def handleRequest(self, environ, start_response, path, consumer_info): """ Will handle the setup of the Idp. The user must be authenticated. :param environ: :param start_response: :param filePath: :return: """ identity = None try: identity = environ["repoze.who.identity"]["user"] except: return self.unauthorized(environ, start_response) #try: if identity is None or len(identity) == 0: return self.unauthorized(environ, start_response) elif DeclarativeAuth.getInstance().userMatchRule(path, identity["uid"][0]): qs = self.getQueryDict(environ) if path == self.CONST_SETUPLOGUT: return self.handleLogout(environ, start_response) if path == self.CONST_SETUPABOUT: return self.handleAbout(environ, start_response) elif path == self.CONST_SETUPSTYLES: return self.handleStyles(environ, start_response) elif path == self.CONST_SETUP: return self.handleSetup(environ, start_response) elif path == self.CONST_SETUPSERVICE: return self.handleSetupService(environ, start_response, qs, consumer_info) elif path == self.CONST_SAVESECRET: return self.handleSaveSecret(environ, start_response, qs) else: return self.handleUnknown(environ, start_response, path) else: return self.handleNotAuthorized(environ, start_response)
def testUserInRole(self): """ Verify that users will be in correct roles. """ filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json" dAuth = DeclarativeAuth.getInstance(filename) self.assertTrue(dAuth.userInRole("haho", {"user": ["*"]}), '') self.assertTrue(dAuth.userInRole("haho", {"admin": ["writer"]}), '') self.assertTrue(dAuth.userInRole("haho", {"admin": ["reader"]}), '') self.assertTrue(dAuth.userInRole("haho", {"admin": ["*"]}), '') self.assertTrue(dAuth.userInRole("haho", {"admin": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("haho", {"economics": ["writer"]}), '') self.assertTrue(dAuth.userInRole("haho", {"economics": ["reader"]}), '') self.assertTrue(dAuth.userInRole("haho", {"economics": ["*"]}), '') self.assertTrue(dAuth.userInRole("haho", {"economics": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("test1", {"user": ["*"]}), '') self.assertFalse(dAuth.userInRole("test1", {"admin": ["writer"]}), '') self.assertFalse(dAuth.userInRole("test1", {"admin": ["reader"]}), '') self.assertFalse(dAuth.userInRole("test1", {"admin": ["*"]}), '') self.assertFalse(dAuth.userInRole("test1", {"admin": ["reader","writer"]}), '') self.assertFalse(dAuth.userInRole("test1", {"economics": ["writer"]}), '') self.assertTrue(dAuth.userInRole("test1", {"economics": ["reader"]}), '') self.assertTrue(dAuth.userInRole("test1", {"economics": ["*"]}), '') self.assertTrue(dAuth.userInRole("test1", {"economics": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("test2", {"user": ["*"]}), '') self.assertFalse(dAuth.userInRole("test2", {"admin": ["writer"]}), '') self.assertFalse(dAuth.userInRole("test2", {"admin": ["reader"]}), '') self.assertFalse(dAuth.userInRole("test2", {"admin": ["*"]}), '') self.assertFalse(dAuth.userInRole("test2", {"admin": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("test2", {"economics": ["writer"]}), '') self.assertFalse(dAuth.userInRole("test2", {"economics": ["reader"]}), '') self.assertTrue(dAuth.userInRole("test2", {"economics": ["*"]}), '') self.assertTrue(dAuth.userInRole("test2", {"economics": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("test3", {"user": ["*"]}), '') self.assertFalse(dAuth.userInRole("test3", {"admin": ["writer"]}), '') self.assertTrue(dAuth.userInRole("test3", {"admin": ["reader"]}), '') self.assertTrue(dAuth.userInRole("test3", {"admin": ["*"]}), '') self.assertTrue(dAuth.userInRole("test3", {"admin": ["reader","writer"]}), '') self.assertTrue(dAuth.userInRole("test3", {"economics": ["writer"]}), '') self.assertTrue(dAuth.userInRole("test3", {"economics": ["reader"]}), '') self.assertTrue(dAuth.userInRole("test3", {"economics": ["*"]}), '') self.assertTrue(dAuth.userInRole("test3", {"economics": ["reader","writer"]}), '')
def testMethod(self): """ Verify that the JSON file kan be read, by checking if rules, users and roles exists. """ filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json" #filename = os.path.dirname(os.path.abspath(__file__))+"/test.json" dAuth = DeclarativeAuth.getInstance(filename) self.assertTrue(dAuth.userExists("haho"), 'dAuth.userExists("haho") should be true') self.assertTrue(dAuth.ruleExists("*"), 'dAuth.ruleExists("*") should be true') self.assertTrue(dAuth.ruleExists("/admin"), 'dAuth.ruleExists("/admin") should be true') self.assertTrue(dAuth.roleExists({"admin": ["reader","writer"]}), 'dAuth.roleExists({"admin":["reader","writer"]}) should be true') self.assertTrue(dAuth.roleExists({"admin": ["reader"]}), 'dAuth.roleExists({"admin":["reader"]}) should be true') self.assertTrue(dAuth.roleExists({"admin": ["*"]}), 'dAuth.roleExists({"admin": ["*"]}) should be true') self.assertFalse(dAuth.roleExists({"admin": ["whatever"]}), 'dAuth.roleExists({"admin": ["whatever"]}) should be false')
def testUserMatchRule(self): """ Verify that users can get access to protected areas, or get prevented from access areas. """ filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json" dAuth = DeclarativeAuth.getInstance(filename) self.assertTrue(dAuth.userMatchRule("/anypage","haho"), '') self.assertTrue(dAuth.userMatchRule("/admin/anypage","haho"), '') self.assertTrue(dAuth.userMatchRule("/admin","haho"), '') self.assertTrue(dAuth.userMatchRule("/admin/setup/","haho"), '') self.assertTrue(dAuth.userMatchRule("/admin/setup/anypage","haho"), '') self.assertTrue(dAuth.userMatchRule("/economics/test.html","haho"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage","haho"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/","haho"), '') self.assertTrue(dAuth.userMatchRule("/about","haho"), '') #Verify that the singleton pattern really works. dAuth = DeclarativeAuth.getInstance() self.assertTrue(dAuth.userMatchRule("/anypage","test1"), '') self.assertFalse(dAuth.userMatchRule("/admin/anypage","test1"), '') self.assertFalse(dAuth.userMatchRule("/admin","test1"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/","test1"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage","test1"), '') self.assertTrue(dAuth.userMatchRule("/economics/test.html","test1"), '') self.assertFalse(dAuth.userMatchRule("/economics/setup/anypage","test1"), '') self.assertFalse(dAuth.userMatchRule("/economics/setup/","test1"), '') self.assertTrue(dAuth.userMatchRule("/about","test1"), '') self.assertTrue(dAuth.userMatchRule("/anypage","test2"), '') self.assertFalse(dAuth.userMatchRule("/admin/anypage","test2"), '') self.assertFalse(dAuth.userMatchRule("/admin","test2"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/","test2"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage","test2"), '') self.assertTrue(dAuth.userMatchRule("/economics/test.html","test2"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage","test2"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/","test2"), '') self.assertTrue(dAuth.userMatchRule("/about","test2"), '') self.assertTrue(dAuth.userMatchRule("/anypage", "test3"), '') self.assertTrue(dAuth.userMatchRule("/admin/anypage", "test3"), '') self.assertTrue(dAuth.userMatchRule("/admin", "test3"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/", "test3"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage", "test3"), '') self.assertTrue(dAuth.userMatchRule("/economics/test.html", "test3"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage", "test3"), '') self.assertTrue(dAuth.userMatchRule("/economics/setup/", "test3"), '') self.assertTrue(dAuth.userMatchRule("/about","test3"), '') self.assertFalse(dAuth.userMatchRule("/anypage", "test4"), '') self.assertFalse(dAuth.userMatchRule("/admin/anypage", "test4"), '') self.assertFalse(dAuth.userMatchRule("/admin", "test4"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/", "test4"), '') self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage", "test4"), '') self.assertFalse(dAuth.userMatchRule("/economics/test.html", "test4"), '') self.assertFalse(dAuth.userMatchRule("/economics/setup/anypage", "test4"), '') self.assertFalse(dAuth.userMatchRule("/economics/setup/", "test4"), '') self.assertFalse(dAuth.userMatchRule("/about","test4"), '')
def testMethod(self): """ Verify that the singleton works """ self.assertEqual(DeclarativeAuth.getInstance().classId(), DeclarativeAuth.getInstance().classId(), 'DeclarativeAuth.getInstance().classId() = DeclarativeAuth.getInstance().classId()')
def initAuthApp(self, application, metadataList, conf, secretFile, configfilePath=None): """ Will add authentication middleware to the WSGI application. :param self: :param application: Function for main WSGI application :rtype : PluggableAuthenticationMiddleware :return: """ self.CONST_SETUP = "/setup" self.CONST_SETUPSERVICE = "/setup/service" self.CONST_SETUPSTYLES = "/setup/styles" self.CONST_SAVESECRET = "/setup/SaveSecret" self.CONST_SETUPABOUT = "/setup/about" self.CONST_SETUPLOGUT = "/setup/logout" self.CONST_SESSION_USER = "******" self.CONST_KEY = "key" self.CONST_SECRET = "secret" if configfilePath is None: self.CONST_ROOT = os.path.dirname(os.path.abspath(__file__)) else: self.CONST_ROOT = configfilePath self.CONST_AUTH_FILE = IdpSetupSp._instance.CONST_ROOT + "/auth.json" self.CONST_STATIC_FILE = IdpSetupSp._instance.CONST_ROOT + "/files/static/" self.CONST_STATIC_MAKO = IdpSetupSp._instance.CONST_ROOT + "/files/mako/" self.CONST_LOOKUP = TemplateLookup(directories=[self.CONST_STATIC_MAKO + 'templates', self.CONST_STATIC_MAKO + 'htdocs'], module_directory=self.CONST_STATIC_MAKO + 'modules', input_encoding='utf-8', output_encoding='utf-8') self.CONST_ONTS = { saml.NAMESPACE: saml, mdui.NAMESPACE: mdui, mdattr.NAMESPACE: mdattr, dri.NAMESPACE: dri, ui.NAMESPACE: ui, idpdisc.NAMESPACE: idpdisc, md.NAMESPACE: md, xmldsig.NAMESPACE: xmldsig, xmlenc.NAMESPACE: xmlenc } self.CONST_ATTRCONV = attribute_converter.ac_factory("attributemaps") try: xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) except: try: xmlsec_path = get_xmlsec_binary(["/usr/local/bin"]) except: xmlsec_path = '/usr/bin/xmlsec1' for metadata in metadataList: mds = MetadataStore(self.CONST_ONTS.values(), self.CONST_ATTRCONV, xmlsec_path, disable_ssl_certificate_validation=True) mds.imp(metadata) for entityId in mds.keys(): self.spKeyList.append(entityId) for key in conf: self.socialServiceKeyList.append(conf[key]["name"]) self.secretFile = secretFile currentPath = os.path.dirname(os.path.abspath(__file__)) lib_path = os.path.abspath(self.CONST_ROOT) sys.path.append(lib_path) DeclarativeAuth.getInstance(self.CONST_AUTH_FILE) app_with_auth = make_middleware_with_config(application, {"here": "."}, self.CONST_ROOT+'/who.ini', log_file=self.CONST_ROOT+"/repoze_who.log") return app_with_auth
def verifyHandleRequest(self, path): return DeclarativeAuth.getInstance().ruleMatch(path)