def load_cookie_config(app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'):
badcookie_conf = strip_base(auth_conf, 'badcookie.')
template_conf = strip_base(badcookie_conf, 'template.')
if template_conf:
template_ = get_template(template_conf,
prefix=prefix + 'badcookiepage.template.')
else:
template_ = template
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class': AuthKitTicket,
'badcookiepage': asbool(badcookie_conf.get('page', True)),
'badcookietemplate': template_,
}
for k, v in auth_conf.items():
if not (k.startswith('params.') or k.startswith('badcookie.')):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError('No cookie secret specified under %r' %
(prefix + 'secret'))
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def parse(data):
"""
Parses the user data
"""
passwords = {}
roles = {}
groups = {}
counter = 1
for line in data.split('\n'):
line = line.strip()
if not line:
continue
role_list = []
parts = line.split(' ')
if len(parts) > 1:
for role in parts[1:]:
if role:
role_list.append(role.strip().lower())
role_list.sort()
group = None
parts = parts[0].split(':')
if len(parts) > 1:
password = parts[1]
if not password:
'******' % (username, )
username = parts[0].lower()
if not username:
'******' % (counter, )
if len(parts) == 3:
group = parts[2].lower()
if len(parts) <= 1 or len(parts) > 3:
raise AuthKitConfigError(
'Syntax error on line %s of authenticate list' % (counter, ))
if passwords.has_key(username):
raise AuthKitConfigError(
'Username %r defined twice in authenticate list %r' %
(username, passwords))
else:
passwords[username] = password
if role_list:
roles[username] = role_list
if group:
groups[username] = group
counter += 1
usernames = passwords.keys()
usernames.sort()
for username in usernames:
if not passwords.has_key(username):
raise AuthKitError('No password specified for user %r' % username)
if not roles.has_key(username):
roles[username] = []
if not groups.has_key(username):
groups[username] = None
assert len(usernames) == len(passwords) == len(roles) == len(groups)
return usernames, passwords, roles, groups
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError('Missing the config key %s%s' %
(prefix, option))
user_setter_params = {
'store_type': auth_conf['store.type'],
'store_config': auth_conf['store.config'],
'baseurl': auth_conf.get('baseurl', ''),
'path_signedin': auth_conf['path.signedin'],
'path_process': auth_conf.get('path.process', '/process'),
'template': template_,
'urltouser': urltouser,
'charset': auth_conf.get('charset'),
'sreg_required': auth_conf.get('sreg.required'),
'sreg_optional': auth_conf.get('sreg.optional'),
'sreg_policyurl': auth_conf.get('sreg.policyurl'),
# XXX This need to actually be configurable, not hard coded
'session_secret': 'asdasd',
'session_key': 'authkit_openid',
'session_middleware': 'beaker.session',
}
if user_setter_params['session_middleware'] == 'beaker.session':
if not user_setter_params['session_secret']:
raise AuthKitConfigError('No session_secret set')
auth_handler_params = {
'template': user_setter_params['template'],
'path_verify': auth_conf.get('path.verify', '/verify'),
'baseurl': user_setter_params['baseurl'],
'charset': user_setter_params['charset'],
}
return app, auth_handler_params, user_setter_params
def __init__(self,
app,
secret,
name='authkit',
params=None,
includeip=True,
signoutpath=None,
enforce=False,
ticket_class=AuthKitTicket,
nouserincookie=False,
session_middleware='beaker.session',
badcookiepage=True,
badcookietemplate=None):
log.debug("Setting up the cookie middleware")
secure = False
if params.has_key('secure') and asbool(params['secure']) == True:
secure = True
# secure not needed!
AuthTKTMiddleware.__init__(self,
app,
secret,
cookie_name=name,
secure=secure,
include_ip=asbool(includeip),
logout_path=signoutpath)
self.ticket_class = ticket_class
self.cookie_params = params and params.copy() or {}
self.cookie_enforce = enforce
if self.cookie_enforce and not self.cookie_params.has_key('expires'):
raise AuthKitConfigError(
"Cannot enforce cookie expiration since no "
"cookie_params expires' has been set")
self.nouserincookie = nouserincookie
self.session_middleware = session_middleware
self.badcookiepage = badcookiepage
if self.badcookiepage and not badcookietemplate:
raise AuthKitConfigError(
"No badcookiepage.template option was specified for the cookie middleware"
)
self.badcookietemplate = badcookietemplate
def load_cookie_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.cookie.'
):
user_setter_params = {
'params': strip_base(auth_conf, 'params.'),
'ticket_class':AuthKitTicket,
}
for k,v in auth_conf.items():
if not k.startswith('params.'):
user_setter_params[k] = v
if not user_setter_params.has_key('secret'):
raise AuthKitConfigError(
'No cookie secret specified under %r'%(prefix+'secret')
)
if user_setter_params.has_key('signout'):
raise AuthKitConfigError(
'The authkit.cookie.signout option should now be named signoutpath'
)
return app, None, user_setter_params
def make_forward_handler(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.forward',
):
if not auth_conf.has_key('internalpath'):
raise AuthKitConfigError("No %sinternalpath key specified" % prefix)
app = MultiHandler(app)
app.add_method('forward', Redirect, auth_conf['internalpath'])
app.add_checker('forward', status_checker)
app = MyRecursive(RecursiveMiddleware(app))
return app
def __call__(self, environ, start_response):
# If we are called it is because we want to sign in, so show the
if not environ.has_key(self.session_middleware):
raise AuthKitConfigError(
'The session middleware %r is not present. '
'Have you set up the session middleware?' %
(self.session_middleware))
if environ.get('PATH_INFO') == self.path_verify:
response = self.verify(environ, start_response)
environ[self.session_middleware].save()
return response
elif environ.get('PATH_INFO') == self.path_process:
response = self.process(environ, start_response)
environ[self.session_middleware].save()
return response
else:
return self.app(environ, start_response)
def make_forward_handler(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.forward',
):
signin_path = None
if auth_conf.has_key('internalpath'):
warnings.warn(
'The %sinternalpath key is deprecated. Please use '
'%ssigninpath.' % (prefix, prefix), DeprecationWarning, 2)
signin_path = auth_conf['internalpath']
elif auth_conf.has_key('signinpath'):
signin_path = auth_conf['signinpath']
else:
raise AuthKitConfigError("No %ssigninpath key specified" % prefix)
app = MultiHandler(app)
app.add_method('forward', Redirect, signin_path)
app.add_checker('forward', status_checker)
app = MyRecursive(RecursiveMiddleware(app))
return app
def set_user_cookie(self, environ, userid, tokens, user_data):
if self.include_ip:
# Fixes ticket #30
# @@@ should this use environ.get('REMOTE_ADDR','0.0.0.0')?
remote_addr = environ.get('HTTP_X_FORWARDED_FOR',
environ['REMOTE_ADDR'])
remote_addr = remote_addr.split(',')[0]
else:
remote_addr = '0.0.0.0'
# Only these three lines change
#~ if self.secure != self.cookie_params.get('secure', False) and asbool(self.cookie_params['secure']) or False:
#~ raise Exception('The secure option has changed before '
#~ 'we got here. This means the base class has changed '
#~ 'since this class was written. %r %r'%self.secure, )
ticket = self.ticket_class(self.secret,
userid,
remote_addr,
tokens=tokens,
user_data=user_data,
cookie_name=self.cookie_name,
cookie_params=self.cookie_params,
nouserincookie=self.nouserincookie)
# @@: Should we set REMOTE_USER etc in the current
# environment right now as well?
parts = str(ticket.cookie()).split(':')
cookies = [(parts[0].strip(), ':'.join(parts[1:]).strip())]
log.debug(cookies)
if self.nouserincookie:
if self.cookie_name == environ[self.session_middleware].key:
raise AuthKitConfigError(
"The session cookie name %r is the same as the "
"AuthKit cookie name. Please change the session cookie "
"name." % (environ[self.session_middleware].key))
environ[self.session_middleware]['authkit.cookie.user'] = userid
environ[self.
session_middleware]['authkit.cookie.user_data'] = user_data
environ[self.session_middleware].save()
return cookies
def load_openid_config(
app,
auth_conf,
app_conf=None,
global_conf=None,
prefix='authkit.openid',
):
global template
template_ = template
template_conf = strip_base(auth_conf, 'template.')
if template_conf:
template_ = get_template(template_conf, prefix=prefix + 'template.')
urltouser = auth_conf.get('urltouser', None)
if isinstance(urltouser, str):
urltouser = eval_import(urltouser)
for option in ['store.type', 'store.config', 'path.signedin']:
if not auth_conf.has_key(option):
raise AuthKitConfigError('Missing the config key %s%s' %
(prefix, option))
user_setter_params = {
'store_type':
auth_conf['store.type'],
'store_config':
auth_conf['store.config'],
'baseurl':
auth_conf.get('baseurl', ''),
'path_signedin':
auth_conf['path.signedin'],
'path_process':
auth_conf.get('path.process', '/process'),
'template':
template_,
'urltouser':
urltouser,
'charset':
auth_conf.get('charset'),
'sreg_required':
auth_conf.get('sreg.required'),
'sreg_optional':
auth_conf.get('sreg.optional'),
'sreg_policyurl':
auth_conf.get('sreg.policyurl'),
'session_middleware':
auth_conf.get('session.middleware', 'beaker.session'),
}
# Add an Attribute Exchange configuration items
user_setter_params.update(_load_ax_config(auth_conf))
auth_handler_params = {
'template': user_setter_params['template'],
'path_verify': auth_conf.get('path.verify', '/verify'),
'baseurl': user_setter_params['baseurl'],
'charset': user_setter_params['charset'],
}
# The following lines were suggested in #59 but I don't know
# why they are needed because you shouldn't be using the
# user management API.
# authenticate_conf = strip_base(auth_conf, 'authenticate.')
# app, authfunc, users = get_authenticate_function(
# app,
# authenticate_conf,
# prefix=prefix+'authenticate.',
# format='basic'
# )
return app, auth_handler_params, user_setter_params