def __init__(self, *args, **kw):
self.delay = False
self.realms = None
self.glo = getGlobalObject()
conf = self.glo.getConfig()
do_reload = False
# do the bootstrap if no entry in the app_globals
if len(list(conf.keys())) == 0:
do_reload = True
if self.glo.isConfigComplet() is False:
do_reload = True
self.delay = True
if 'linotp.enableReplication' in conf:
val = conf.get('linotp.enableReplication')
if val.lower() == 'true':
# look for the timestamp when config was created
e_conf_date = conf.get('linotp.Config')
# in case of replication, we always have to look if the
# config data in the database changed
db_conf_date = _retrieveConfigDB('linotp.Config')
if str(db_conf_date) != str(e_conf_date):
do_reload = True
self.refreshConfig(do_reload=do_reload)
return
def __init__(self, *args, **kw):
self.parent = super(LinOtpConfig, self)
self.parent.__init__(*args, **kw)
self.delay = False
self.realms = None
self.glo = getGlobalObject()
conf = self.glo.getConfig()
do_reload = False
# do the bootstrap if no entry in the app_globals
if len(conf.keys()) == 0:
do_reload = True
if self.glo.isConfigComplet() is False:
do_reload = True
self.delay = True
if 'linotp.enableReplication' in conf:
val = conf.get('linotp.enableReplication')
if val.lower() == 'true':
# look for the timestamp when config was created
e_conf_date = conf.get('linotp.Config')
# in case of replication, we always have to look if the
# config data in the database changed
db_conf_date = _retrieveConfigDB('linotp.Config')
if str(db_conf_date) != str(e_conf_date):
do_reload = True
self.refreshConfig(do_reload=do_reload)
return
def __init__(self, *args, **kw):
"""
base controller constructor
:param *args: generic argument array
:param **kw: generic argument dict
:return: None
"""
self.sep = None
self.set_language(request.headers)
self.base_auth_user = ''
self.parent = super(WSGIController, self)
self.parent.__init__(*args, **kw)
# make the OpenID SQL Instance globally available
openid_sql = config.get('openid_sql', None)
if openid_sql is None:
try:
openid_storage = SQLStorage()
config['openid_sql'] = openid_storage
except Exception as exx:
config['openid_sql'] = exx
log.error("Failed to configure openid_sql: %r" % exx)
first_run = False
app_setup_done = config.get('app_setup_done', False)
if app_setup_done is False:
try:
setup_app(config)
config['app_setup_done'] = True
first_run = True
except Exception as exx:
config['app_setup_done'] = False
log.error("Failed to serve request: %r" % exx)
raise exx
# set the decryption device before loading linotp config,
# so it contains the decrypted values as well
glo = getGlobalObject()
self.sep = glo.security_provider
try:
hsm = self.sep.getSecurityModule()
self.hsm = hsm
c.hsm = hsm
except Exception as exx:
log.exception('failed to assign hsm device: %r' % exx)
raise exx
l_config = getLinotpConfig()
# initialize the elliptic curve secret + public key for the qrtoken
secret_key = l_config.get('SecretKey.Partition.0', False)
if not secret_key:
init_key_partition(l_config, partition=0)
resolver_setup_done = config.get('resolver_setup_done', False)
if resolver_setup_done is False:
try:
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=l_config, cache_dir=cache_dir)
config['resolver_setup_done'] = True
except Exception as exx:
config['resolver_setup_done'] = False
log.error("Failed to setup resolver: %r", exx)
raise exx
# TODO: verify merge dropped
# initResolvers()
# if we are in the setup cycle, we check for the linotpLicenseFile
if first_run:
if "linotpLicenseFile" in config and 'license' not in l_config:
license_str = ''
filename = config.get("linotpLicenseFile", '')
try:
with open(filename) as f:
license_str = f.read()
except IOError:
log.error("could not open licence file: %s", filename)
if not license_str:
log.error("empty license file: %s", filename)
else:
with request_context_safety():
request_context['translate'] = translate
import linotp.lib.support
res, msg = linotp.lib.support.setSupportLicense(
license_str)
if res is False:
log.error("failed to load license: %s: %s",
license_str, msg)
else:
log.info("license successfully loaded")
if 'provider.config_file' in config:
from linotp.provider import load_provider_ini
load_provider_ini(config['provider.config_file'])
return
def authenticate(self, environ, identity):
log.debug("Authentication through repoze.")
username = None
realm = None
options = {}
realmbox = "False"
authenticate = True
if isSelfTest():
authenticate = False
try:
if isSelfTest():
if ('login' not in identity
and 'repoze.who.plugins.auth_tkt.userid' in identity):
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
username = identity['login']
realm = identity['realm']
password = identity['password']
options.update(identity)
realmbox = options.get("realmbox", "False")
except KeyError as e:
log.exception("Keyerror in repoze identity: %r." % e)
return None
# convert string to boolean
realm_mbox = False
if realmbox.lower() == 'true':
realm_mbox = True
# check username/realm, password
with request_context_safety():
linotp_config = getLinotpConfig()
request_context['Config'] = linotp_config
# add the cache manager to the context
glo = getGlobalObject()
cache_manager = glo.cache_manager
request_context['CacheManager'] = cache_manager
# and also add the hsm - enables us to do otp validation :-)
sep = glo.security_provider
hsm = sep.getSecurityModule()
request_context['hsm'] = hsm
# initialize the base context
# - copied for the dumb repoze middleware
cache_dir = config.get("app_conf", {}).get("cache_dir", None)
setupResolvers(config=linotp_config, cache_dir=cache_dir)
resolver_context = initResolvers()
request_context.update(resolver_context)
# prepare the request local user cache
if 'UserLookup' not in request_context:
request_context['UserLookup'] = {}
user = get_authenticated_user(username,
realm,
password,
realm_box=realm_mbox,
authenticate=authenticate,
options=options)
if not user:
return None
authUser = "******" % (user.login, user.realm)
return authUser