Пример #1
0
    def __init__(self, user_db, passwd_db, smtp_server, outgoing_sender,
                 template_env, code_ttl=2, template="mail_two_factor.jinja2",
                 **kwargs):
        """

        :param user_db:
        :param smtp_server:
        :param outgoing_sender:
        :param code_ttl: how long the code is valid (in minutes)
        :param kwargs:
        :return:
        """
        super(MailTwoFactor, self).__init__(None)
        self.template_env = template_env
        self.template = template

        self.first_factor = UserPass(passwd_db, template_env)
        self.first_factor.url_endpoint = self.url_endpoint

        cls = make_cls_from_name(user_db["class"])
        self.user_db = cls(**user_db["kwargs"])
        self.smtp_server = smtp_server
        self.outgoing_sender = outgoing_sender
        self.code_ttl = code_ttl * 60 * 1000  # ttl in ms

        self.codes = {}
Пример #2
0
    def __init__(self,
                 user_db,
                 passwd_db,
                 smtp_server,
                 outgoing_sender,
                 template_env,
                 code_ttl=2,
                 template="mail_two_factor.jinja2",
                 **kwargs):
        """

        :param user_db:
        :param smtp_server:
        :param outgoing_sender:
        :param code_ttl: how long the code is valid (in minutes)
        :param kwargs:
        :return:
        """
        super(MailTwoFactor, self).__init__(None)
        self.template_env = template_env
        self.template = template

        self.first_factor = UserPass(passwd_db, template_env)
        self.first_factor.url_endpoint = self.url_endpoint

        cls = make_cls_from_name(user_db["class"])
        self.user_db = cls(**user_db["kwargs"])
        self.smtp_server = smtp_server
        self.outgoing_sender = outgoing_sender
        self.code_ttl = code_ttl * 60 * 1000  # ttl in ms

        self.codes = {}
Пример #3
0
def setup_authentication_methods(authn_config, template_env):
    """Add all authentication methods specified in the configuration."""
    routing = {}
    ac = AuthnBroker()
    for authn_method in authn_config:
        cls = make_cls_from_name(authn_method["class"])
        instance = cls(template_env=template_env, **authn_method["kwargs"])
        ac.add(authn_method["acr"], instance)
        routing[instance.url_endpoint] = VerifierMiddleware(instance)

    return ac, routing
Пример #4
0
def setup_authentication_methods(authn_config, template_env):
    """Add all authentication methods specified in the configuration."""
    routing = {}
    ac = AuthnBroker()
    for authn_method in authn_config:
        cls = make_cls_from_name(authn_method["class"])
        instance = cls(template_env=template_env, **authn_method["kwargs"])
        ac.add(authn_method["acr"], instance)
        routing[instance.url_endpoint] = VerifierMiddleware(instance)

    return ac, routing
Пример #5
0
    def __init__(self, db, template_env, template="user_pass.jinja2", **kwargs):
        super(UserPass, self).__init__(None)
        self.template_env = template_env
        self.template = template

        cls = make_cls_from_name(db["class"])
        self.user_db = cls(**db["kwargs"])

        self.kwargs = kwargs
        self.kwargs.setdefault("page_header", "Log in")
        self.kwargs.setdefault("user_label", "Username")
        self.kwargs.setdefault("passwd_label", "Password")
        self.kwargs.setdefault("submit_btn", "Log in")
Пример #6
0
    def __init__(self, db, template_env, template="user_pass.jinja2", **kwargs):
        super(UserPass, self).__init__(None)
        self.template_env = template_env
        self.template = template

        cls = make_cls_from_name(db["class"])
        self.user_db = cls(**db["kwargs"])

        self.kwargs = kwargs
        self.kwargs.setdefault("page_header", "Log in")
        self.kwargs.setdefault("user_label", "Username")
        self.kwargs.setdefault("passwd_label", "Password")
        self.kwargs.setdefault("submit_btn", "Log in")
Пример #7
0
    def __init__(self, yubikey_db, validation_server, client_id, template_env,
                 secret_key=None, verify_ssl=True, template="yubico_otp.jinja2",
                 **kwargs):
        super(YubicoOTP, self).__init__(None)
        self.template_env = template_env
        self.template = template

        cls = make_cls_from_name(yubikey_db["class"])
        self.yubikey_db = cls(**yubikey_db["kwargs"])

        self.client = Yubico(client_id, secret_key,
                             api_urls=[validation_server],
                             verify_cert=verify_ssl)
        if not verify_ssl:
            # patch yubico-client to not find any ca bundle
            self.client._get_ca_bundle_path = lambda: None
Пример #8
0
    def __init__(self, yubikey_db, validation_server, client_id, template_env,
                 secret_key=None, verify_ssl=True, template="yubico_otp.jinja2",
                 **kwargs):
        super(YubicoOTP, self).__init__(None)
        self.template_env = template_env
        self.template = template

        cls = make_cls_from_name(yubikey_db["class"])
        self.yubikey_db = cls(**yubikey_db["kwargs"])

        self.client = Yubico(client_id, secret_key,
                             api_urls=[validation_server],
                             verify_cert=verify_ssl)
        if not verify_ssl:
            # patch yubico-client to not find any ca bundle
            self.client._get_ca_bundle_path = lambda: None
Пример #9
0
def main():
    parser = argparse.ArgumentParser(description='Example OIDC Provider.')
    parser.add_argument("-p", "--port", default=80, type=int)
    parser.add_argument("-b", "--base", default="https://localhost", type=str)
    parser.add_argument("-d", "--debug", action="store_true")
    parser.add_argument("settings")
    args = parser.parse_args()

    # Load configuration
    with open(args.settings, "r") as f:
        settings = yaml.load(f)

    baseurl = args.base.rstrip("/")
    issuer = "{base}:{port}".format(base=baseurl, port=args.port)

    template_dirs = settings["server"].get("template_dirs", "templates")
    jinja_env = Environment(loader=FileSystemLoader(template_dirs))
    authn_broker, auth_routing = setup_authentication_methods(settings["authn"],
                                                              jinja_env)

    # Setup userinfo
    userinfo_conf = settings["userinfo"]
    cls = make_cls_from_name(userinfo_conf["class"])
    i = cls(**userinfo_conf["kwargs"])
    userinfo = UserInfo(i)

    client_db = {}
    provider = Provider(issuer, SessionDB(baseurl), client_db, authn_broker,
                        userinfo, AuthzHandling(), verify_client, None)
    provider.baseurl = issuer
    provider.symkey = rndstr(16)

    # Setup keys
    path = os.path.join(os.path.dirname(__file__), "static")
    try:
        os.makedirs(os.path.dirname(path))
    except OSError, e:
        if e.errno != errno.EEXIST:
            raise e
        pass
Пример #10
0
def main():
    parser = argparse.ArgumentParser(description='Example OIDC Provider.')
    parser.add_argument("-p", "--port", default=80, type=int)
    parser.add_argument("-b", "--base", default="https://localhost", type=str)
    parser.add_argument("-d", "--debug", action="store_true")
    parser.add_argument("settings")
    args = parser.parse_args()

    # Load configuration
    with open(args.settings, "r") as f:
        settings = yaml.load(f)

    issuer = args.base.rstrip("/")

    template_dirs = settings["server"].get("template_dirs", "templates")
    jinja_env = Environment(loader=FileSystemLoader(template_dirs))
    authn_broker, auth_routing = setup_authentication_methods(
        settings["authn"], jinja_env)

    # Setup userinfo
    userinfo_conf = settings["userinfo"]
    cls = make_cls_from_name(userinfo_conf["class"])
    i = cls(**userinfo_conf["kwargs"])
    userinfo = UserInfo(i)

    client_db = {}
    provider = Provider(issuer, SessionDB(issuer), client_db, authn_broker,
                        userinfo, AuthzHandling(), verify_client, None)
    provider.baseurl = issuer
    provider.symkey = rndstr(16)

    # Setup keys
    path = os.path.join(os.path.dirname(__file__), "static")
    try:
        os.makedirs(path)
    except OSError, e:
        if e.errno != errno.EEXIST:
            raise e
        pass
Пример #11
0
def main():
    parser = argparse.ArgumentParser(description='Example OIDC Provider.')
    parser.add_argument("-p", "--port", default=80, type=int)
    parser.add_argument("-b", "--base", default="https://localhost", type=str)
    parser.add_argument("-d", "--debug", action="store_true")
    parser.add_argument("settings")
    args = parser.parse_args()

    # Load configuration
    with open(args.settings, "r") as f:
        settings = yaml.load(f)

    issuer = args.base.rstrip("/")

    template_dirs = settings["server"].get("template_dirs", "templates")
    jinja_env = Environment(loader=FileSystemLoader(template_dirs))
    authn_broker, auth_routing = setup_authentication_methods(
        settings["authn"], jinja_env)

    # Setup userinfo
    userinfo_conf = settings["userinfo"]
    cls = make_cls_from_name(userinfo_conf["class"])
    i = cls(**userinfo_conf["kwargs"])
    userinfo = UserInfo(i)

    client_db = {}
    provider = Provider(issuer, SessionDB(issuer), client_db, authn_broker,
                        userinfo, AuthzHandling(), verify_client, None)
    provider.baseurl = issuer
    provider.symkey = rndstr(16)

    # Setup keys
    path = os.path.join(os.path.dirname(__file__), "static")
    try:
        os.makedirs(path)
    except OSError as e:
        if e.errno != errno.EEXIST:
            raise e
        pass
    jwks = keyjar_init(provider, settings["provider"]["keys"])
    name = "jwks.json"
    with open(os.path.join(path, name), "w") as f:
        f.write(json.dumps(jwks))

    provider.jwks_uri.append("{}/static/{}".format(provider.baseurl, name))

    # Mount the WSGI callable object (app) on the root directory
    app_routing = setup_endpoints(provider)
    app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware(
        provider.providerinfo_endpoint)
    app_routing["/.well-known/webfinger"] = pyoidcMiddleware(
        partial(_webfinger, provider))
    routing = dict(list(auth_routing.items()) + list(app_routing.items()))
    routing["/static"] = make_static_handler(path)
    dispatcher = WSGIPathInfoDispatcher(routing)
    server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher)

    # Setup SSL
    if provider.baseurl.startswith("https://"):
        server.ssl_adapter = BuiltinSSLAdapter(
            settings["server"]["cert"], settings["server"]["key"],
            settings["server"]["cert_chain"])

    # Start the CherryPy WSGI web server
    try:
        print("Server started: {}".format(issuer))
        server.start()
    except KeyboardInterrupt:
        server.stop()
Пример #12
0
def main():
    parser = argparse.ArgumentParser(description='Example OIDC Provider.')
    parser.add_argument("-p", "--port", default=80, type=int)
    parser.add_argument("-b", "--base", default="https://localhost", type=str)
    parser.add_argument("-d", "--debug", action="store_true")
    parser.add_argument("settings")
    args = parser.parse_args()

    # Load configuration
    with open(args.settings, "r") as f:
        settings = yaml.load(f)

    issuer = args.base.rstrip("/")

    template_dirs = settings["server"].get("template_dirs", "templates")
    jinja_env = Environment(loader=FileSystemLoader(template_dirs))
    authn_broker, auth_routing = setup_authentication_methods(settings["authn"],
                                                              jinja_env)

    # Setup userinfo
    userinfo_conf = settings["userinfo"]
    cls = make_cls_from_name(userinfo_conf["class"])
    i = cls(**userinfo_conf["kwargs"])
    userinfo = UserInfo(i)

    client_db = {}
    session_db = create_session_db(issuer,
                                   secret=rndstr(32), password=rndstr(32))
    provider = Provider(issuer, session_db, client_db, authn_broker,
                        userinfo, AuthzHandling(), verify_client, None)
    provider.baseurl = issuer
    provider.symkey = rndstr(16)

    # Setup keys
    path = os.path.join(os.path.dirname(__file__), "static")
    try:
        os.makedirs(path)
    except OSError as e:
        if e.errno != errno.EEXIST:
            raise e
        pass
    jwks = keyjar_init(provider, settings["provider"]["keys"])
    name = "jwks.json"
    with open(os.path.join(path, name), "w") as f:
        f.write(json.dumps(jwks))

    #TODO: I take this out and it still works, what was this for?
    #provider.jwks_uri.append(
    #    "{}/static/{}".format(provider.baseurl, name))

    # Mount the WSGI callable object (app) on the root directory
    app_routing = setup_endpoints(provider)
    app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware(
        provider.providerinfo_endpoint)
    app_routing["/.well-known/webfinger"] = pyoidcMiddleware(
        partial(_webfinger, provider))
    routing = dict(list(auth_routing.items()) + list(app_routing.items()))
    routing["/static"] = make_static_handler(path)
    dispatcher = WSGIPathInfoDispatcher(routing)
    server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher)

    # Setup SSL
    if provider.baseurl.startswith("https://"):
        server.ssl_adapter = BuiltinSSLAdapter(
        settings["server"]["cert"], settings["server"]["key"],
        settings["server"]["cert_chain"])

    # Start the CherryPy WSGI web server
    try:
        print("Server started: {}".format(issuer))
        server.start()
    except KeyboardInterrupt:
        server.stop()