission=NO_PERMISSION_REQUIRED, http_cache=0, **kwargs) add_view(login_view, route_name='saml2_login', renderer='json') add_view(login_metadata_view, route_name='saml2_login_metadata', renderer='string') add_view(login_success_view, route_name='saml2_login_success') add_view(logout_view, route_name='saml2_logout', renderer='json') # The default 403 (forbidden) view produces HTML; change it to a JSON one. forbidden_view_config(renderer='json')(forbidden_view)
def groupfinder(userid, request): if request.matched_route != None and not '__static' in request.matched_route.name: user = request.user if user and user.username != None: user.get_user_groupnames() privileges = ['g:%s' % g for g in user.groups_by_name] privileges += ['u:'+user.username] return privileges else: return [] else: return [] forbidden_view_config() def forbidden(request): browser_error = checkBrowser(request) device_error = checkDevice(request) path = request.path from pyramid.response import Response return render_to_response('forbidden.mak', {'path':path,'login':'', 'browser_error':browser_error, 'device_error':device_error}, request=request) notfound_view_config() def notfound(request): browser_error = checkBrowser(request) device_error = checkDevice(request) path = request.path from pyramid.response import Response return render_to_response('notfound.mak', {'path':path,'login':'', 'browser_error':browser_error, 'device_error':device_error}, request=request)
def _makeOne(self, **kw): from pyramid.view import forbidden_view_config return forbidden_view_config(**kw)