def web_auth(self): """ Authentication endpoint, used: GET /auth/<IdP>?<options> -- submit authentication flow, retrieve session with status and describe * IdP - Identity provider name for authentication * options: * email - email to get authentcation URL(optional) GET /auth/<session> -- will redirect to authentication endpoint GET /auth/<session>/status -- retrieve session with status and describe * session - session number GET /auth/redirect?<options> -- redirect endpoint to catch authentication responce * options - responce options :return: json """ optns = self.overpath.strip('/').split('/') if not optns or len(optns) > 2: raise WErr(404, "Wrone way") result = Resources.getInfoAboutProviders(of='Id') if not result['OK']: raise WErr(500, result['Message']) idPs = result['Value'] idP = re.match("(%s)?" % '|'.join(idPs), optns[0]).group() session = re.match("([A-z0-9]+)?", optns[0]).group() if idP: # Create new authenticate session session = self.get_cookie(idP) self.log.info('Initialize "%s" authorization flow' % idP, 'with %s session' % session if session else '') result = yield self.threadTask(gSessionManager.submitAuthorizeFlow, idP, session) if not result['OK']: raise WErr(500, result['Message']) if result['Value']['Status'] == 'ready': self.set_cookie("TypeAuth", idP) elif result['Value']['Status'] == 'needToAuth': if self.args.get('email'): notify = yield self.threadTask( NotificationClient().sendMail, self.args['email'], 'Authentication throught %s' % idP, 'Please, go throught the link %s to authorize.' % result['Value']['URL']) if not notify['OK']: result['Value']['Comment'] = '%s\n%s' % ( result['Value'].get('Comment') or '', notify['Message']) self.log.notice( '%s authorization session "%s" provider was created' % (result['Value']['Session'], idP)) else: raise WErr( 500, 'Not correct status "%s" of %s' % (result['Value']['Status'], idP)) self.finishJEncode(result['Value']) elif optns[0] == 'redirect': # Redirect endpoint for response self.log.info('REDIRECT RESPONSE:\n', self.request) if self.args.get('error'): raise WErr( 500, '%s session crashed with error:\n%s\n%s' % (self.args.get('state') or '', self.args['error'], self.args.get('error_description') or '')) if 'state' not in self.args: raise WErr(404, '"state" argument not set.') if not self.args.get('state'): raise WErr(404, '"state" argument is empty.') self.log.info( self.args['state'], 'session, parsing authorization response %s' % self.args) result = yield self.threadTask(gSessionManager.parseAuthResponse, self.args, self.args['state']) if not result['OK']: raise WErr(500, result['Message']) comment = result['Value']['Comment'] status = result['Value']['Status'] t = Template('''<!DOCTYPE html> <html><head><title>Authetication</title> <meta charset="utf-8" /></head><body> %s <br> <script type="text/javascript"> if ("%s" == "redirect") { window.open("%s","_self") } else { window.close() } </script> </body> </html>''' % (comment, status, comment)) self.log.info('>>>REDIRECT:\n', comment) self.finish(t.generate()) elif session: if optns[-1] == session: # Redirect to authentication endpoint self.log.info(session, 'authorization session flow.') result = yield self.threadTask( gSessionManager.getLinkBySession, session) if not result['OK']: raise WErr(500, '%s session not exist or expired!' % session) self.log.notice('Redirect to', result['Value']) self.redirect(result['Value']) elif optns[-1] == 'status': # Get session authentication status self.log.info(session, 'session, get status of authorization.') result = yield self.threadTask( gSessionManager.getSessionStatus, session) if not result['OK']: raise WErr(500, result['Message']) self.set_cookie("TypeAuth", result['Value']['Provider']) self.set_cookie(result['Value']['Provider'], session) self.finishJEncode(result['Value']) else: raise WErr(404, "Wrone way") else: raise WErr(404, "Wrone way")