def init_app(self, app):
""" Constructor for the Flask application. """
self.app = app
app.config.setdefault('FAS_OPENID_ENDPOINT',
'https://id.fedoraproject.org/openid/')
app.config.setdefault('FAS_OPENID_CHECK_CERT', True)
if not self.app.config['FAS_OPENID_CHECK_CERT']:
setDefaultFetcher(Urllib2Fetcher())
# json_encoder is only available from flask 0.10
version = flask.__version__.split('.')
assume_recent = False
try:
major = int(version[0])
minor = int(version[1])
except ValueError:
# We'll assume we're using a recent enough flask as the packages
# of old versions used sane version numbers.
assume_recent = True
if assume_recent or (major > 0 or minor >= 10):
self.app.json_encoder = FASJSONEncoder
@app.route('/_flask_fas_openid_handler/', methods=['GET', 'POST'])
def flask_fas_openid_handler():
""" Endpoint for OpenID results. """
return self._handle_openid_request()
app.before_request(self._check_session)
def __init__(self,
openid_provider,
check_certificate=True,
**kwargs):
unknown = []
self.permissions = {}
for group in kwargs:
self.permissions[group] = []
for perm in kwargs[group]:
if perm in Authz.knownActions:
self.permissions[group].append(perm)
else:
unknown.append(perm)
self.openid_provider = openid_provider
self.sessions = SessionManager()
self.init_childs = False
if not check_certificate:
setDefaultFetcher(Urllib2Fetcher())
# This makes us get self.master as per baseweb.py:472
self.auth = self
# This makes the login form be a link
self.useHttpHeader = True
self.httpLoginUrl = '/_openid_start/'
if unknown != []:
raise ValueError('Unknown authorization action(s) ' +
', '.join(unknown))
def set_default_openid_fetcher():
# Make sure we're using the same fetcher that we use in production, even
# if pycurl is installed.
fetcher = Urllib2Fetcher()
if config.launchpad.enable_test_openid_provider:
cafile = os.path.join(config.root, "configs/development/launchpad.crt")
fetcher.urlopen = partial(urllib2.urlopen, cafile=cafile)
setDefaultFetcher(fetcher)
def _init_app(self, app):
app.config.setdefault('FAS_OPENID_ENDPOINT',
'http://id.fedoraproject.org/')
app.config.setdefault('FAS_OPENID_CHECK_CERT', True)
if not self.app.config['FAS_OPENID_CHECK_CERT']:
setDefaultFetcher(Urllib2Fetcher())
@app.route('/_flask_fas_openid_handler/', methods=['GET', 'POST'])
def flask_fas_openid_handler():
return self._handle_openid_request()
app.before_request(self._check_session)
def _init_app(self, app):
""" Constructor for the flask application. """
app.config.setdefault('FAS_OPENID_ENDPOINT',
'http://id.fedoraproject.org/')
app.config.setdefault('FAS_OPENID_CHECK_CERT', True)
if not self.app.config['FAS_OPENID_CHECK_CERT']:
setDefaultFetcher(Urllib2Fetcher())
@app.route('/_flask_fas_openid_handler/', methods=['GET', 'POST'])
def flask_fas_openid_handler():
""" Add endpoint handling the openid requests. """
return self._handle_openid_request()
app.before_request(self._check_session)
def main(host, port, data_path, weak_ssl=False):
# Instantiate OpenID consumer store and OpenID consumer. If you
# were connecting to a database, you would create the database
# connection and instantiate an appropriate store here.
if data_path:
store = filestore.FileOpenIDStore(data_path)
else:
store = memstore.MemoryStore()
if weak_ssl:
setDefaultFetcher(Urllib2Fetcher())
addr = (host, port)
server = OpenIDHTTPServer(store, addr, OpenIDRequestHandler)
print 'Server running at:'
print server.base_url
server.serve_forever()
def _initIdPValidation(self, idpWhitelistConfigFilePath):
"""Initialise M2Crypto based urllib2 HTTPS handler to enable SSL
authentication of OpenID Providers"""
if _M2CRYPTO_NOT_INSTALLED:
raise ImportError("M2Crypto is required for SSL-based IdP "
"validation but it is not installed.")
log.info("Setting parameters for SSL Authentication of OpenID "
"Provider ...")
idPValidationDriver = SSLIdPValidationDriver(
idpConfigFilePath=idpWhitelistConfigFilePath)
# Force Python OpenID library to use Urllib2 fetcher instead of the
# Curl based one otherwise the M2Crypto SSL handler will be ignored.
setDefaultFetcher(Urllib2Fetcher())
log.debug("Setting the M2Crypto SSL handler ...")
opener = urllib2.OpenerDirector()
opener.add_handler(FlagHttpsOnlyHandler())
opener.add_handler(HTTPSHandler(idPValidationDriver.ctx))
urllib2.install_opener(opener)
import sys
import cherrypy
import os
import pwd
import ssl
from openid.fetchers import setDefaultFetcher, Urllib2Fetcher
from openid.consumer import consumer
from openid.extensions import sreg, ax
from openid_teams import teams
sys.stdout = sys.stderr
# This is an ugly hack to make python-openid not check the certs
setDefaultFetcher(Urllib2Fetcher())
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
pass
else:
ssl._create_default_https_context = _create_unverified_https_context
class OpenIDApp(object):
def index(self, extensions):
self.extensions = extensions == 'YES'
oidconsumer = consumer.Consumer(dict(), None)
try:
request = oidconsumer.begin('https://127.0.0.10:45080/idp1/')
except Exception as ex:
