Exemplo n.º 1
0
 def handleRequest(self, environ, start_response, path, consumer_info):
     """
     Will handle the setup of the Idp.
     The user must be authenticated.
     :param environ:
     :param start_response:
     :param filePath:
     :return:
     """
     identity = None
     try:
         identity = environ["repoze.who.identity"]["user"]
     except:
         return self.unauthorized(environ, start_response)
     #try:
     if identity is None or len(identity) == 0:
         return self.unauthorized(environ, start_response)
     elif DeclarativeAuth.getInstance().userMatchRule(path, identity["uid"][0]):
         qs = self.getQueryDict(environ)
         if path == self.CONST_SETUPLOGUT:
             return self.handleLogout(environ, start_response)
         if path == self.CONST_SETUPABOUT:
             return self.handleAbout(environ, start_response)
         elif path == self.CONST_SETUPSTYLES:
             return self.handleStyles(environ, start_response)
         elif path == self.CONST_SETUP:
             return self.handleSetup(environ, start_response)
         elif path == self.CONST_SETUPSERVICE:
             return self.handleSetupService(environ, start_response, qs, consumer_info)
         elif path == self.CONST_SAVESECRET:
             return self.handleSaveSecret(environ, start_response, qs)
         else:
             return self.handleUnknown(environ, start_response, path)
     else:
         return self.handleNotAuthorized(environ, start_response)
Exemplo n.º 2
0
    def testUserInRole(self):
        """
        Verify that users will be in correct roles.
        """

        filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json"
        dAuth = DeclarativeAuth.getInstance(filename)

        self.assertTrue(dAuth.userInRole("haho", {"user": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"admin": ["writer"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"admin": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"admin": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"admin": ["reader","writer"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"economics": ["writer"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"economics": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"economics": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("haho", {"economics": ["reader","writer"]}), '')

        self.assertTrue(dAuth.userInRole("test1", {"user": ["*"]}), '')
        self.assertFalse(dAuth.userInRole("test1", {"admin": ["writer"]}), '')
        self.assertFalse(dAuth.userInRole("test1", {"admin": ["reader"]}), '')
        self.assertFalse(dAuth.userInRole("test1", {"admin": ["*"]}), '')
        self.assertFalse(dAuth.userInRole("test1", {"admin": ["reader","writer"]}), '')
        self.assertFalse(dAuth.userInRole("test1", {"economics": ["writer"]}), '')
        self.assertTrue(dAuth.userInRole("test1", {"economics": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("test1", {"economics": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("test1", {"economics": ["reader","writer"]}), '')

        self.assertTrue(dAuth.userInRole("test2", {"user": ["*"]}), '')
        self.assertFalse(dAuth.userInRole("test2", {"admin": ["writer"]}), '')
        self.assertFalse(dAuth.userInRole("test2", {"admin": ["reader"]}), '')
        self.assertFalse(dAuth.userInRole("test2", {"admin": ["*"]}), '')
        self.assertFalse(dAuth.userInRole("test2", {"admin": ["reader","writer"]}), '')
        self.assertTrue(dAuth.userInRole("test2", {"economics": ["writer"]}), '')
        self.assertFalse(dAuth.userInRole("test2", {"economics": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("test2", {"economics": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("test2", {"economics": ["reader","writer"]}), '')

        self.assertTrue(dAuth.userInRole("test3", {"user": ["*"]}), '')
        self.assertFalse(dAuth.userInRole("test3", {"admin": ["writer"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"admin": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"admin": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"admin": ["reader","writer"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"economics": ["writer"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"economics": ["reader"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"economics": ["*"]}), '')
        self.assertTrue(dAuth.userInRole("test3", {"economics": ["reader","writer"]}), '')
Exemplo n.º 3
0
    def testMethod(self):
        """
        Verify that the JSON file kan be read, by checking if rules, users and roles exists.
        """

        filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json"
        #filename = os.path.dirname(os.path.abspath(__file__))+"/test.json"
        dAuth = DeclarativeAuth.getInstance(filename)

        self.assertTrue(dAuth.userExists("haho"), 'dAuth.userExists("haho") should be true')

        self.assertTrue(dAuth.ruleExists("*"), 'dAuth.ruleExists("*") should be true')

        self.assertTrue(dAuth.ruleExists("/admin"), 'dAuth.ruleExists("/admin") should be true')

        self.assertTrue(dAuth.roleExists({"admin": ["reader","writer"]}), 'dAuth.roleExists({"admin":["reader","writer"]}) should be true')

        self.assertTrue(dAuth.roleExists({"admin": ["reader"]}), 'dAuth.roleExists({"admin":["reader"]}) should be true')

        self.assertTrue(dAuth.roleExists({"admin": ["*"]}), 'dAuth.roleExists({"admin": ["*"]}) should be true')

        self.assertFalse(dAuth.roleExists({"admin": ["whatever"]}), 'dAuth.roleExists({"admin": ["whatever"]}) should be false')
Exemplo n.º 4
0
    def testUserMatchRule(self):
        """
        Verify that users can get access to protected areas, or get prevented from access areas.
        """

        filename = os.path.dirname(os.path.abspath(__file__))+"/authSetup.json"
        dAuth = DeclarativeAuth.getInstance(filename)


        self.assertTrue(dAuth.userMatchRule("/anypage","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/admin/anypage","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/admin","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/admin/setup/","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/admin/setup/anypage","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/test.html","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/","haho"), '')
        self.assertTrue(dAuth.userMatchRule("/about","haho"), '')

        #Verify that the singleton pattern really works.
        dAuth = DeclarativeAuth.getInstance()

        self.assertTrue(dAuth.userMatchRule("/anypage","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/anypage","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/admin","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage","test1"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/test.html","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/economics/setup/anypage","test1"), '')
        self.assertFalse(dAuth.userMatchRule("/economics/setup/","test1"), '')
        self.assertTrue(dAuth.userMatchRule("/about","test1"), '')


        self.assertTrue(dAuth.userMatchRule("/anypage","test2"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/anypage","test2"), '')
        self.assertFalse(dAuth.userMatchRule("/admin","test2"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/","test2"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage","test2"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/test.html","test2"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage","test2"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/","test2"), '')
        self.assertTrue(dAuth.userMatchRule("/about","test2"), '')


        self.assertTrue(dAuth.userMatchRule("/anypage", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/admin/anypage", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/admin", "test3"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/", "test3"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/test.html", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/anypage", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/economics/setup/", "test3"), '')
        self.assertTrue(dAuth.userMatchRule("/about","test3"), '')

        self.assertFalse(dAuth.userMatchRule("/anypage", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/anypage", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/admin", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/admin/setup/anypage", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/economics/test.html", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/economics/setup/anypage", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/economics/setup/", "test4"), '')
        self.assertFalse(dAuth.userMatchRule("/about","test4"), '')
Exemplo n.º 5
0
 def testMethod(self):
     """
     Verify that the singleton works
     """
     self.assertEqual(DeclarativeAuth.getInstance().classId(), DeclarativeAuth.getInstance().classId(),
                      'DeclarativeAuth.getInstance().classId() = DeclarativeAuth.getInstance().classId()')
Exemplo n.º 6
0
    def initAuthApp(self, application, metadataList, conf, secretFile, configfilePath=None):
        """
        Will add authentication middleware to the WSGI application.

        :param self:
        :param application: Function for main WSGI application
        :rtype : PluggableAuthenticationMiddleware
        :return:
        """

        self.CONST_SETUP = "/setup"
        self.CONST_SETUPSERVICE = "/setup/service"
        self.CONST_SETUPSTYLES = "/setup/styles"
        self.CONST_SAVESECRET = "/setup/SaveSecret"
        self.CONST_SETUPABOUT = "/setup/about"
        self.CONST_SETUPLOGUT = "/setup/logout"
        self.CONST_SESSION_USER = "******"

        self.CONST_KEY = "key"
        self.CONST_SECRET = "secret"

        if configfilePath is None:
            self.CONST_ROOT = os.path.dirname(os.path.abspath(__file__))
        else:
            self.CONST_ROOT = configfilePath

        self.CONST_AUTH_FILE = IdpSetupSp._instance.CONST_ROOT + "/auth.json"
        self.CONST_STATIC_FILE = IdpSetupSp._instance.CONST_ROOT + "/files/static/"
        self.CONST_STATIC_MAKO = IdpSetupSp._instance.CONST_ROOT + "/files/mako/"
        self.CONST_LOOKUP = TemplateLookup(directories=[self.CONST_STATIC_MAKO + 'templates', self.CONST_STATIC_MAKO + 'htdocs'],
                                           module_directory=self.CONST_STATIC_MAKO + 'modules',
                                           input_encoding='utf-8', output_encoding='utf-8')

        self.CONST_ONTS = {
            saml.NAMESPACE: saml,
            mdui.NAMESPACE: mdui,
            mdattr.NAMESPACE: mdattr,
            dri.NAMESPACE: dri,
            ui.NAMESPACE: ui,
            idpdisc.NAMESPACE: idpdisc,
            md.NAMESPACE: md,
            xmldsig.NAMESPACE: xmldsig,
            xmlenc.NAMESPACE: xmlenc
        }

        self.CONST_ATTRCONV = attribute_converter.ac_factory("attributemaps")


        try:
            xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
        except:
            try:
                xmlsec_path = get_xmlsec_binary(["/usr/local/bin"])
            except:
                xmlsec_path = '/usr/bin/xmlsec1'

        for metadata in metadataList:
            mds = MetadataStore(self.CONST_ONTS.values(), self.CONST_ATTRCONV, xmlsec_path,
                                disable_ssl_certificate_validation=True)
            mds.imp(metadata)
            for entityId in mds.keys():
                self.spKeyList.append(entityId)

        for key in conf:
            self.socialServiceKeyList.append(conf[key]["name"])

        self.secretFile = secretFile

        currentPath = os.path.dirname(os.path.abspath(__file__))
        lib_path = os.path.abspath(self.CONST_ROOT)
        sys.path.append(lib_path)
        DeclarativeAuth.getInstance(self.CONST_AUTH_FILE)
        app_with_auth = make_middleware_with_config(application, {"here": "."},
                                                    self.CONST_ROOT+'/who.ini',
                                                    log_file=self.CONST_ROOT+"/repoze_who.log")
        return app_with_auth
Exemplo n.º 7
0
 def verifyHandleRequest(self, path):
     return DeclarativeAuth.getInstance().ruleMatch(path)