def javascript_passw_login(self, info):
if self.javascript_login_authn is None:
self.init_mako()
end_points = self.config.AUTHENTICATION["JavascriptLogin"][
"END_POINTS"]
full_end_point_paths = [
"{}{}".format(self.issuer, ep) for ep in end_points
]
self.javascript_login_authn = JavascriptFormMako(
None, "javascript_login.mako", self.lookup, self.config.PASSWD,
"{}authorization".format(self.issuer), None,
full_end_point_paths)
PASSWORD_END_POINT_INDEX = 2
JAVASCRIPT_POINT_INDEX = 1
password_end_point = self.config.AUTHENTICATION["UserPassword"][
"END_POINTS"][PASSWORD_END_POINT_INDEX]
javascript_end_point = info["END_POINTS"][JAVASCRIPT_POINT_INDEX]
multi_password = AuthnIndexedEndpointWrapper(
self.username_password_authn, PASSWORD_END_POINT_INDEX)
multi_javascript = AuthnIndexedEndpointWrapper(
self.javascript_login_authn, JAVASCRIPT_POINT_INDEX)
auth_modules = [(multi_password, r'^' + password_end_point),
(multi_javascript, r'^' + javascript_end_point)]
return setup_multi_auth(self.ac, self.urls, auth_modules)
def saml_pass_login(self, info):
from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
if self.saml_authn is None:
self.init_mako()
self.saml_authn = SAMLAuthnMethod(None,
self.lookup,
self.config.SAML,
self.config.SP_CONFIG,
self.issuer,
"{}authorization".format(
self.issuer),
userinfo=self.config.USERINFO)
PASSWORD_END_POINT_INDEX = 1
SAML_END_POINT_INDEX = 1
password_end_point = self.config.AUTHENTICATION['UserPassword'][
"END_POINTS"][PASSWORD_END_POINT_INDEX]
saml_endpoint = info["END_POINTS"][SAML_END_POINT_INDEX]
end_point_indexes = {
BINDING_HTTP_REDIRECT: 1,
BINDING_HTTP_POST: 1,
"disco_end_point_index": 1
}
multi_saml = AuthnIndexedEndpointWrapper(self.saml_authn,
end_point_indexes)
multi_password = AuthnIndexedEndpointWrapper(
self.username_password_authn, PASSWORD_END_POINT_INDEX)
auth_modules = [(multi_saml, r'^' + saml_endpoint),
(multi_password, r'^' + password_end_point)]
return setup_multi_auth(self.ac, self.urls, auth_modules)
def saml_login(self, info):
from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
if self.saml_authn is None:
self.init_mako()
self.saml_authn = SAMLAuthnMethod(None,
self.lookup,
self.config.SAML,
self.config.SP_CONFIG,
self.issuer,
"{}authorization".format(
self.issuer),
userinfo=self.config.USERINFO)
self.ac.add("", self.saml_authn, "", "")
SAML_END_POINT_INDEX = 0
end_point = info["END_POINTS"][SAML_END_POINT_INDEX]
end_point_indexes = {
BINDING_HTTP_REDIRECT: 0,
BINDING_HTTP_POST: 0,
"disco_end_point_index": 0
}
authn = AuthnIndexedEndpointWrapper(self.saml_authn, end_point_indexes)
self.urls.append((r'^' + end_point, make_auth_verify(authn.verify)))
return authn
def user_password(self, info):
self.init_mako()
self.username_password_authn = UsernamePasswordMako(
None, "login.mako", self.lookup, self.config.PASSWD,
"%sauthorization" % self.issuer, None, self.full_end_point_paths)
PASSWORD_END_POINT_INDEX = 0
end_point = info["END_POINTS"][PASSWORD_END_POINT_INDEX]
authn = AuthnIndexedEndpointWrapper(self.username_password_authn,
PASSWORD_END_POINT_INDEX)
self.urls.append((r'^' + end_point, make_auth_verify(authn.verify)))
return authn
def javascript_login(self, info):
if self.javascript_login_authn is None:
self.init_mako()
end_points = self.config.AUTHENTICATION[
"JavascriptLogin"]["END_POINTS"]
full_end_point_paths = [
"{}{}".format(self.issuer, ep) for ep in end_points]
self.javascript_login_authn = JavascriptFormMako(
None, "javascript_login.mako", self.lookup, self.config.PASSWD,
"{}authorization".format(self.issuer), None,
full_end_point_paths)
self.ac.add("", self.javascript_login_authn, "", "")
JAVASCRIPT_END_POINT_INDEX = 0
end_point = info["END_POINTS"][JAVASCRIPT_END_POINT_INDEX]
authn = AuthnIndexedEndpointWrapper(self.javascript_login_authn,
JAVASCRIPT_END_POINT_INDEX)
self.urls.append((r'^' + end_point, make_auth_verify(authn.verify)))
return authn
saml_authn = None
end_points = config.AUTHENTICATION["UserPassword"]["END_POINTS"]
full_end_point_paths = ["%s%s" % (config.issuer, ep) for ep in end_points]
username_password_authn = UsernamePasswordMako(
None, "login.mako", LOOKUP, PASSWD, "%sauthorization" % config.issuer,
None, full_end_point_paths)
for authkey, value in config.AUTHENTICATION.items():
authn = None
if "UserPassword" == authkey:
PASSWORD_END_POINT_INDEX = 0
end_point = config.AUTHENTICATION[authkey]["END_POINTS"][
PASSWORD_END_POINT_INDEX]
authn = AuthnIndexedEndpointWrapper(username_password_authn,
PASSWORD_END_POINT_INDEX)
URLS.append((r'^' + end_point, make_auth_verify(authn.verify)))
# Ensure javascript_login_authn to be defined
try:
javascript_login_authn
except NameError:
javascript_login_authn = None
if "JavascriptLogin" == authkey:
if not javascript_login_authn:
end_points = config.AUTHENTICATION["JavascriptLogin"][
"END_POINTS"]
full_end_point_paths = [
"%s/%s" % (config.issuer, ep) for ep in end_points
]
end_points = config.AUTHENTICATION["UserPassword"]["END_POINTS"]
full_end_point_paths = ["%s%s" % (_issuer, ep) for ep in end_points]
username_password_authn = UsernamePasswordMako(
None, "login.mako", LOOKUP, PASSWD, "%sauthorization" % _issuer,
None, full_end_point_paths)
_urls = []
for authkey, value in config.AUTHENTICATION.items():
authn = None
if "UserPassword" == authkey:
PASSWORD_END_POINT_INDEX = 0
end_point = config.AUTHENTICATION[authkey]["END_POINTS"][
PASSWORD_END_POINT_INDEX]
authn = AuthnIndexedEndpointWrapper(username_password_authn,
PASSWORD_END_POINT_INDEX)
_urls.append((r'^' + end_point, make_auth_verify(authn.verify)))
# Ensure javascript_login_authn to be defined
try:
javascript_login_authn
except NameError:
javascript_login_authn = None
if "JavascriptLogin" == authkey:
if not javascript_login_authn:
end_points = config.AUTHENTICATION[
"JavascriptLogin"]["END_POINTS"]
full_end_point_paths = [
"{}{}".format(_issuer, ep) for ep in end_points]
javascript_login_authn = JavascriptFormMako(
authnBroker = AuthnBroker()
# UsernamePasswordMako: authenticas a user using the username/password form in a
# WSGI environment using Mako as template system
usernamePasswordAuthn = UsernamePasswordMako(
None, # server instance
"login.mako", # a mako template
lookup, # lookup template
usernamePasswords, # username/password dictionary-like database
"%sauthorization" %
config.ISSUER, # where to send the user after authentication
None, # templ_arg_func ??!!
fullEndPointsPath) # verification endpoints
# AuthnIndexedEndpointWrapper is a wrapper class for using an authentication module with multiple endpoints.
authnIndexedEndPointWrapper = AuthnIndexedEndpointWrapper(
usernamePasswordAuthn, passwordEndPointIndex)
authnBroker.add(
config.AUTHENTICATION["UserPassword"]["ACR"], # (?!)
authnIndexedEndPointWrapper, # (?!) method: an identifier of the authentication method.
config.AUTHENTICATION["UserPassword"]["WEIGHT"], # security level
"") # (?!) authentication authority
# ?!
authz = AuthzHandling()
clientDB = shelve_wrapper.open(config.CLIENTDB)
# In-Memory non-persistent SessionDB issuing DefaultTokens
sessionDB = create_session_db(config.ISSUER,
secret=rndstr(32),
password=rndstr(32))
# methods from the set it has been supplied, to map that request.
authnBroker = AuthnBroker()
# UsernamePasswordMako: authenticas a user using the username/password form in a
# WSGI environment using Mako as template system
usernamePasswordAuthn = UsernamePasswordMako(
None, # server instance
"login.mako", # a mako template
lookup, # lookup template
usernamePasswords, # username/password dictionary-like database
"%sauthorization" % config.ISSUER, # where to send the user after authentication
None, # templ_arg_func ??!!
fullEndPointsPath) # verification endpoints
# AuthnIndexedEndpointWrapper is a wrapper class for using an authentication module with multiple endpoints.
authnIndexedEndPointWrapper = AuthnIndexedEndpointWrapper(usernamePasswordAuthn, passwordEndPointIndex)
authnBroker.add(config.AUTHENTICATION["UserPassword"]["ACR"], # (?!)
authnIndexedEndPointWrapper, # (?!) method: an identifier of the authentication method.
config.AUTHENTICATION["UserPassword"]["WEIGHT"], # security level
"") # (?!) authentication authority
# ?!
authz = AuthzHandling()
clientDB = shelve_wrapper.open(config.CLIENTDB)
# In-Memory non-persistent SessionDB issuing DefaultTokens
sessionDB = create_session_db(config.ISSUER,
secret=rndstr(32),
password=rndstr(32))