1 # Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING
3 from __future__ import absolute_import
5 from ipsilon.providers.common import ProviderBase
6 from ipsilon.providers.openid.store import OpenIDStore
7 from ipsilon.providers.openid.auth import OpenID
8 from ipsilon.providers.openid.extensions.common import LoadExtensions
9 from ipsilon.util.plugin import PluginObject
10 from ipsilon.util import config as pconfig
11 from ipsilon.info.common import InfoMapping
13 from openid.server.server import Server
16 class IdpProvider(ProviderBase):
18 def __init__(self, *pargs):
19 super(IdpProvider, self).__init__('openid', 'openid', *pargs)
20 self.mapping = InfoMapping()
24 self.extensions = LoadExtensions()
25 self.description = """
26 Provides OpenID 2.0 authentication infrastructure. """
32 'Database URL for OpenID temp storage',
35 'default email domain',
36 'Used for users missing the email property.',
40 'The Absolute URL of the OpenID provider',
41 'http://localhost:8080/idp/openid/'),
43 'identity url template',
44 'The templated URL where identities are exposed.',
45 'http://localhost:8080/idp/openid/id/%(username)s'),
48 'List of trusted relying parties.'),
51 'List of untrusted relying parties.'),
54 'Choose the extensions to enable',
55 self.extensions.available().keys()),
57 'default attribute mapping',
58 'Defines how to map attributes before calling extensions',
61 'default allowed attributes',
62 'Defines a list of allowed attributes, applied after mapping',
67 def endpoint_url(self):
68 url = self.get_config_value('endpoint url')
75 def default_email_domain(self):
76 return self.get_config_value('default email domain')
79 def identity_url_template(self):
80 url = self.get_config_value('identity url template')
87 def trusted_roots(self):
88 return self.get_config_value('trusted roots')
91 def untrusted_roots(self):
92 return self.get_config_value('untrusted roots')
95 def enabled_extensions(self):
96 return self.get_config_value('enabled extensions')
99 def default_attribute_mapping(self):
100 return self.get_config_value('default attribute mapping')
103 def default_allowed_attributes(self):
104 return self.get_config_value('default allowed attributes')
106 def get_tree(self, site):
108 self.page = OpenID(site, self)
109 # self.admin = AdminPage(site, self)
114 self.server = Server(
115 OpenIDStore(self.get_config_value('database url')),
116 op_endpoint=self.endpoint_url)
118 # Expose OpenID presence in the root
119 headers = self._root.default_headers
120 headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
122 html_heads = self._root.html_heads
123 HEAD_LINK = '<link rel="%s" href="%s">'
124 openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
125 HEAD_LINK % ('openid.server', self.endpoint_url)]
126 html_heads['openid'] = openid_heads
129 super(IdpProvider, self).on_enable()
131 self.extensions.enable(self._config['enabled extensions'].get_value())
134 class Installer(object):
136 def __init__(self, *pargs):
138 self.ptype = 'provider'
141 def install_args(self, group):
142 group.add_argument('--openid', choices=['yes', 'no'], default='yes',
143 help='Configure OpenID Provider')
145 def configure(self, opts):
146 if opts['openid'] != 'yes':
150 if opts['secure'].lower() == 'no':
152 url = '%s://%s/%s/openid/' % (
153 proto, opts['hostname'], opts['instance'])
155 # Add configuration data to database
156 po = PluginObject(*self.pargs)
159 po.wipe_config_values()
160 config = {'endpoint url': url,
161 'identity_url_template': '%sid/%%(username)s' % url}
162 po.save_plugin_config(config)
164 # Update global config to add login plugin
166 po.save_enabled_state()