class IdentityProvider(Setting):
resource_path = "resources/authentication/"
js_template = "script/idp.js"
json_schemata = Container(Schema("info", WellKnownInfoDefinition()),
Schema("sign", IdentityAssertionDefinition()))
# Provider URL paths
endpoints = Container(
Endpoint("info", "/.well-known/spresso-info", ["GET"]),
Endpoint("login", "/.well-known/spresso-login", ["GET", "POST"]),
Endpoint("sign", "/sign", ["POST"]),
)
# External URL path
endpoints_ext = Container(
Endpoint("proxy", "/.well-known/spresso-proxy", ["GET"]))
# Subresource Integrity
# Currently not in use, as SRI for iframes is currently under development.
# This should be used in future versions.
sri = False
sri_hash = None
def __init__(self, domain, private_key_path, public_key_path):
super(IdentityProvider, self).__init__()
self.domain = domain
self.private_key = get_file_content(private_key_path, "rb")
self.public_key = get_file_content(public_key_path, "r")
class RelyingParty(Setting):
resource_path = "resources/authentication/"
regexp = r"^[^#&]+@([a-zA-Z0-9-.]+)$"
js_template = "script/rp.js"
wait_template = "html/wait.html"
redirect_template = "html/redir.html"
json_schemata = Container(
Schema("start_login", StartLoginDefinition()),
Schema("ia_signature", IdentityAssertionDefinition()),
Schema("info", WellKnownInfoDefinition())
)
endpoints = Container(
Endpoint("index", "/", ["GET", "POST"]),
Endpoint("wait", "/wait", ["GET"]),
Endpoint("start_login", "/startLogin", ["POST"]),
Endpoint("redirect", "/redir", ["GET"]),
Endpoint("login", "/login", ["POST"]),
)
default_idp_endpoints = Container(
Endpoint("info", "/.well-known/spresso-info", ["GET"]),
Endpoint("login", "/.well-known/spresso-login", ["GET", "POST"]),
name="default"
)
endpoints_ext = SelectionContainer("select", default=default_idp_endpoints)
# CachingSetting container for the well known info on multiple idps
default_caching = CachingSetting("default", True, 48 * 60 * 60)
caching_settings = SelectionContainer("select", default=default_caching)
fwd_selector = SelectionContainer("random")
# Requests are done by the requests package,
# refer to its documentation on 'proxies' and 'verify'
proxies = {}
verify = True
def __init__(self, domain, forwarder_domain):
super(RelyingParty, self).__init__()
self.domain = domain
self.fwd_selector.update_default(
ForwardDomain("default", forwarder_domain)
)
self.scheme_well_known_info = self.scheme
self.cache = Cache(self)
def test_update(self):
container = Container()
self.assertRaises(ValueError, container.update, "")
entry = Entry()
entry.name = "name"
container.update(entry)
self.assertIn(entry, container._dictionary.values())
class Forward(Setting):
resource_path = "resources/authentication/"
# Javascript
js_template = "script/fwd.js"
proxy_template = "html/proxy.html"
endpoints = Container(
Endpoint("proxy", "/.well-known/spresso-proxy", ["GET"]),
)
class Setting(object):
_available_schemes = ["http", "https"]
endpoints = Container()
scheme = "https"
debug = False
def __setattr__(self, key, value):
if key == "scheme":
if value not in self._available_schemes:
raise ValueError("'scheme' must be one of '{}'".format(
self._available_schemes))
if value == "http":
warnings.warn(
"\nThe SPRESSO system is running on HTTP, this setting "
"renders the system insecure!\nThis should only be used in "
"development environments.\nIf you are running a production"
" environment, make sure all traffic is transferred over "
"HTTPS!", RuntimeWarning)
super(Setting, self).__setattr__(key, value)
class ApiInformationSettings(Setting):
resource_path = "resources/api/"
api_template = "api.html"
endpoints = Container(Endpoint("api_info", "/spresso", ["GET"]), )
def test_get(self):
container = Container()
container._dictionary.update(dict(key="value"))
self.assertEqual(container.get("key"), "value")
def test_init(self):
entry = Entry()
entry.name = "name"
container = Container(entry)
self.assertIsNone(container.name)
self.assertEqual(container._dictionary.get("name"), entry)
def test_all(self):
container = Container()
self.assertEqual(container.all(), dict())