def __before__(self, action): ''' This is the authentication to self service If you want to do ANYTHING with selfservice, you need to be authenticated. The _before_ is executed before any other function in this controller. ''' try: param = request.params audit.initialize() c.audit['success'] = False c.audit['client'] = get_client(request) c.version = get_version() c.licenseinfo = get_copyright_info() self.request_context['Audit'] = audit (auth_type, auth_user) = get_auth_user(request) if not auth_user or auth_type not in ['repoze', 'selftest']: abort(401, "You are not authenticated") (c.user, _foo, c.realm) = auth_user.rpartition('@') self.authUser = User(c.user, c.realm, '') if auth_type == "repoze": # checking the session if (False == check_selfservice_session(request, request.url, request.path, request.cookies, request.params )): c.audit['action'] = request.path[1:] c.audit['info'] = "session expired" audit.log(c.audit) abort(401, "No valid session") c.imprint = get_imprint(c.realm) c.tokenArray = [] c.user = self.authUser.login c.realm = self.authUser.realm c.tokenArray = getTokenForUser(self.authUser) # only the defined actions should be displayed # - remark: the generic actions like enrollTT are allready approved # to have a rendering section and included actions = getSelfserviceActions(self.authUser, context=self.request_context) c.actions = actions for policy in actions: if "=" in policy: (name, val) = policy.split('=') val = val.strip() # try if val is a simple numeric - # w.r.t. javascript evaluation try: nval = int(val) except: nval = val c.__setattr__(name.strip(), nval) c.dynamic_actions = add_dynamic_selfservice_enrollment(config, c.actions) # we require to establish all token local defined # policies to be initialiezd additional_policies = add_dynamic_selfservice_policies(config, actions) for policy in additional_policies: c.__setattr__(policy, -1) c.otplen = -1 c.totp_len = -1 return response except webob.exc.HTTPUnauthorized as acc: # the exception, when an abort() is called if forwarded log.info("[__before__::%r] webob.exception %r" % (action, acc)) log.info("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() raise acc except Exception as e: log.exception("[__before__] failed with error: %r" % e) Session.rollback() Session.close() return sendError(response, e, context='before') finally: log.debug('[__after__] done')
def __before__(self, action): ''' This is the authentication to self service If you want to do ANYTHING with selfservice, you need to be authenticated. The _before_ is executed before any other function in this controller. ''' try: param = request.params audit.initialize() c.audit['success'] = False c.audit['client'] = get_client() c.version = get_version() c.licenseinfo = get_copyright_info() if isSelfTest(): log.debug("[__before__] Doing selftest!") uuser = getParam(param, "selftest_user", True) if uuser is not None: (c.user, _foo, c.realm) = uuser.rpartition('@') else: c.realm = "" c.user = "******" env = request.environ uuser = env.get('REMOTE_USER') if uuser is not None: (c.user, _foo, c.realm) = uuser.rpartition('@') if c.user in ['--u--']: abort(401, "No valid session") self.authUser = User(c.user, c.realm, '') log.debug("[__before__] authenticating as %s in realm %s!" % (c.user, c.realm)) else: identity = request.environ.get('repoze.who.identity') if identity is None: abort(401, "You are not authenticated") log.debug("[__before__] doing getAuthFromIdentity in action %s" % action) user_id = request.environ.get('repoze.who.identity')\ .get('repoze.who.userid') if type(user_id) == unicode: user_id = user_id.encode(ENCODING) identity = user_id.decode(ENCODING) log.debug("[__before__] getting identity from repoze.who: %r" % identity) (c.user, _foo, c.realm) = identity.rpartition('@') self.authUser = User(c.user, c.realm, '') log.debug("[__before__] set the self.authUser to: %s, %s " % (self.authUser.login, self.authUser.realm)) log.debug('[__before__] param for action %s: %s' % (action, param)) # checking the session if (False == check_selfservice_session(request.url, request.path, request.cookies, request.params )): c.audit['action'] = request.path[1:] c.audit['info'] = "session expired" audit.log(c.audit) abort(401, "No valid session") c.imprint = get_imprint(c.realm) c.tokenArray = [] c.user = self.authUser.login c.realm = self.authUser.realm c.tokenArray = getTokenForUser(self.authUser) # only the defined actions should be displayed # - remark: the generic actions like enrollTT are allready approved # to have a rendering section and included actions = getSelfserviceActions(self.authUser) c.actions = actions for policy in actions: if "=" in policy: (name, val) = policy.split('=') val = val.strip() # try if val is a simple numeric - # w.r.t. javascript evaluation try: nval = int(val) except: nval = val c.__setattr__(name.strip(), nval) c.dynamic_actions = add_dynamic_selfservice_enrollment(config, c.actions) # we require to establish all token local defined # policies to be initialiezd additional_policies = add_dynamic_selfservice_policies(config, actions) for policy in additional_policies: c.__setattr__(policy, -1) c.otplen = -1 c.totp_len = -1 return response except webob.exc.HTTPUnauthorized as acc: # the exception, when an abort() is called if forwarded log.info("[__before__::%r] webob.exception %r" % (action, acc)) log.info("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() raise acc except Exception as e: log.error("[__before__] failed with error: %r" % e) log.error("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() return sendError(response, e, context='before') finally: log.debug('[__after__] done')
def __before__(self, action): ''' This is the authentication to self service. If you want to do ANYTHING with the selfservice, you need to be authenticated. The _before_ is executed before any other function in this controller. ''' try: c.audit = request_context['audit'] c.audit['success'] = False c.audit['client'] = get_client(request) c.version = get_version() c.licenseinfo = get_copyright_info() request_context['Audit'] = audit (auth_type, auth_user) = get_auth_user(request) if not auth_user or auth_type not in ['repoze', 'selftest']: abort(401, "You are not authenticated") (c.user, _foo, c.realm) = auth_user.rpartition('@') self.authUser = User(c.user, c.realm, '') if auth_type == "repoze": # checking the session only for not_form_access actions if action not in self.form_access_methods: call_url = "selfservice/%s" % action valid_session = check_selfservice_session( url=call_url, cookies=request.cookies, params=request.params) if not valid_session: c.audit['action'] = request.path[1:] c.audit['info'] = "session expired" audit.log(c.audit) abort(401, "No valid session") c.imprint = get_imprint(c.realm) c.tokenArray = [] c.user = self.authUser.login c.realm = self.authUser.realm # only the defined actions should be displayed # - remark: the generic actions like enrollTT are allready approved # to have a rendering section and included actions = getSelfserviceActions(self.authUser) c.actions = actions for policy in actions: if policy: if "=" not in policy: c.__setattr__(policy, -1) else: (name, val) = policy.split('=') val = val.strip() # try if val is a simple numeric - # w.r.t. javascript evaluation try: nval = int(val) except: nval = val c.__setattr__(name.strip(), nval) c.dynamic_actions = add_dynamic_selfservice_enrollment( config, c.actions) # we require to establish all token local defined # policies to be initialiezd additional_policies = add_dynamic_selfservice_policies( config, actions) for policy in additional_policies: c.__setattr__(policy, -1) c.otplen = -1 c.totp_len = -1 return response except webob.exc.HTTPUnauthorized as acc: # the exception, when an abort() is called if forwarded log.info("[__before__::%r] webob.exception %r" % (action, acc)) log.info("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() raise acc except Exception as e: log.exception("[__before__] failed with error: %r" % e) Session.rollback() Session.close() return sendError(response, e, context='before') finally: log.debug('[__after__] done')
def __before__(self, action): ''' This is the authentication to self service If you want to do ANYTHING with selfservice, you need to be authenticated. The _before_ is executed before any other function in this controller. ''' try: param = request.params audit.initialize() c.audit['success'] = False c.audit['client'] = get_client() c.version = get_version() c.licenseinfo = get_copyright_info() if isSelfTest(): log.debug("[__before__] Doing selftest!") uuser = getParam(param, "selftest_user", True) if uuser is not None: (c.user, _foo, c.realm) = uuser.rpartition('@') else: c.realm = "" c.user = "******" env = request.environ uuser = env.get('REMOTE_USER') if uuser is not None: (c.user, _foo, c.realm) = uuser.rpartition('@') self.authUser = User(c.user, c.realm, '') log.debug("[__before__] authenticating as %s in realm %s!" % (c.user, c.realm)) else: # Use WebAuth instead of LinOTP auth. identity = request.environ.get('REMOTE_USER') if identity is None: abort(401, "You are not authenticated") c.user = identity # Put their current realm as the first one we find them in. # Doesn't really matter since tokens are realm-independent. realms = getAllUserRealms(User(identity, "", "")) if (realms): c.realm = realms[0] self.authUser = User(c.user, c.realm, '') # Check token expiry. age = int(request.environ.get('WEBAUTH_TOKEN_EXPIRATION')) - time.time() # Set selfservice cookie response.set_cookie('linotp_selfservice', 'REMOTE_USER', max_age = int(age)) # Set userservice auth cookie self.client = get_client() authcookie = create_auth_cookie(config, identity, self.client) response.set_cookie('userauthcookie', authcookie, max_age=360*24) log.debug("[__before__] set the self.authUser to: %s, %s " % (self.authUser.login, self.authUser.realm)) log.debug('[__before__] param for action %s: %s' % (action, param)) # checking the session if (False == check_selfservice_session(request.url, request.path, request.cookies, request.params)): c.audit['action'] = request.path[1:] c.audit['info'] = "session expired" audit.log(c.audit) abort(401, "No valid session") c.imprint = get_imprint(c.realm) c.tokenArray = [] c.user = self.authUser.login c.realm = self.authUser.realm c.tokenArray = getTokenForUser(self.authUser) # only the defined actions should be displayed # - remark: the generic actions like enrollTT are allready approved # to have a rendering section and included actions = getSelfserviceActions(self.authUser) c.actions = actions for policy in actions: if "=" in policy: (name, val) = policy.split('=') val = val.strip() # try if val is a simple numeric - # w.r.t. javascript evaluation try: nval = int(val) except: nval = val c.__setattr__(name.strip(), nval) c.dynamic_actions = add_dynamic_selfservice_enrollment(config, c.actions) # we require to establish all token local defined # policies to be initialiezd additional_policies = add_dynamic_selfservice_policies(config, actions) for policy in additional_policies: c.__setattr__(policy, -1) c.otplen = -1 c.totp_len = -1 return response except webob.exc.HTTPUnauthorized as acc: # the exception, when an abort() is called if forwarded log.info("[__before__::%r] webob.exception %r" % (action, acc)) log.info("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() raise acc except Exception as e: log.error("[__before__] failed with error: %r" % e) log.error("[__before__] %s" % traceback.format_exc()) Session.rollback() Session.close() return sendError(response, e, context='before') finally: log.debug('[__before__] done')