Cleaned up
This commit is contained in:
Roland Hedberg
@@ -17,8 +17,7 @@ def _expiration(timeout, format=None):
|
|||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
def dict_to_table(ava, lev=0, width=1):
|
def dict_to_table(ava, lev=0, width=1):
|
||||||
txt = []
|
txt = ['<table border=%s bordercolor="black">\n' % width]
|
||||||
txt.append('<table border=%s bordercolor="black">\n' % width)
|
|
||||||
for prop, valarr in ava.items():
|
for prop, valarr in ava.items():
|
||||||
txt.append("<tr>\n")
|
txt.append("<tr>\n")
|
||||||
if isinstance(valarr, basestring):
|
if isinstance(valarr, basestring):
|
||||||
@@ -66,14 +65,20 @@ FORM_SPEC = """<form name="myform" method="post" action="%s">
|
|||||||
def sso(environ, start_response, user, logger):
|
def sso(environ, start_response, user, logger):
|
||||||
""" Supposted to return a POST """
|
""" Supposted to return a POST """
|
||||||
#edict = dict_to_table(environ)
|
#edict = dict_to_table(environ)
|
||||||
#logger and logger.info("Environ keys: %s" % environ.keys())
|
#if logger: logger.info("Environ keys: %s" % environ.keys())
|
||||||
logger.info("--- In SSO ---")
|
logger.info("--- In SSO ---")
|
||||||
|
query = None
|
||||||
if "QUERY_STRING" in environ:
|
if "QUERY_STRING" in environ:
|
||||||
logger and logger.info("Query string: %s" % environ["QUERY_STRING"])
|
if logger:
|
||||||
|
logger.info("Query string: %s" % environ["QUERY_STRING"])
|
||||||
query = parse_qs(environ["QUERY_STRING"])
|
query = parse_qs(environ["QUERY_STRING"])
|
||||||
elif "s2repoze.qinfo" in environ:
|
elif "s2repoze.qinfo" in environ:
|
||||||
query = environ["s2repoze.qinfo"]
|
query = environ["s2repoze.qinfo"]
|
||||||
|
|
||||||
|
if not query:
|
||||||
|
start_response('401 Unauthorized', [('Content-Type', 'text/plain')])
|
||||||
|
return ['Unknown user']
|
||||||
|
|
||||||
# base 64 encoded request
|
# base 64 encoded request
|
||||||
req_info = IDP.parse_authn_request(query["SAMLRequest"][0])
|
req_info = IDP.parse_authn_request(query["SAMLRequest"][0])
|
||||||
logger.info("parsed OK")
|
logger.info("parsed OK")
|
||||||
@@ -92,21 +97,20 @@ def sso(environ, start_response, user, logger):
|
|||||||
req_info["request"].name_id_policy,
|
req_info["request"].name_id_policy,
|
||||||
userid)
|
userid)
|
||||||
except Exception, excp:
|
except Exception, excp:
|
||||||
logger and logger.error("Exception: %s" % (excp,))
|
if logger: logger.error("Exception: %s" % (excp,))
|
||||||
raise
|
raise
|
||||||
|
|
||||||
logger and logger.info("AuthNResponse: %s" % authn_resp)
|
if logger: logger.info("AuthNResponse: %s" % authn_resp)
|
||||||
|
|
||||||
response = []
|
response = ["<head>",
|
||||||
response.append("<head>")
|
"<title>SAML 2.0 POST</title>",
|
||||||
response.append("<title>SAML 2.0 POST</title>")
|
"</head><body>",
|
||||||
response.append("</head><body>")
|
FORM_SPEC % (req_info["consumer_url"],
|
||||||
response.append(FORM_SPEC % (req_info["consumer_url"],
|
base64.b64encode("".join(authn_resp)), "/"),
|
||||||
base64.b64encode("".join(authn_resp)),"/"))
|
"""<script type="text/javascript" language="JavaScript">""",
|
||||||
response.append("""<script type="text/javascript" language="JavaScript">""")
|
" document.myform.submit();",
|
||||||
response.append(" document.myform.submit();")
|
"""</script>""",
|
||||||
response.append("""</script>""")
|
"</body>"]
|
||||||
response.append("</body>")
|
|
||||||
|
|
||||||
start_response('200 OK', [('Content-Type', 'text/html')])
|
start_response('200 OK', [('Content-Type', 'text/html')])
|
||||||
return response
|
return response
|
||||||
@@ -130,24 +134,29 @@ def not_found(environ, start_response, logger):
|
|||||||
def not_authn(environ, start_response, logger):
|
def not_authn(environ, start_response, logger):
|
||||||
if "QUERY_STRING" in environ:
|
if "QUERY_STRING" in environ:
|
||||||
query = parse_qs(environ["QUERY_STRING"])
|
query = parse_qs(environ["QUERY_STRING"])
|
||||||
logger and logger.info("query: %s" % query)
|
if logger: logger.info("query: %s" % query)
|
||||||
start_response('401 Unauthorized', [('Content-Type', 'text/plain')])
|
start_response('401 Unauthorized', [('Content-Type', 'text/plain')])
|
||||||
return ['Unknown user']
|
return ['Unknown user']
|
||||||
|
|
||||||
def slo(environ, start_response, user, logger):
|
def slo(environ, start_response, user, logger):
|
||||||
""" Expects a HTTP-redirect logout request """
|
""" Expects a HTTP-redirect logout request """
|
||||||
|
|
||||||
|
query = None
|
||||||
if "QUERY_STRING" in environ:
|
if "QUERY_STRING" in environ:
|
||||||
logger and logger.info("Query string: %s" % environ["QUERY_STRING"])
|
if logger: logger.info("Query string: %s" % environ["QUERY_STRING"])
|
||||||
query = parse_qs(environ["QUERY_STRING"])
|
query = parse_qs(environ["QUERY_STRING"])
|
||||||
|
|
||||||
|
if not query:
|
||||||
|
start_response('401 Unauthorized', [('Content-Type', 'text/plain')])
|
||||||
|
return ['Unknown user']
|
||||||
|
|
||||||
try:
|
try:
|
||||||
req_info = IDP.parse_logout_request(query["SAMLRequest"][0],
|
req_info = IDP.parse_logout_request(query["SAMLRequest"][0],
|
||||||
BINDING_HTTP_REDIRECT)
|
BINDING_HTTP_REDIRECT)
|
||||||
logger.info("LOGOUT request parsed OK")
|
logger.info("LOGOUT request parsed OK")
|
||||||
logger.info("REQ_INFO: %s" % req_info.message)
|
logger.info("REQ_INFO: %s" % req_info.message)
|
||||||
except KeyError, exc:
|
except KeyError, exc:
|
||||||
logger and logger.info("logout request error: %s" % (exc,))
|
if logger: logger.info("logout request error: %s" % (exc,))
|
||||||
# return error reply
|
# return error reply
|
||||||
|
|
||||||
# look for the subject
|
# look for the subject
|
||||||
@@ -220,8 +229,8 @@ def application(environ, start_response):
|
|||||||
|
|
||||||
path = environ.get('PATH_INFO', '').lstrip('/')
|
path = environ.get('PATH_INFO', '').lstrip('/')
|
||||||
logger = environ.get('repoze.who.logger')
|
logger = environ.get('repoze.who.logger')
|
||||||
logger and logger.info("<application> PATH: %s" % path)
|
if logger: logger.info("<application> PATH: %s" % path)
|
||||||
logger and logger.info("Cookie: %s" % (kaka,))
|
if logger: logger.info("Cookie: %s" % (kaka,))
|
||||||
for regex, callback in URLS:
|
for regex, callback in URLS:
|
||||||
if user:
|
if user:
|
||||||
match = re.search(regex, path)
|
match = re.search(regex, path)
|
||||||
@@ -230,10 +239,10 @@ def application(environ, start_response):
|
|||||||
environ['myapp.url_args'] = match.groups()[0]
|
environ['myapp.url_args'] = match.groups()[0]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
environ['myapp.url_args'] = path
|
environ['myapp.url_args'] = path
|
||||||
logger and logger.info("callback: %s" % (callback,))
|
if logger: logger.info("callback: %s" % (callback,))
|
||||||
return callback(environ, start_response, user, logger)
|
return callback(environ, start_response, user, logger)
|
||||||
else:
|
else:
|
||||||
logger and logger.info("-- No USER --")
|
if logger: logger.info("-- No USER --")
|
||||||
return not_authn(environ, start_response, logger)
|
return not_authn(environ, start_response, logger)
|
||||||
return not_found(environ, start_response, logger)
|
return not_found(environ, start_response, logger)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user