def setup(config):
"""Setup SAML2 auth - to be called when the app starts."""
# Ensure python-lasso is available.
if not lasso_loaded:
raise Exception(
'SAML2 enabled in settings but python-lasso could not be loaded.\n'
'Download Lasso from <http://lasso.entrouvert.org/>.'
)
# Register the authentication policy.
config.set_authentication_policy(AuthTktAuthenticationPolicy(
config.get_settings()['saml2.auth_secret'],
hashalg='sha512',
callback=get_user_principals,
))
# Add routes for SAML2 views.
config.add_route('saml2_login', '/login')
config.add_route('saml2_login_metadata', '/login_metadata')
config.add_route('saml2_login_success', '/login_success')
config.add_route('saml2_logout', '/logout')
# Register SAML2 views. Avoid using the "view_config" decorator as we don't
# want the views to be added when SAML2 is disabled.
def add_view(view, **kwargs):
config.add_view(
view,
permission=NO_PERMISSION_REQUIRED,
http_cache=0,
**kwargs
)
add_view(login_view, route_name='saml2_login', renderer='json')
add_view(login_metadata_view, route_name='saml2_login_metadata',
renderer='string')
add_view(login_success_view, route_name='saml2_login_success')
add_view(logout_view, route_name='saml2_logout', renderer='json')
# The default 403 (forbidden) view produces HTML; change it to a JSON one.
forbidden_view_config(renderer='json')(forbidden_view)
def setup(config):
"""Setup SAML2 auth - to be called when the app starts."""
# Ensure python-lasso is available.
if not lasso_loaded:
raise Exception(
'SAML2 enabled in settings but python-lasso could not be loaded.\n'
'Download Lasso from <http://lasso.entrouvert.org/>.')
# Register the authentication policy.
config.set_authentication_policy(
AuthTktAuthenticationPolicy(
config.get_settings()['saml2.auth_secret'],
hashalg='sha512',
callback=get_user_principals,
))
# Add routes for SAML2 views.
config.add_route('saml2_login', '/login')
config.add_route('saml2_login_metadata', '/login_metadata')
config.add_route('saml2_login_success', '/login_success')
config.add_route('saml2_logout', '/logout')
# Register SAML2 views. Avoid using the "view_config" decorator as we don't
# want the views to be added when SAML2 is disabled.
def add_view(view, **kwargs):
config.add_view(view,
permission=NO_PERMISSION_REQUIRED,
http_cache=0,
**kwargs)
add_view(login_view, route_name='saml2_login', renderer='json')
add_view(login_metadata_view,
route_name='saml2_login_metadata',
renderer='string')
add_view(login_success_view, route_name='saml2_login_success')
add_view(logout_view, route_name='saml2_logout', renderer='json')
# The default 403 (forbidden) view produces HTML; change it to a JSON one.
forbidden_view_config(renderer='json')(forbidden_view)
def groupfinder(userid, request):
if request.matched_route != None and not '__static' in request.matched_route.name:
user = request.user
if user and user.username != None:
user.get_user_groupnames()
privileges = ['g:%s' % g for g in user.groups_by_name]
privileges += ['u:'+user.username]
return privileges
else:
return []
else:
return []
forbidden_view_config()
def forbidden(request):
browser_error = checkBrowser(request)
device_error = checkDevice(request)
path = request.path
from pyramid.response import Response
return render_to_response('forbidden.mak', {'path':path,'login':'', 'browser_error':browser_error, 'device_error':device_error}, request=request)
notfound_view_config()
def notfound(request):
browser_error = checkBrowser(request)
device_error = checkDevice(request)
path = request.path
from pyramid.response import Response
return render_to_response('notfound.mak', {'path':path,'login':'', 'browser_error':browser_error, 'device_error':device_error}, request=request)
def _makeOne(self, **kw):
from pyramid.view import forbidden_view_config
return forbidden_view_config(**kw)
def _makeOne(self, **kw):
from pyramid.view import forbidden_view_config
return forbidden_view_config(**kw)