John Dennis [Tue, 20 Jan 2015 22:13:34 +0000 (17:13 -0500)]
Add request/response logging via cherrypy tool hooks
The ability to easily review the HTTP Ipsilon request and response is
boon for development and issue debugging. Normally these HTTP
conversations occur on SSL/TLS encrypted connections making it
difficult to use other tools to view the traffic. Client side tools
have known pitfalls (e.g. Firebug) and not all conversations are
browser initiated (e.g. SAML ECP). Logging performed by the server
hosting Ipsilon makes logging at the server level server specific
(e.g. Apache's dumpio requires post-processing the log file to extract
and reassamble the HTTP conversation). The best place to log requests
and responses is within Ipsilon using the cherrypy framework
Ipsilon is embedded in. Cherrypy provides user defined hooks that can
be invoked at specific places in the request pipeline. We establish a
hook at the last stage just before the response is written to the
client, it logs the incoming request and outgoing response.
Resolves: https://fedorahosted.org/ipsilon/ticket/44
Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 22 Jan 2015 14:03:55 +0000 (15:03 +0100)]
Fix a copy-paste error
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Mon, 12 Jan 2015 13:24:37 +0000 (14:24 +0100)]
Fix some copy-paste errors in help output
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
https://fedorahosted.org/ipsilon/ticket/33
Simo Sorce [Mon, 12 Jan 2015 20:02:18 +0000 (15:02 -0500)]
Use referer too as source of transaction IDs
This allows us to use apache module that use things like ErrorDocument
directives to do internal redirects and still retain the original
transaction intact.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Tue, 16 Dec 2014 15:40:03 +0000 (16:40 +0100)]
Fix file permissions and remove shebang's
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 12 Dec 2014 17:26:18 +0000 (12:26 -0500)]
Bump RPM spec version to 0.3.0
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Thu, 11 Dec 2014 21:33:44 +0000 (22:33 +0100)]
Update version and maintainer info
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Sat, 6 Dec 2014 17:40:38 +0000 (12:40 -0500)]
Make quickrun create a symlink to ui
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:49:14 +0000 (15:49 -0500)]
Change working directory for quickrun
Set the current working directory to the provided one, so if realtive
paths are used by plugins they within the quickrun working area.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:54:02 +0000 (15:54 -0500)]
Make pep8 happy again
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 5 Dec 2014 17:28:21 +0000 (12:28 -0500)]
Add OpenIDStore to store associations and nonces
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:37:28 +0000 (15:37 -0500)]
Add defaults to List objects
Otherwise we get backtraces when checking for list members and no configuration
have been stored in the database yet.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 19:28:22 +0000 (14:28 -0500)]
Allow to pass drectly a URL to the Store class
This is useful for plugins that want to use their own database configuration
but still want to reuse he Store class for simplicity.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 09:18:05 +0000 (10:18 +0100)]
Add support for Persona Identity Provider
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 13:45:13 +0000 (14:45 +0100)]
Make sure the XRDS is returned as string
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 13:39:30 +0000 (14:39 +0100)]
Delay exposing OpenID
This makes sure we have loaded the configuration
before using it
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 12:59:41 +0000 (13:59 +0100)]
Fix LDAP plugin configuration checks
Interpret config value correctly (it is a boolean now)
Pass required argument
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Tue, 11 Nov 2014 23:34:58 +0000 (18:34 -0500)]
Improve spec file
Add missing dependencies.
Split into smaller packages so that admins can choose what to install and
what dependencies to drag in.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 03:56:38 +0000 (22:56 -0500)]
Bump version to 0.2.6
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 20:20:14 +0000 (15:20 -0500)]
Fix svg parsing in mod_wsgi
Whe ipsilon is used behind apache we need to cast the template to a string.
Otherwise mod_wsgi returns a TypeError complaining about the fact data is
a unicode string instead of a byte string.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 03:55:01 +0000 (22:55 -0500)]
Add admin svg to setup.py
Otherwise it will be missing from oficial distribution files.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 11 Nov 2014 23:37:38 +0000 (18:37 -0500)]
Add missing openid paths to setup.py
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 6 Nov 2014 19:01:04 +0000 (14:01 -0500)]
Add visual cues to configuration panels
Make it easier to recognize which plugins are enabled and which are
disabled. Also make it easier to recognize when a plugin has just changed
state, by flashing its row (help also realize it may have moved up/down)
Based on concept work by Petr Vobornik
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 4 Nov 2014 22:56:50 +0000 (17:56 -0500)]
Use indirection to report error strings
This way if CSS/Code changes we have just one place to fix.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 7 Nov 2014 20:25:43 +0000 (15:25 -0500)]
Add test to check file based configuration works
This is a stripped down version of test1 that manually stored the
configuration of the IDP as well as the SP metadata in the admin.conf
file, and then check thatthe SP can be successfully used.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 3 Nov 2014 22:28:58 +0000 (17:28 -0500)]
Return proper errors if config is read-only
Do not throw 501 errors, instead return warnings that the configuration
changes cannot be applied.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 30 Oct 2014 02:01:55 +0000 (22:01 -0400)]
Add option to source configuration from a file
If the configfile:// schema is used, the data is sourced from an ini
style config file instead of being read from a database.
The tables in this data source will be considered read-only and
all modification functions will throw exceptions.
Only 2 and 3 columns tables are supported, and the first column
values must not contain spaces (typically a name/identifier).
The adminconfig db is the only supported one at this time.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 30 Oct 2014 01:51:52 +0000 (21:51 -0400)]
Remove unused option
Autotable is always enabled, so remove the option and just alays use it.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 20:31:06 +0000 (16:31 -0400)]
Make internal functions private
load_data and reset_data are used only internally,
turn them into private functions
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 20:30:17 +0000 (16:30 -0400)]
Remove unused function
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 27 Oct 2014 15:25:46 +0000 (11:25 -0400)]
Refactor plugin initialization and enablement
Move most plugin enablement and initialization code in plugin.py to
reduce code duplication and simplify and unifify plugin enablement
for all base plugin types (login, info, providers).
This patch breaks backwards compatibility as it changes how the list
of enabled plugins is stored in the database tables.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 27 Oct 2014 14:43:27 +0000 (10:43 -0400)]
Set newurl on admin actions to stay on the page
By setting newurl, the browser state is replaced with the base configuration
URL, so that user actions like hitting reload do not end up trying to
trigger another change or an enablement/disablement of a plugin.
It also insures actions are not accidentally triggered when hitting the back
button.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 23 Oct 2014 15:45:32 +0000 (11:45 -0400)]
Refactor plugin configuration
Fork a PluginConfig class out of PluginObject, the base object now supports
a simple dictionary config, while using PluginConfig provide access to
structured util.config based configuration.
Change UI code that deal with plugins configuration to properly use the new
structured config objects in order to represent data in appropriate format
based on the data type.
Use the new util.config objects to represent plugins configuration.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 23 Oct 2014 15:44:43 +0000 (11:44 -0400)]
Add config utilities to represent data types
This will be used to properly format data in configuration UIs, and
to properly import/export data from/to th database for internal use.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 20 Oct 2014 20:08:06 +0000 (16:08 -0400)]
In configure we do not need to set_config()
All we care about in configure is to store the config in the db,
so skip setting the config explicitly in the plugin object and go
straight to the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 10 Nov 2014 19:57:53 +0000 (14:57 -0500)]
Add simple SqlSession implementation
This allows us to store session data in the DB. This way session data can
be shared by multiple servers behind a balancer.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 14:22:36 +0000 (10:22 -0400)]
Add test to check a real database (pgsql) works
Change config template to e able to set up ipsilon with an extrenal
database.
For the easy install the database server must have 3 datbases configured,
and named exactly: admincondif, userprefs, transactions
If different names are required manual instalation will be necessary.
Database URLs (including credentials) can be set using the new option
named --database-url
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 15:20:00 +0000 (11:20 -0400)]
Fix plugins enablement code
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 19 Oct 2014 20:02:22 +0000 (16:02 -0400)]
Add SVG Image to the Home administration page
This SVG image contain HREF links that are template in jinja to link
images/text i the SVG to the menu pages.
Clicking on elements of the SVG thus redirects to the relevant menu item.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 16 Oct 2014 00:26:24 +0000 (20:26 -0400)]
Update style of plugins config page too
Also fix a bug that would cause the config page to show no fields
when saving.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 16 Oct 2014 00:04:14 +0000 (20:04 -0400)]
Reuse the AdminPlugins class for the providers too
This way we can remove even more duplicated code... \o/
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 15 Oct 2014 04:17:53 +0000 (00:17 -0400)]
Improve UI for enabling/disabling plugins config
Use the same templates for both info and login plugins
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 16:54:06 +0000 (12:54 -0400)]
Change default font-size to a bigger one
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 16:54:57 +0000 (12:54 -0400)]
Disable clean-css for now
During developemtn it makes it easier to have a human readbale css file.
In future we may change the code to strip unnecessary chracters on the fly
or restore clean-css generation.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 17:03:14 +0000 (13:03 -0400)]
Add default link to system fonts
This avoids annoying 404s to the browser if open-sans fonts are installed
If they are not installed fallback fonts will be used by the browser.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 15 Oct 2014 02:30:32 +0000 (22:30 -0400)]
Allow to call forms from any of the admin pages
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 22:01:04 +0000 (18:01 -0400)]
Use self.log in authpam.py
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 21:45:45 +0000 (17:45 -0400)]
Fix lp-test target compaints
This was making make test fail even though make tests was working
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 24 Oct 2014 20:14:45 +0000 (22:14 +0200)]
infoldap is of course LDAP
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Fri, 24 Oct 2014 17:25:19 +0000 (19:25 +0200)]
Map some common attributes from fas to userdata
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Tue, 14 Oct 2014 22:39:19 +0000 (18:39 -0400)]
Properly handle empty values in storage
Do not return default values if an actual empty string is found
in the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 14 Oct 2014 03:41:12 +0000 (23:41 -0400)]
Return to provider if user cancels login
When the cancel button is hit return to the provider and eventually to the
original application via return urls.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 10 Oct 2014 17:34:00 +0000 (13:34 -0400)]
Handle invalid/expired transactions gracefully
Return a useful error page every time and invalid or expired
transaction is requested, instead of ending up with an internal
backtrace and an ugly 500 error.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sat, 11 Oct 2014 16:14:20 +0000 (12:14 -0400)]
Remove useless log file
Tests do not log into this log file, so remove it for now, it just clutters
the tests dir without reason.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 10 Oct 2014 18:21:25 +0000 (20:21 +0200)]
Make the template directory configurable
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Fri, 10 Oct 2014 18:11:59 +0000 (20:11 +0200)]
Show login target on the login screen
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 10 Oct 2014 18:24:27 +0000 (14:24 -0400)]
Drop custom FAS template
The form and fas template are identical so just drop the fas.html
template and use the default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 10 Oct 2014 17:26:34 +0000 (13:26 -0400)]
Add group and CLA support to FAS login plugin
Add support for returning groups and other information from the FAS
login plugin.
If the openid module is available also split out cla group information
into a spearate item so the openid CLA extension can make use of it
and cla groups are not regarded as real groups.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 9 Oct 2014 03:38:18 +0000 (23:38 -0400)]
Add OpenId extensions
Implement:
Simple Registration
Attribute Exchange
(Fedora) Teams
CLAs
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 9 Oct 2014 18:44:04 +0000 (14:44 -0400)]
Add attribute mapping for user information
When user information is retrieved we map any wellknown data to a
standardized set of names.
A ne InfoMapping class takes cares of helping the info modules to
map the data they retrieve so that providers can find it in wellknown
attribute names for further use.
Mapping of attribute names for diplay purposes is also provided.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Mon, 6 Oct 2014 17:12:13 +0000 (19:12 +0200)]
Add OpenIDP Provider
This commit implements all the core functionality needed to expose
an OpenID Identity Provider including a framework to dynamycally add
extensions.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 14 Oct 2014 15:57:28 +0000 (11:57 -0400)]
Handle lists type options in plugins configuration
Autodetect and convert config values based on the options definition.
If the option is marked as list split a string on setting the configuration
or join the list into a string before saving it to the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 10 Oct 2014 19:52:01 +0000 (15:52 -0400)]
Do not overwrite default plugin options
Change the admin plugin to not overwrite the plugin default options,
and only use the sanctioned pluginObject interfaces to read/write
config values.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 8 Oct 2014 22:13:15 +0000 (18:13 -0400)]
Add helpers to store per plugin user preferences
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 15:00:37 +0000 (11:00 -0400)]
Move some exceptions into provider.common
These are generically useful and can be rused as they are by other
providers.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 9 Oct 2014 22:09:54 +0000 (18:09 -0400)]
Fix storing info plugin status and order
This is the same issue already resolved for the login plugins in
commit
a6ed2bba137df5fb8a9fb2931ccb2d92ca3fa0e0
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 8 Oct 2014 20:02:42 +0000 (16:02 -0400)]
Add sqlalchemy dependency to contrib rpm
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 9 Oct 2014 15:30:25 +0000 (11:30 -0400)]
Fix mod_auth_kerb based authentication
Recent changes in how self.user is populated broke krb based auth.
Explicitly check the remote user in the module to fix it.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Mon, 6 Oct 2014 19:08:51 +0000 (21:08 +0200)]
The quickrun workdir and cscope.out should be ignored
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 03:32:34 +0000 (23:32 -0400)]
Add auto-auth requirement to all admin pages
Instead ofhaving to explicitly decorate all methods with auth_protect()
use the fact all pages go through Page.__call__ to conditionally check
if the user is anoynous and set a default when instantiating AdminPage
so that all admin pages require authentication.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 02:48:07 +0000 (22:48 -0400)]
Add AdminPage abstraction on top of util.Page
This is to allow different default headers between Admin pages and
other pages.
In particular we set no-caching headers to all admin pages to force
browsers to refresh as often as possible.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 02:18:56 +0000 (22:18 -0400)]
Add way to set default headers
When a Page is called automatically sets default headers by adding
headers on the default_headers variable.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 01:48:58 +0000 (21:48 -0400)]
Add pretty handler for 404
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 7 Oct 2014 03:22:10 +0000 (23:22 -0400)]
Fix exposed functions
The Page util is supposed to intercept and enable exposed pages on
its own so that additional functions can be run in the generic __call__
Fix the code to check for the function argument correctly and use a
different argument than the standard cherrypy one for admin pages so
that we do actually land in the Page.__call__ all the time for those
pages.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 6 Oct 2014 19:58:10 +0000 (15:58 -0400)]
Fix make cscope and clean
clean should clean more and cscope should not try to read an unexisting file.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 3 Oct 2014 17:24:37 +0000 (13:24 -0400)]
Redirect anonymous users away
It makes no sense to let anonymous users interact with the admin
pages so tighten up access and redirect away users that have no
rights.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 26 Sep 2014 21:41:04 +0000 (17:41 -0400)]
Additional data store refactoring
Use sqlalchemy to access Sql databases, which are the only implemented
database backends for now.
If no database type is specified we assume a sqlite3 database file path
is configured (this is backwards compatible with current configuration
statements)
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 26 Sep 2014 21:38:30 +0000 (17:38 -0400)]
Fix storing login plugin status and order
When plugins were enabled or disabled their status was not stored
in the database, unless the order was explicitly manipulated.
Moreover if the order was changed that fact would not be refrlected
in the actual authntication order until a restart.
Fix the code to always permanently store the enabled/disabled status,
and to immediately change the authentication order.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 19:59:07 +0000 (15:59 -0400)]
Move wipe_data into Store() as reset_data
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 20:05:04 +0000 (16:05 -0400)]
Databases must be configured in cherrypy.config
There was annoying duplicated init code in the data store classes that was
unused. Just require configuration to be present in cherrypy.config or bail.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 5 Oct 2014 16:49:11 +0000 (12:49 -0400)]
Remove unused dependency
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 18:54:53 +0000 (14:54 -0400)]
Provide cleanup switch to quickrun
Easier to wipe old test and start with fresh data for a quickrun
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 18:54:08 +0000 (14:54 -0400)]
Use installation template in quickrun
Instead of using a duplicate use installation template so there is
less risk of forgetting something in either.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 20:09:39 +0000 (16:09 -0400)]
Add make cscope target
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 25 Sep 2014 18:36:32 +0000 (14:36 -0400)]
Add transactions db default paths
Fixes installation and quickrun
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 2 Oct 2014 23:51:34 +0000 (19:51 -0400)]
Make Transaction code more robust
Avoid raising exceptions when transactions are not found, just return
no cookies or empty dicts with no transactions in them.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 5 Oct 2014 18:00:25 +0000 (14:00 -0400)]
Fix transaction handling in providers
When a provider redirects to the login code, it must retain 'ownership'
of the transaction, otherwise the login code will wipe the transaction
data as sson as the authentication is completed but before the provider
has completed its part of the transaction.
Make sure the transaction code retrieves the 'owner' from the data for
pre-existing transactions.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 5 Oct 2014 17:33:16 +0000 (13:33 -0400)]
Fix login session's userdata acquisition
With the transaction code changes th session.login() function was
incorrectly moved before all the userdata was gathered. An incomplete
set was stored in the session.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Wed, 24 Sep 2014 18:53:14 +0000 (20:53 +0200)]
Add testdir/ to gitignore.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Thu, 28 Aug 2014 18:59:13 +0000 (14:59 -0400)]
Add very simple LDAP authentication plugin
Uses python-ldap to perform a simple bind after connecting to
the LDAP server using (by default) a TLS encrypted connection.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 19 Sep 2014 19:10:27 +0000 (15:10 -0400)]
Test transactions code with full redirect login
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 10 Sep 2014 21:20:02 +0000 (17:20 -0400)]
Use transactions throughout the code
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 10 Sep 2014 21:19:55 +0000 (17:19 -0400)]
Add transactions support
In some cases a user may end up having multiple login pags in diffeent tabs in
the borwser (session restore after a crash, or simply opening multiple urls
which all redirect to the same IdP).
Without transactions multiple authentication requests in fly may step on each
other causing potentially all of them to fail to properly authenticate and
redirect back to the original web site.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 8 Sep 2014 19:55:34 +0000 (15:55 -0400)]
Refactor the data store a bit
Reduce code duplication, and clearly separates admin and user dbs.
Move plugin wrapper away and let plugin code use native functions.
This patch also changes the indexed data to use a uuid and assumes
2 identical uuid cannot be created concurrently.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 16 Sep 2014 21:07:18 +0000 (17:07 -0400)]
Add abstraction class to handle cookies
This handles secure cokies with useful helpers and defaults.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 2 Sep 2014 21:41:07 +0000 (17:41 -0400)]
Add Info providers Admin pages
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sat, 28 Jun 2014 03:10:12 +0000 (23:10 -0400)]
Add test that checks attrs are properly returned
Uses the info_nss module to source attirbutes from the system user
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Jun 2014 23:36:03 +0000 (19:36 -0400)]
Add support for returning user attributes
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 27 Jun 2014 23:29:27 +0000 (19:29 -0400)]
Add Info Provider plugin framework
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 28 Aug 2014 18:25:15 +0000 (14:25 -0400)]
Add error log facility to Log utility
Also improve debug errors by adding the originating function
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>