def load_cookie_config(app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.cookie.'): badcookie_conf = strip_base(auth_conf, 'badcookie.') template_conf = strip_base(badcookie_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'badcookiepage.template.') else: template_ = template user_setter_params = { 'params': strip_base(auth_conf, 'params.'), 'ticket_class': AuthKitTicket, 'badcookiepage': asbool(badcookie_conf.get('page', True)), 'badcookietemplate': template_, } for k, v in auth_conf.items(): if not (k.startswith('params.') or k.startswith('badcookie.')): user_setter_params[k] = v if not user_setter_params.has_key('secret'): raise AuthKitConfigError('No cookie secret specified under %r' % (prefix + 'secret')) if user_setter_params.has_key('signout'): raise AuthKitConfigError( 'The authkit.cookie.signout option should now be named signoutpath' ) return app, None, user_setter_params
def parse(data): """ Parses the user data """ passwords = {} roles = {} groups = {} counter = 1 for line in data.split('\n'): line = line.strip() if not line: continue role_list = [] parts = line.split(' ') if len(parts) > 1: for role in parts[1:]: if role: role_list.append(role.strip().lower()) role_list.sort() group = None parts = parts[0].split(':') if len(parts) > 1: password = parts[1] if not password: '******' % (username, ) username = parts[0].lower() if not username: '******' % (counter, ) if len(parts) == 3: group = parts[2].lower() if len(parts) <= 1 or len(parts) > 3: raise AuthKitConfigError( 'Syntax error on line %s of authenticate list' % (counter, )) if passwords.has_key(username): raise AuthKitConfigError( 'Username %r defined twice in authenticate list %r' % (username, passwords)) else: passwords[username] = password if role_list: roles[username] = role_list if group: groups[username] = group counter += 1 usernames = passwords.keys() usernames.sort() for username in usernames: if not passwords.has_key(username): raise AuthKitError('No password specified for user %r' % username) if not roles.has_key(username): roles[username] = [] if not groups.has_key(username): groups[username] = None assert len(usernames) == len(passwords) == len(roles) == len(groups) return usernames, passwords, roles, groups
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError('Missing the config key %s%s' % (prefix, option)) user_setter_params = { 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl', ''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process', '/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), # XXX This need to actually be configurable, not hard coded 'session_secret': 'asdasd', 'session_key': 'authkit_openid', 'session_middleware': 'beaker.session', } if user_setter_params['session_middleware'] == 'beaker.session': if not user_setter_params['session_secret']: raise AuthKitConfigError('No session_secret set') auth_handler_params = { 'template': user_setter_params['template'], 'path_verify': auth_conf.get('path.verify', '/verify'), 'baseurl': user_setter_params['baseurl'], 'charset': user_setter_params['charset'], } return app, auth_handler_params, user_setter_params
def __init__(self, app, secret, name='authkit', params=None, includeip=True, signoutpath=None, enforce=False, ticket_class=AuthKitTicket, nouserincookie=False, session_middleware='beaker.session', badcookiepage=True, badcookietemplate=None): log.debug("Setting up the cookie middleware") secure = False if params.has_key('secure') and asbool(params['secure']) == True: secure = True # secure not needed! AuthTKTMiddleware.__init__(self, app, secret, cookie_name=name, secure=secure, include_ip=asbool(includeip), logout_path=signoutpath) self.ticket_class = ticket_class self.cookie_params = params and params.copy() or {} self.cookie_enforce = enforce if self.cookie_enforce and not self.cookie_params.has_key('expires'): raise AuthKitConfigError( "Cannot enforce cookie expiration since no " "cookie_params expires' has been set") self.nouserincookie = nouserincookie self.session_middleware = session_middleware self.badcookiepage = badcookiepage if self.badcookiepage and not badcookietemplate: raise AuthKitConfigError( "No badcookiepage.template option was specified for the cookie middleware" ) self.badcookietemplate = badcookietemplate
def load_cookie_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.cookie.' ): user_setter_params = { 'params': strip_base(auth_conf, 'params.'), 'ticket_class':AuthKitTicket, } for k,v in auth_conf.items(): if not k.startswith('params.'): user_setter_params[k] = v if not user_setter_params.has_key('secret'): raise AuthKitConfigError( 'No cookie secret specified under %r'%(prefix+'secret') ) if user_setter_params.has_key('signout'): raise AuthKitConfigError( 'The authkit.cookie.signout option should now be named signoutpath' ) return app, None, user_setter_params
def make_forward_handler( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.forward', ): if not auth_conf.has_key('internalpath'): raise AuthKitConfigError("No %sinternalpath key specified" % prefix) app = MultiHandler(app) app.add_method('forward', Redirect, auth_conf['internalpath']) app.add_checker('forward', status_checker) app = MyRecursive(RecursiveMiddleware(app)) return app
def __call__(self, environ, start_response): # If we are called it is because we want to sign in, so show the if not environ.has_key(self.session_middleware): raise AuthKitConfigError( 'The session middleware %r is not present. ' 'Have you set up the session middleware?' % (self.session_middleware)) if environ.get('PATH_INFO') == self.path_verify: response = self.verify(environ, start_response) environ[self.session_middleware].save() return response elif environ.get('PATH_INFO') == self.path_process: response = self.process(environ, start_response) environ[self.session_middleware].save() return response else: return self.app(environ, start_response)
def make_forward_handler( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.forward', ): signin_path = None if auth_conf.has_key('internalpath'): warnings.warn( 'The %sinternalpath key is deprecated. Please use ' '%ssigninpath.' % (prefix, prefix), DeprecationWarning, 2) signin_path = auth_conf['internalpath'] elif auth_conf.has_key('signinpath'): signin_path = auth_conf['signinpath'] else: raise AuthKitConfigError("No %ssigninpath key specified" % prefix) app = MultiHandler(app) app.add_method('forward', Redirect, signin_path) app.add_checker('forward', status_checker) app = MyRecursive(RecursiveMiddleware(app)) return app
def set_user_cookie(self, environ, userid, tokens, user_data): if self.include_ip: # Fixes ticket #30 # @@@ should this use environ.get('REMOTE_ADDR','0.0.0.0')? remote_addr = environ.get('HTTP_X_FORWARDED_FOR', environ['REMOTE_ADDR']) remote_addr = remote_addr.split(',')[0] else: remote_addr = '0.0.0.0' # Only these three lines change #~ if self.secure != self.cookie_params.get('secure', False) and asbool(self.cookie_params['secure']) or False: #~ raise Exception('The secure option has changed before ' #~ 'we got here. This means the base class has changed ' #~ 'since this class was written. %r %r'%self.secure, ) ticket = self.ticket_class(self.secret, userid, remote_addr, tokens=tokens, user_data=user_data, cookie_name=self.cookie_name, cookie_params=self.cookie_params, nouserincookie=self.nouserincookie) # @@: Should we set REMOTE_USER etc in the current # environment right now as well? parts = str(ticket.cookie()).split(':') cookies = [(parts[0].strip(), ':'.join(parts[1:]).strip())] log.debug(cookies) if self.nouserincookie: if self.cookie_name == environ[self.session_middleware].key: raise AuthKitConfigError( "The session cookie name %r is the same as the " "AuthKit cookie name. Please change the session cookie " "name." % (environ[self.session_middleware].key)) environ[self.session_middleware]['authkit.cookie.user'] = userid environ[self. session_middleware]['authkit.cookie.user_data'] = user_data environ[self.session_middleware].save() return cookies
def load_openid_config( app, auth_conf, app_conf=None, global_conf=None, prefix='authkit.openid', ): global template template_ = template template_conf = strip_base(auth_conf, 'template.') if template_conf: template_ = get_template(template_conf, prefix=prefix + 'template.') urltouser = auth_conf.get('urltouser', None) if isinstance(urltouser, str): urltouser = eval_import(urltouser) for option in ['store.type', 'store.config', 'path.signedin']: if not auth_conf.has_key(option): raise AuthKitConfigError('Missing the config key %s%s' % (prefix, option)) user_setter_params = { 'store_type': auth_conf['store.type'], 'store_config': auth_conf['store.config'], 'baseurl': auth_conf.get('baseurl', ''), 'path_signedin': auth_conf['path.signedin'], 'path_process': auth_conf.get('path.process', '/process'), 'template': template_, 'urltouser': urltouser, 'charset': auth_conf.get('charset'), 'sreg_required': auth_conf.get('sreg.required'), 'sreg_optional': auth_conf.get('sreg.optional'), 'sreg_policyurl': auth_conf.get('sreg.policyurl'), 'session_middleware': auth_conf.get('session.middleware', 'beaker.session'), } # Add an Attribute Exchange configuration items user_setter_params.update(_load_ax_config(auth_conf)) auth_handler_params = { 'template': user_setter_params['template'], 'path_verify': auth_conf.get('path.verify', '/verify'), 'baseurl': user_setter_params['baseurl'], 'charset': user_setter_params['charset'], } # The following lines were suggested in #59 but I don't know # why they are needed because you shouldn't be using the # user management API. # authenticate_conf = strip_base(auth_conf, 'authenticate.') # app, authfunc, users = get_authenticate_function( # app, # authenticate_conf, # prefix=prefix+'authenticate.', # format='basic' # ) return app, auth_handler_params, user_setter_params