def __activate__(self, context):
self.velocityContext = context
self.log = self.vc("log")
self.systemConfig = self.vc("systemConfig")
self.session = self.vc("sessionState")
self.response = self.vc("response")
self.request = self.vc("request")
self.msg = ""
self.appId = None
uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
matches = re.match("^(.*?)/(.*?)/(.*?)/(.*?)/(.*?)$", uri)
if matches and matches.group(5):
self.appId = matches.group(5)
if not self.appId:
self.msg = "No appId specified"
self.log.error(self.msg)
return
self.log.debug("Getting configuration for: " + self.appId)
self.consumerName = self.systemConfig.getString(
None, "authserver", self.appId, "name")
self.sharedKey = self.systemConfig.getString(None, "authserver",
self.appId, "sharedKey")
self.aud = self.systemConfig.getString(None, "authserver", self.appId,
"aud")
self.iss = self.systemConfig.getString(None, "authserver", self.appId,
"iss")
self.expiry = self.systemConfig.getInteger(None, "authserver",
self.appId, "expiry")
self.logoutUrl = self.systemConfig.getString(None, "authserver",
self.appId, "logoutUrl")
logout = self.request.getParameter("logout")
if logout == "1":
self.session.invalidate()
self.response.sendRedirect(self.logoutUrl)
return
if not self.consumerName:
self.msg = "Invalid configuration, no app name"
self.log.error(self.msg)
return
if not self.sharedKey:
self.msg = "Invalid shared Key"
self.log.error(self.msg)
return
if not self.aud:
self.msg = "Invalid aud"
self.log.error(self.msg)
return
if not self.iss:
self.msg = "Invalid iss"
self.log.error(self.msg)
return
if not self.expiry:
self.msg = "Invalid expiry"
self.log.error(self.msg)
return
# Because we don't trust the configuration
current_user = self.vc("page").authentication.get_username()
isAdmin = self.vc("page").authentication.is_admin()
# Admin only...
if not isAdmin:
self.msg = "Sorry, this page is only for administrators."
self.log.error(self.msg)
return
# Get the roles...
typ = "[\"" + "\",\"".join(
self.vc("page").authentication.get_roles_list()) + "\"]"
# Generating signature...
dtNow = Date().getTime()
now = dtNow / 1000
iat = now
nbf = now - 1
exp = now + self.expiry
secRandom = SecureRandom()
jti = Long.toString(dtNow) + "_" + Integer.toString(
secRandom.nextInt())
payload = Payload(
'{"iss":"%s", "sub":"%s", "aud":"%s", "iat":"%s", "nbf":"%s", "exp":"%s", "jti":"%s", "typ":%s}'
% (self.iss, current_user, self.aud, iat, nbf, exp, jti, typ))
jwsHeader = JWSHeader(JWSAlgorithm.HS256)
macSigner = MACSigner(self.sharedKey)
jwsObject = JWSObject(jwsHeader, payload)
jwsObject.sign(macSigner)
self.jws = jwsObject.serialize()
def __activate__(self, context):
self.velocityContext = context
self.log = self.vc("log")
self.systemConfig = self.vc("systemConfig")
self.session = self.vc("sessionState")
self.response = self.vc("response")
self.request = self.vc("request")
self.msg = ""
self.appId = None
uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
matches = re.match("^(.*?)/(.*?)/(.*?)/(.*?)/(.*?)$", uri)
if matches and matches.group(5):
self.appId = matches.group(5)
if not self.appId:
self.msg = "No appId specified"
self.log.error(self.msg)
return
self.log.debug("Getting configuration for: " + self.appId)
self.consumerName = self.systemConfig.getString(None, "authserver", self.appId, "name")
self.sharedKey = self.systemConfig.getString(None, "authserver", self.appId, "sharedKey")
self.aud = self.systemConfig.getString(None, "authserver", self.appId, "aud")
self.iss = self.systemConfig.getString(None, "authserver", self.appId, "iss")
self.expiry = self.systemConfig.getInteger(None, "authserver", self.appId, "expiry")
self.logoutUrl = self.systemConfig.getString(None, "authserver", self.appId, "logoutUrl")
logout = self.request.getParameter("logout")
if logout == "1":
self.session.invalidate()
self.response.sendRedirect(self.logoutUrl)
return
if not self.consumerName:
self.msg = "Invalid configuration, no app name"
self.log.error(self.msg)
return
if not self.sharedKey:
self.msg = "Invalid shared Key"
self.log.error(self.msg)
return
if not self.aud:
self.msg = "Invalid aud"
self.log.error(self.msg)
return
if not self.iss:
self.msg = "Invalid iss"
self.log.error(self.msg)
return
if not self.expiry:
self.msg = "Invalid expiry"
self.log.error(self.msg)
return
# Because we don't trust the configuration
current_user = self.vc("page").authentication.get_username()
isAdmin = self.vc("page").authentication.is_admin()
# Admin only...
if not isAdmin:
self.msg = "Sorry, this page is only for administrators."
self.log.error(self.msg)
return
# Get the roles...
typ = "[\"" + "\",\"".join(self.vc("page").authentication.get_roles_list()) + "\"]"
# Generating signature...
dtNow = Date().getTime()
now = dtNow / 1000
iat = now
nbf = now - 1
exp = now + self.expiry
secRandom = SecureRandom()
jti = Long.toString(dtNow) + "_" + Integer.toString(secRandom.nextInt())
payload = Payload('{"iss":"%s", "sub":"%s", "aud":"%s", "iat":"%s", "nbf":"%s", "exp":"%s", "jti":"%s", "typ":%s}' % (self.iss, current_user, self.aud, iat, nbf, exp, jti, typ))
jwsHeader = JWSHeader(JWSAlgorithm.HS256)
macSigner = MACSigner(self.sharedKey)
jwsObject = JWSObject(jwsHeader, payload)
jwsObject.sign(macSigner)
self.jws = jwsObject.serialize()
