Exemple #1
0
    def web_auth(self):
        """ Authentication endpoint, used:
          GET /auth/<IdP>?<options> -- submit authentication flow, retrieve session with status and describe
            * IdP - Identity provider name for authentication
            * options:
              * email - email to get authentcation URL(optional)

          GET /auth/<session> -- will redirect to authentication endpoint
          GET /auth/<session>/status -- retrieve session with status and describe
            * session - session number

          GET /auth/redirect?<options> -- redirect endpoint to catch authentication responce
            * options - responce options

        :return: json
    """
        optns = self.overpath.strip('/').split('/')
        if not optns or len(optns) > 2:
            raise WErr(404, "Wrone way")
        result = Resources.getInfoAboutProviders(of='Id')
        if not result['OK']:
            raise WErr(500, result['Message'])
        idPs = result['Value']
        idP = re.match("(%s)?" % '|'.join(idPs), optns[0]).group()
        session = re.match("([A-z0-9]+)?", optns[0]).group()

        if idP:
            # Create new authenticate session
            session = self.get_cookie(idP)
            self.log.info('Initialize "%s" authorization flow' % idP,
                          'with %s session' % session if session else '')
            result = yield self.threadTask(gSessionManager.submitAuthorizeFlow,
                                           idP, session)
            if not result['OK']:
                raise WErr(500, result['Message'])
            if result['Value']['Status'] == 'ready':
                self.set_cookie("TypeAuth", idP)
            elif result['Value']['Status'] == 'needToAuth':
                if self.args.get('email'):
                    notify = yield self.threadTask(
                        NotificationClient().sendMail, self.args['email'],
                        'Authentication throught %s' % idP,
                        'Please, go throught the link %s to authorize.' %
                        result['Value']['URL'])
                    if not notify['OK']:
                        result['Value']['Comment'] = '%s\n%s' % (
                            result['Value'].get('Comment')
                            or '', notify['Message'])
                self.log.notice(
                    '%s authorization session "%s" provider was created' %
                    (result['Value']['Session'], idP))
            else:
                raise WErr(
                    500, 'Not correct status "%s" of %s' %
                    (result['Value']['Status'], idP))
            self.finishJEncode(result['Value'])

        elif optns[0] == 'redirect':
            # Redirect endpoint for response
            self.log.info('REDIRECT RESPONSE:\n', self.request)
            if self.args.get('error'):
                raise WErr(
                    500, '%s session crashed with error:\n%s\n%s' %
                    (self.args.get('state') or '', self.args['error'],
                     self.args.get('error_description') or ''))
            if 'state' not in self.args:
                raise WErr(404, '"state" argument not set.')
            if not self.args.get('state'):
                raise WErr(404, '"state" argument is empty.')
            self.log.info(
                self.args['state'],
                'session, parsing authorization response %s' % self.args)
            result = yield self.threadTask(gSessionManager.parseAuthResponse,
                                           self.args, self.args['state'])
            if not result['OK']:
                raise WErr(500, result['Message'])
            comment = result['Value']['Comment']
            status = result['Value']['Status']
            t = Template('''<!DOCTYPE html>
        <html><head><title>Authetication</title>
          <meta charset="utf-8" /></head><body>
            %s <br>
            <script type="text/javascript"> 
              if ("%s" == "redirect") { window.open("%s","_self") }
              else { window.close() }
            </script>
          </body>
        </html>''' % (comment, status, comment))
            self.log.info('>>>REDIRECT:\n', comment)
            self.finish(t.generate())

        elif session:
            if optns[-1] == session:
                # Redirect to authentication endpoint
                self.log.info(session, 'authorization session flow.')
                result = yield self.threadTask(
                    gSessionManager.getLinkBySession, session)
                if not result['OK']:
                    raise WErr(500,
                               '%s session not exist or expired!' % session)
                self.log.notice('Redirect to', result['Value'])
                self.redirect(result['Value'])

            elif optns[-1] == 'status':
                # Get session authentication status
                self.log.info(session, 'session, get status of authorization.')
                result = yield self.threadTask(
                    gSessionManager.getSessionStatus, session)
                if not result['OK']:
                    raise WErr(500, result['Message'])
                self.set_cookie("TypeAuth", result['Value']['Provider'])
                self.set_cookie(result['Value']['Provider'], session)
                self.finishJEncode(result['Value'])

            else:
                raise WErr(404, "Wrone way")

        else:
            raise WErr(404, "Wrone way")