1 # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
3 from __future__ import absolute_import
5 from ipsilon.providers.common import ProviderBase, ProviderInstaller
6 from ipsilon.providers.openid.store import OpenIDStore
7 from ipsilon.providers.openid.auth import OpenID
8 from ipsilon.providers.openid.extensions.common import LoadExtensions
9 from ipsilon.util.plugin import PluginObject
10 from ipsilon.util import config as pconfig
11 from ipsilon.info.common import InfoMapping
13 from openid.server.server import Server
16 class IdpProvider(ProviderBase):
18 def __init__(self, *pargs):
19 super(IdpProvider, self).__init__('openid', 'openid', *pargs)
20 self.mapping = InfoMapping()
24 self.extensions = LoadExtensions()
25 self.description = """
26 Provides OpenID 2.0 authentication infrastructure. """
32 'Database URL for OpenID temp storage',
35 'default email domain',
36 'Used for users missing the email property.',
40 'The Absolute URL of the OpenID provider',
41 'http://localhost:8080/idp/openid/'),
43 'identity url template',
44 'The templated URL where identities are exposed.',
45 'http://localhost:8080/idp/openid/id/%(username)s'),
48 'List of trusted relying parties.'),
51 'List of untrusted relying parties.'),
54 'Choose the extensions to enable',
55 self.extensions.available().keys()),
57 'default attribute mapping',
58 'Defines how to map attributes before calling extensions',
61 'default allowed attributes',
62 'Defines a list of allowed attributes, applied after mapping',
67 def endpoint_url(self):
68 url = self.get_config_value('endpoint url')
75 def default_email_domain(self):
76 return self.get_config_value('default email domain')
79 def identity_url_template(self):
80 url = self.get_config_value('identity url template')
87 def trusted_roots(self):
88 return self.get_config_value('trusted roots')
91 def untrusted_roots(self):
92 return self.get_config_value('untrusted roots')
95 def enabled_extensions(self):
96 return self.get_config_value('enabled extensions')
99 def default_attribute_mapping(self):
100 return self.get_config_value('default attribute mapping')
103 def default_allowed_attributes(self):
104 return self.get_config_value('default allowed attributes')
106 def get_tree(self, site):
107 self.page = OpenID(site, self)
108 # self.admin = AdminPage(site, self)
113 self.server = Server(
114 OpenIDStore(self.get_config_value('database url')),
115 op_endpoint=self.endpoint_url)
117 # Expose OpenID presence in the root
118 headers = self._root.default_headers
119 headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
121 html_heads = self._root.html_heads
122 HEAD_LINK = '<link rel="%s" href="%s">'
123 openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
124 HEAD_LINK % ('openid.server', self.endpoint_url)]
125 html_heads['openid'] = openid_heads
128 super(IdpProvider, self).on_enable()
130 self.extensions.enable(self._config['enabled extensions'].get_value())
133 class Installer(ProviderInstaller):
135 def __init__(self, *pargs):
136 super(Installer, self).__init__()
140 def install_args(self, group):
141 group.add_argument('--openid', choices=['yes', 'no'], default='yes',
142 help='Configure OpenID Provider')
143 group.add_argument('--openid-dburi',
144 help='OpenID database URI')
145 group.add_argument('--openid-extensions', default='',
146 help='List of OpenID Extensions to enable')
148 def configure(self, opts, changes):
149 if opts['openid'] != 'yes':
153 if opts['secure'].lower() == 'no':
155 url = '%s://%s/%s/openid/' % (
156 proto, opts['hostname'], opts['instance'])
158 # Add configuration data to database
159 po = PluginObject(*self.pargs)
162 po.wipe_config_values()
163 config = {'endpoint url': url,
164 'identity url template': '%sid/%%(username)s' % url,
165 'database url': opts['openid_dburi'] or
166 opts['database_url'] % {
167 'datadir': opts['data_dir'], 'dbname': 'openid'},
168 'enabled extensions': opts['openid_extensions']}
169 po.save_plugin_config(config)
171 # Update global config to add login plugin
173 po.save_enabled_state()