def __init__(self, context): self.context = context childContext = Context(context) childContext.addService(Logger("SecurityDBApi")) self.securityApi = SecurityDBApi(childContext) self.securityTokenFactory = SecurityTokenFactory( childContext, CherryPySecurityTokenImpl) self.siteDBApi = self.securityApi.api context.addService(self.securityApi) context.addService(self.siteDBApi) context.addService(self.securityTokenFactory) RedirectorToLogin.context = staticmethod(lambda: self.context) RedirectToLocalPage.context = staticmethod(lambda: self.context) RedirectAway.context = staticmethod(lambda: self.context)
from Framework.Context import Context from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi import codecs if __name__ == "__main__": parser = OptionParser () parser.add_option ("-f", "--file", help="input HN shadow passwd", default="passwd", dest="source") parser.add_option ("-d", "--db", help="target SiteDB database", default="sitedb_test.db", dest="db") options, args = parser.parse_args () context = Context () context.addService (Logger ("importHNShadow")) api = SecurityDBApi (context) context.Logger().message ("HN file is " + options.source ) shadowFile = codecs.open (options.source, "r", "ascii", "replace") for line in shadowFile: contact = line.split(":") if " " in contact[4]: forename, surname = contact[4].split (" ", 1) else: forename, surname = (contact[4], contact[4]) api.importHNAccount (username=contact[0].encode ("ascii", "replace"), passwd=contact[1], forename=forename.encode ("ascii", "replace"), email=contact[7].strip(), surname=surname.encode ("ascii", "replace"))
def __init__ (self, context): self.context = context Controller.__init__ (self, context, __file__) self.security_api = SecurityDBApi (context) self.context.addService (self.security_api) self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER"))
class SecurityModule (Controller): def __init__ (self, context): self.context = context Controller.__init__ (self, context, __file__) self.security_api = SecurityDBApi (context) self.context.addService (self.security_api) self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER")) def readyToRun (self): pass @templatepage def login (self, requestedPage="../Studio/login", **args):#FIXME: Get the real requested page # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in args.keys(): requestedPage+="&%s=%s"%(key,args[key]) # raise cherrypy.HTTPRedirect ("/base/SecurityModule/loginReal?requestedPage=%s" % requestedPage) # raise cherrypy.HTTPRedirect (self.context.CmdLineArgs ().opts.baseUrl + "/SecurityModule/loginReal?requestedPage=%s" % requestedPage) return {'requestedPage': requestedPage} @expose def loginReal (self, requestedPage, **args):#FIXME: Get the real requested page # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in args.keys(): requestedPage+="&%s=%s"%(key,args[key]) return self.templatePage ("login", {'requestedPage': requestedPage}) @templatepage @require_args ("user", "password", "requestedPage", onFail=RedirectorToLogin) def authenticate (self, user, password, requestedPage="../Studio/login"): #FIXME: Get the real requested page #TODO: adapt to the new schema. self.context.Logger().message("Trying to authenticate %s" % user) passwdEntry = self.security_api.getPasswordFromUsername (user) if not passwdEntry.has_key (0): return {'redirect': requestedPage} encryptedPassword = passwdEntry[0]['passwd'] #if request.headers['Ssl-Client-S-Dn'] != '(null)': #context.Logger().message("Authenticated by certificate") #context.Logger().message(request.headers['Ssl-Client-S-Dn']) #user = self.security_api.getUsernameFromDN(request.headers['Ssl-Client-S-Dn'])[0]['username'] if encryptedPassword == crypt.crypt (password, encryptedPassword): self.context.Logger().message("Valid password for user %s" % user) cherrypy.response.cookie['dn'] = encryptCookie (user, self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return {'redirect': requestedPage} return {'redirect': requestedPage} @templatepage def logout (self, redirect="../SecurityModule/login", *args, **kw): # VK: requested page is truncated at first &, all parameters passed via args, put them back for key in kw.keys(): redirect+="&%s=%s"%(key,kw[key]) cherrypy.response.cookie['dn'] = encryptCookie ("guest", self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return {'redirect': redirect} @exposeSerialized (serializer = PythonDictSerializer ('user')) def userInfo (self, *args, **kw): #TODO: add a query to get the DN from the id. token = SecurityToken () return {"dn": token.dn} @expose @is_authorized (Role ("Global Admin"), Group ("global"), onFail=RedirectorToLogin ("../SecurityModule/login")) def becomeUser (self, username, requestedPage, **args): cherrypy.response.cookie['dn'] = encryptCookie (username, self.security_api) cherrypy.response.cookie['dn']['path'] = '/' cherrypy.response.cookie['dn']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ()) cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api) cherrypy.response.cookie['authentication_time']["path"] = '/' cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24 cherrypy.response.cookie['dn']['version'] = 1 cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api) cherrypy.response.cookie['originator_hash']['path'] = '/' cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24 cherrypy.response.cookie['originator_hash']['version'] = 1 return self.templatePage ("authenticate", {'redirect': requestedPage}) @expose @is_authenticated (onFail=NotAuthenticated) def checkIfAuthenticated (self): return "This page can be seen only if you are authenticated." @expose @is_authorized (Role ("Global Admin"), Group ("global"), onFail=NotAuthenticated) def checkIfAuthorized (self): return "This page can be seen only if you are authorized." @expose def getMasthead(self): pass
import codecs if __name__ == "__main__": parser = OptionParser() parser.add_option("-f", "--file", help="input HN shadow passwd", default="passwd", dest="source") parser.add_option("-d", "--db", help="target SiteDB database", default="sitedb_test.db", dest="db") options, args = parser.parse_args() context = Context() context.addService(Logger("importHNShadow")) api = SecurityDBApi(context) context.Logger().message("HN file is " + options.source) shadowFile = codecs.open(options.source, "r", "ascii", "replace") for line in shadowFile: contact = line.split(":") if " " in contact[4]: forename, surname = contact[4].split(" ", 1) else: forename, surname = (contact[4], contact[4]) api.importHNAccount(username=contact[0].encode("ascii", "replace"), passwd=contact[1], forename=forename.encode("ascii", "replace"), email=contact[7].strip(), surname=surname.encode("ascii", "replace"))
from Framework import Context from Framework.Logger import Logger from Crypto.Cipher import Blowfish from base64 import b64encode, b64decode import crypt import time, calendar, datetime from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi print "**** Security Module tests ****" context = Context() context.addService(Logger("securitymoduletest")) api = SecurityDBApi(context) context.Logger().message("Test roles:") context.Logger().message( " swakef as prod operator: %s" % api.hasGroupResponsibility("swakef", "production", "Production Operator")) context.Logger().message( " metson as RAL DM: %s" % api.hasSiteResponsibility("metson", "RAL", "Data Manager")) context.Logger().message( " metson as site 1 Site Admin: %s" % api.hasSiteResponsibility("metson", "1", "Site Admin")) context.Logger().message("hasGroup:") context.Logger().message(" swakef as member of production group: %s" % api.hasGroup("swakef", "production")) context.Logger().message(" metson as member of production group: %s" %
from Framework import Context from Framework.Logger import Logger from Crypto.Cipher import Blowfish from base64 import b64encode, b64decode import crypt import time, calendar, datetime from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi print "**** Security Module tests ****" context = Context () context.addService (Logger ("securitymoduletest")) api = SecurityDBApi (context) context.Logger().message("Test roles:") context.Logger().message(" swakef as prod operator: %s" % api.hasGroupResponsibility ("swakef", "production", "Production Operator")) context.Logger().message(" metson as RAL DM: %s" % api.hasSiteResponsibility ("metson", "RAL", "Data Manager")) context.Logger().message(" metson as site 1 Site Admin: %s" % api.hasSiteResponsibility ("metson", "1", "Site Admin")) context.Logger().message("hasGroup:") context.Logger().message(" swakef as member of production group: %s" % api.hasGroup ("swakef", "production")) context.Logger().message(" metson as member of production group: %s" % api.hasGroup ("metson", "production")) context.Logger().message(" metson as member of global group: %s" % api.hasGroup ("metson", "global")) context.Logger().message("hasSite:") context.Logger().message(" swakef as associated to RAL: %s" % api.hasSite ("swakef", "RAL")) context.Logger().message(" metson as associated to RAL: %s" % api.hasSite("metson", "RAL")) context.Logger().message(" metson as associated to site 1: %s" % api.hasSite("metson", "1")) context.Logger().message("hasResponsibility:")