1 # Copyright (C) 2014 Ipsilon contributors, see COPYING file for license
4 from ipsilon.login.common import LoginFormBase, LoginManagerBase
5 from ipsilon.util.plugin import PluginObject
6 from ipsilon.util.policy import Policy
7 from ipsilon.util import config as pconfig
10 from fedora.client.fasproxy import FasProxyClient
11 from fedora.client import AuthError
15 import openid_cla.cla as cla
18 'cla_click': cla.CLA_URI_FEDORA_CLICK,
19 'cla_dell': cla.CLA_URI_FEDORA_DELL,
20 'cla_done': cla.CLA_URI_FEDORA_DONE,
21 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA,
22 'cla_fpca': cla.CLA_URI_FEDORA_FPCA,
23 'cla_ibm': cla.CLA_URI_FEDORA_IBM,
24 'cla_intel': cla.CLA_URI_FEDORA_INTEL,
25 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT,
31 ['username', 'nickname'],
32 ['telephone', 'phone'],
33 ['country_code', 'country'],
34 ['human_name', 'fullname'],
36 ['timezone', 'timezone'],
40 class FAS(LoginFormBase):
42 def __init__(self, site, mgr, page):
43 super(FAS, self).__init__(site, mgr, page)
44 self.mapper = Policy(fas_mapping)
46 def POST(self, *args, **kwargs):
47 username = kwargs.get("login_name")
48 password = kwargs.get("login_password")
51 if username and password:
54 _, data = self.lm.fpc.login(username, password)
56 cherrypy.log.error("Authentication error [%s]" % str(e))
57 except Exception, e: # pylint: disable=broad-except
58 cherrypy.log.error("Unknown Error [%s]" % str(e))
59 if data and data.user:
60 userdata = self.make_userdata(data.user)
61 return self.lm.auth_successful(self.trans,
62 data.user['username'],
65 error = "Authentication failed"
66 cherrypy.log.error(error)
68 error = "Username or password is missing"
69 cherrypy.log.error("Error: " + error)
71 context = self.create_tmpl_context(
74 error_password=not password,
75 error_username=not username
77 # pylint: disable=star-args
78 return self._template(self.formtemplate, **context)
80 def make_userdata(self, fas_data):
81 userdata, fas_extra = self.mapper.map_attributes(fas_data)
83 # compute and store groups and cla groups
84 userdata['_groups'] = []
85 userdata['_extras'] = {'fas': fas_extra, 'cla': []}
86 for group in fas_data.get('approved_memberships', {}):
87 if 'name' not in group:
89 if group.get('group_type') == 'cla':
90 if group['name'] in CLA_GROUPS:
91 group_name = CLA_GROUPS[group['name']]
93 group_name = group['name']
94 userdata['_extras']['cla'].append(group_name)
96 userdata['_groups'].append(group['name'])
101 class LoginManager(LoginManagerBase):
103 def __init__(self, *args, **kwargs):
104 super(LoginManager, self).__init__(*args, **kwargs)
107 self.service_name = 'fas'
110 self.description = """
111 Form based login Manager that uses the Fedora Authentication Server
118 'https://admin.fedoraproject.org/accounts/'),
120 'FAS Proxy client user Agent',
121 'The User Agent presented to the FAS Server.',
125 'If checked skips FAS server cert verification.',
129 'Text used to ask for the username at login time.',
133 'Text used to ask for the password at login time.',
137 'Text used to guide the user at login time.',
138 'Login with your FAS credentials')
143 return self.get_config_value('help text')
146 def username_text(self):
147 return self.get_config_value('username text')
150 def password_text(self):
151 return self.get_config_value('password text')
155 return self.get_config_value('FAS url')
158 def user_agent(self):
159 return self.get_config_value('FAS Proxy client user Agent')
163 return self.get_config_value('FAS Insecure Auth')
165 def get_tree(self, site):
166 self.fpc = FasProxyClient(base_url=self.fas_url,
167 useragent=self.user_agent,
168 insecure=(self.insecure == 'YES'))
169 self.page = FAS(site, self, 'login/fas')
173 class Installer(object):
175 def __init__(self, *pargs):
180 def install_args(self, group):
181 group.add_argument('--fas', choices=['yes', 'no'], default='no',
182 help='Configure FAS authentication')
184 def configure(self, opts):
185 if opts['fas'] != 'yes':
188 # Add configuration data to database
189 po = PluginObject(*self.pargs)
192 po.wipe_config_values()
194 # Update global config to add login plugin
196 po.save_enabled_state()