Esempio n. 1
0
 def __init__(self,
              secret_filename='/tmp/seeit-services/secret.txt',
              config_file='mapper.ini',
              **vars):
     self._secret_filename = secret_filename
     self.static_app = ServeStatic(__name__, 'static-auth', '/static-auth')
     self.config_file = os.path.join(
         os.path.dirname(os.path.abspath(__file__)), config_file)
     self.mapper = Mapper(vars=vars)
     self.mapper.add_configs(self.config_file)
Esempio n. 2
0
 def __init__(self, secret_filename='/tmp/seeit-services/secret.txt',
              config_file='mapper.ini', **vars):
     self._secret_filename = secret_filename
     self.static_app = ServeStatic(__name__, 'static-auth', '/static-auth')
     self.config_file = os.path.join(os.path.dirname(os.path.abspath(__file__)),
                                     config_file)
     self.mapper = Mapper(vars=vars)
     self.mapper.add_configs(self.config_file)
Esempio n. 3
0
class DispatcherApp(object):

    def __init__(self, secret_filename='/tmp/seeit-services/secret.txt',
                 config_file='mapper.ini', **vars):
        self._secret_filename = secret_filename
        self.static_app = ServeStatic(__name__, 'static-auth', '/static-auth')
        self.config_file = os.path.join(os.path.dirname(os.path.abspath(__file__)),
                                        config_file)
        self.mapper = Mapper(vars=vars)
        self.mapper.add_configs(self.config_file)

    @wsgify
    def __call__(self, req):
        ## Another hack for Petri (https://bugzilla.mozilla.org/show_bug.cgi?id=807796)
        file_wrapper = None
        if 'wsgi.file_wrapper' in req.environ:
            file_wrapper = req.environ.pop('wsgi.file_wrapper')
        if not file_wrapper:
            return self.respond
        else:
            resp = req.send(self.respond)
            req.environ['wsgi.file_wrapper'] = file_wrapper
            return resp

    @wsgify
    def respond(self, req):
        ## Hack for Petri
        if req.headers.get('X-SSL', '').lower() == 'on':
            req.scheme = 'https'
        self.set_auth(req)
        req.root = (req.application_url, self)
        if req.path_info == '/auth':
            return self.auth(req)
        if req.path_info == '/setup':
            return self.setup(req)
        if self.static_app.matches(req):
            return self.static_app
        return self.mapper

    ############################################################
    ## Auth stuff

    def set_auth(self, req):
        req.add_sub(
            'auth',
            '</body>',
            ('<script src="https://browserid.org/include.js"></script>'
             '<script src="%s/static-auth/auth.js"></script>'
             '<script>Auth.authUrl=%r</script>') % (
                req.application_url,
                req.application_url + '/auth'),
            replace=False)
        auth = req.GET.get('auth')
        if not auth:
            return
        if '.' in auth:
            sig, auth = auth.split('.', 1)
            if self.signature(auth) == sig:
                req.auth = json.loads(auth)

    @property
    def secret(self):
        secret = read_file(self._secret_filename)
        if not secret:
            secret = make_random(10)
            write_file(self._secret_filename, secret)
        return secret

    def signature(self, text):
        return sign(self.secret, text)

    @wsgify
    def auth(self, req):
        try:
            assertion = req.params['assertion']
            audience = req.params['audience']
        except KeyError, e:
            return exc.HTTPBadRequest('Missing key: %s' % e)
        r = urllib.urlopen(
            "https://browserid.org/verify",
            urllib.urlencode(
                dict(assertion=assertion, audience=audience)))
        r = json.loads(r.read())
        if r['status'] == 'okay':
            r['audience'] = audience
            static = json.dumps(r)
            static = self.signature(static) + '.' + static
            r['auth'] = {'query': {'auth': static}}
        return Response(json=r)
Esempio n. 4
0
class DispatcherApp(object):
    def __init__(self,
                 secret_filename='/tmp/seeit-services/secret.txt',
                 config_file='mapper.ini',
                 **vars):
        self._secret_filename = secret_filename
        self.static_app = ServeStatic(__name__, 'static-auth', '/static-auth')
        self.config_file = os.path.join(
            os.path.dirname(os.path.abspath(__file__)), config_file)
        self.mapper = Mapper(vars=vars)
        self.mapper.add_configs(self.config_file)

    @wsgify
    def __call__(self, req):
        ## Another hack for Petri (https://bugzilla.mozilla.org/show_bug.cgi?id=807796)
        file_wrapper = None
        if 'wsgi.file_wrapper' in req.environ:
            file_wrapper = req.environ.pop('wsgi.file_wrapper')
        if not file_wrapper:
            return self.respond
        else:
            resp = req.send(self.respond)
            req.environ['wsgi.file_wrapper'] = file_wrapper
            return resp

    @wsgify
    def respond(self, req):
        ## Hack for Petri
        if req.headers.get('X-SSL', '').lower() == 'on':
            req.scheme = 'https'
        self.set_auth(req)
        req.root = (req.application_url, self)
        if req.path_info == '/auth':
            return self.auth(req)
        if req.path_info == '/setup':
            return self.setup(req)
        if self.static_app.matches(req):
            return self.static_app
        return self.mapper

    ############################################################
    ## Auth stuff

    def set_auth(self, req):
        req.add_sub('auth',
                    '</body>',
                    ('<script src="https://browserid.org/include.js"></script>'
                     '<script src="%s/static-auth/auth.js"></script>'
                     '<script>Auth.authUrl=%r</script>') %
                    (req.application_url, req.application_url + '/auth'),
                    replace=False)
        auth = req.GET.get('auth')
        if not auth:
            return
        if '.' in auth:
            sig, auth = auth.split('.', 1)
            if self.signature(auth) == sig:
                req.auth = json.loads(auth)

    @property
    def secret(self):
        secret = read_file(self._secret_filename)
        if not secret:
            secret = make_random(10)
            write_file(self._secret_filename, secret)
        return secret

    def signature(self, text):
        return sign(self.secret, text)

    @wsgify
    def auth(self, req):
        try:
            assertion = req.params['assertion']
            audience = req.params['audience']
        except KeyError, e:
            return exc.HTTPBadRequest('Missing key: %s' % e)
        r = urllib.urlopen(
            "https://browserid.org/verify",
            urllib.urlencode(dict(assertion=assertion, audience=audience)))
        r = json.loads(r.read())
        if r['status'] == 'okay':
            r['audience'] = audience
            static = json.dumps(r)
            static = self.signature(static) + '.' + static
            r['auth'] = {'query': {'auth': static}}
        return Response(json=r)