def challenge(self, environ, _status, _app_headers, _forget_headers): # this challenge consist in login out if environ.has_key('rwpc.logout'): # ignore right now? pass logger = environ.get('repoze.who.logger', '') # Which page was accessed to get here came_from = construct_came_from(environ) environ["myapp.came_from"] = came_from logger.debug("[sp.challenge] RelayState >> %s" % came_from) # Am I part of a virtual organization ? try: vorg_name = environ["myapp.vo"] except KeyError: try: vorg_name = self.saml_client.vorg.vorg_name except AttributeError: vorg_name = "" logger.info("[sp.challenge] VO: %s" % vorg_name) # If more than one idp and if none is selected, I have to do wayf (done, response) = self._pick_idp(environ, came_from) # Three cases: -1 something went wrong or Discovery service used # 0 I've got an IdP to send a request to # >0 ECP in progress logger.debug("_idp_pick returned: %s" % done) if done == -1: return response elif done > 0: self.outstanding_queries[done] = came_from return ECP_response(response) else: idp_url = response logger.info("[sp.challenge] idp_url: %s" % idp_url) # Do the AuthnRequest (sid_, result) = self.saml_client.authenticate(idp_url, relay_state=came_from, vorg=vorg_name) # remember the request self.outstanding_queries[sid_] = came_from if isinstance(result, tuple): logger.debug('redirect to: %s' % result[1]) return HTTPSeeOther(headers=[result]) else: return HTTPInternalServerError( detail='Incorrect returned data')
def delete_perm_user(self, repo_name): """ DELETE an existing repository permission user :param repo_name: """ try: RepoModel().revoke_user_permission(repo=repo_name, user=request.POST['user_id']) Session.commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during deletion of repository user'), category='error') raise HTTPInternalServerError()
def _pick_idp(self, environ, came_from): """ If more than one idp and if none is selected, I have to do wayf or disco """ # check headers to see if it's an ECP request # headers = { # 'Accept' : 'text/html; application/vnd.paos+xml', # 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, # SERVICE) # } _cli = self.saml_client logger.info("[_pick_idp] %s" % environ) if "HTTP_PAOS" in environ: if environ["HTTP_PAOS"] == PAOS_HEADER_INFO: if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]: # Where should I redirect the user to # entityid -> the IdP to use # relay_state -> when back from authentication logger.info("- ECP client detected -") _relay_state = construct_came_from(environ) _entityid = _cli.config.ecp_endpoint(environ["REMOTE_ADDR"]) if not _entityid: return -1, HTTPInternalServerError( detail="No IdP to talk to") logger.info("IdP to talk to: %s" % _entityid) return ecp.ecp_auth_request(_cli, _entityid, _relay_state) else: return -1, HTTPInternalServerError( detail='Faulty Accept header') else: return -1, HTTPInternalServerError( detail='unknown ECP version') idps = self.metadata.with_descriptor("idpsso") logger.info("IdP URL: %s" % idps) idp_entity_id = query = None for key in ['s2repoze.body', "QUERY_STRING"]: query = environ.get(key) if query: try: _idp_entity_id = dict(parse_qs(query))[ self.idp_query_param][0] if _idp_entity_id in idps: idp_entity_id = _idp_entity_id break except KeyError: logger.debug("No IdP entity ID in query: %s" % query) pass if idp_entity_id is None: if len(idps) == 1: # idps is a dictionary idp_entity_id = idps.keys()[0] elif not len(idps): return -1, HTTPInternalServerError(detail='Misconfiguration') else: idp_entity_id = "" logger.info("ENVIRON: %s" % environ) if self.wayf: if query: try: wayf_selected = dict(parse_qs(query))[ "wayf_selected"][0] except KeyError: return self._wayf_redirect(came_from) idp_entity_id = wayf_selected else: return self._wayf_redirect(came_from) elif self.discosrv: if query: idp_entity_id = _cli.parse_discovery_service_response( query=environ.get("QUERY_STRING")) else: sid_ = sid() self.outstanding_queries[sid_] = came_from logger.debug("Redirect to Discovery Service function") eid = _cli.config.entityid ret = _cli.config.getattr( "endpoints", "sp")["discovery_response"][0][0] ret += "?sid=%s" % sid_ loc = _cli.create_discovery_service_request( self.discosrv, eid, **{"return": ret}) return -1, SeeOther(loc) else: return -1, HTTPNotImplemented( detail='No WAYF or DJ present!') logger.info("Chosen IdP: '%s'" % idp_entity_id) return 0, idp_entity_id
def _pick_idp(self, environ, came_from): """ If more than one idp and if none is selected, I have to do wayf or disco """ # check headers to see if it's an ECP request # headers = { # 'Accept' : 'text/html; application/vnd.paos+xml', # 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE) # } logger.info("[_pick_idp] %s" % environ) if "HTTP_PAOS" in environ: if environ["HTTP_PAOS"] == PAOS_HEADER_INFO: if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]: # Where should I redirect the user to # entityid -> the IdP to use # relay_state -> when back from authentication logger.info("- ECP client detected -") _relay_state = construct_came_from(environ) _entityid = self.saml_client.config.ecp_endpoint( environ["REMOTE_ADDR"]) if not _entityid: return -1, HTTPInternalServerError( detail="No IdP to talk to") logger.info("IdP to talk to: %s" % _entityid) return ecp.ecp_auth_request(self.saml_client, _entityid, _relay_state) else: return -1, HTTPInternalServerError( detail='Faulty Accept header') else: return -1, HTTPInternalServerError( detail='unknown ECP version') idps = self.conf.idps() logger.info("IdP URL: %s" % idps) if len(idps) == 1: # idps is a dictionary idp_entity_id = idps.keys()[0] elif not len(idps): return -1, HTTPInternalServerError(detail='Misconfiguration') else: idp_entity_id = "" logger.info("ENVIRON: %s" % environ) query = environ.get('s2repoze.body', '') if not query: query = environ.get("QUERY_STRING", "") logger.info("<_pick_idp> query: %s" % query) if self.wayf: if query: try: wayf_selected = dict( parse_qs(query))["wayf_selected"][0] except KeyError: return self._wayf_redirect(came_from) idp_entity_id = wayf_selected else: return self._wayf_redirect(came_from) elif self.discovery: if query: idp_entity_id = self.saml_client.get_idp_from_discovery_service( query=environ.get("QUERY_STRING")) else: sid_ = sid() self.outstanding_queries[sid_] = came_from logger.info("Redirect to Discovery Service function") loc = self.saml_client.request_to_discovery_service( self.discovery) return -1, HTTPSeeOther(headers=[('Location', loc)]) else: return -1, HTTPNotImplemented(detail='No WAYF or DJ present!') logger.info("Choosen IdP: '%s'" % idp_entity_id) return 0, idp_entity_id
def wrapped(environ, start_response): if 'HTTP_X_FORWARDED_SERVER' in environ: exc = HTTPInternalServerError() exc.explanation = cant_proxy_correctly_message raise exc return app(environ, start_response)