Patrick Uiterwijk [Fri, 27 Feb 2015 08:27:34 +0000 (09:27 +0100)]
Bump version numbers for release v0.4.0
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Patrick Uiterwijk [Wed, 4 Feb 2015 09:58:14 +0000 (10:58 +0100)]
Add uninstallation support.
As part of this, made all plugins use a Installer baseclass.
https://fedorahosted.org/ipsilon/ticket/38
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Simo Sorce [Tue, 24 Feb 2015 22:34:09 +0000 (17:34 -0500)]
Avoid attrs test flakines, stop using info_nss
authtest already sets the fullname attribute,
just use that one instead of relying on nss which, on test systems
may have a completely empty gecos field, which makes the test fail.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 21:17:23 +0000 (22:17 +0100)]
Split tools between components that require them
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 21:02:58 +0000 (22:02 +0100)]
__init__ needs to be in the main package
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 20:34:44 +0000 (21:34 +0100)]
Bump spec file
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 19:59:48 +0000 (20:59 +0100)]
Do not require ipsilon-tools
If you want to install without the installer, it's not required
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 20:23:44 +0000 (21:23 +0100)]
Split the installer into -tools
The installer is not needed if you deploy with config management
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 19:47:27 +0000 (20:47 +0100)]
Split off authform
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 24 Feb 2015 16:48:24 +0000 (17:48 +0100)]
Make the configparser case sensitive.
Per the instructions of
https://docs.python.org/2/library/configparser.html#ConfigParser.RawConfigParser.optionxform
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Mon, 23 Feb 2015 20:25:09 +0000 (15:25 -0500)]
Make available case insensitive mapping matching
If ignore_case is True then the incomping attributes are matched
case-insensitively in the policy engine.
The CAse of the incoming attribute is not changed on wildcard
matches. On ther matches attributes will be replaced according
to the mapping tables and the case used will be that of the
mapped attributes.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 23 Feb 2015 04:53:33 +0000 (23:53 -0500)]
Use the new Policy engine for login/info mapping
The InfoMapping class is now only used to prettify the default
set of wellknown attributes.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 22 Feb 2015 22:12:13 +0000 (17:12 -0500)]
Add dynamic list to plugin_config forms
This little javascript allows us to dyamically add form fields in
the ComplexList and MappingList tables. Makes it much easier to add
elements to these lists.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 22 Feb 2015 20:14:44 +0000 (15:14 -0500)]
Handle changing MappingList options
Add admin function to handle getting a MappingList object in
form of key/value pair fields.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 22 Feb 2015 19:55:35 +0000 (14:55 -0500)]
Handle changing ComplexList options
Add admin function to handle getting a ComplexList object in
form of key/value pair fields.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 22 Feb 2015 19:54:35 +0000 (14:54 -0500)]
Do not crash on failure to load config
Just report an error and continue with default values.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 18 Feb 2015 19:27:58 +0000 (14:27 -0500)]
Add support for new options to plugin_config.html
This add support in the template for showing ComplexList and
MappingList options.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 18:47:33 +0000 (13:47 -0500)]
Add support for attribute policies in openidp
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 16:13:29 +0000 (11:13 -0500)]
Add support for attribute policies in samlidp
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 15:14:33 +0000 (10:14 -0500)]
Add config option to load mapping lists
This requires careful handling, and should be used sparingly
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 14:33:07 +0000 (09:33 -0500)]
Add Policy class to help filter attributes
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 19:04:49 +0000 (14:04 -0500)]
Prefix userdata hives with _ to avoid conflicts
The main userdata dict contains common attributes, but we add
a sepcial groups list and unmapped extras, as well as indicators
like auth_type.
All these additional attributes are now prefixed by a _ character
so that conflicts with legitimate attributes are improbable.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 23:15:17 +0000 (18:15 -0500)]
Change attrs test to check for fullname
We are not going to return 'extras' by default, and the only
nss attribute mapped to the 'userdata' space is the gecos (as 'fullname')
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 16 Feb 2015 18:32:14 +0000 (13:32 -0500)]
Fix typos in openid provider comments
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 20 Feb 2015 13:28:23 +0000 (14:28 +0100)]
Fix RPM field seperator
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Rob Crittenden [Thu, 12 Feb 2015 16:49:20 +0000 (11:49 -0500)]
Add info plugin that utilizes Apache mod_lookup_identity plugin
mod_look_identity looks up identity information from sssd over
dbus, making additional identity attributes available.
https://fedorahosted.org/ipsilon/ticket/31
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Fri, 13 Feb 2015 19:12:55 +0000 (14:12 -0500)]
Let the plugin configure calls notice failures.
The call to configure the info/login/auth/provider plugins
had no way of recognizing that the configuration failed. Have it
check for an explicit False return value as an indication of failure.
This lets the configuration plugin do a simple return (None) if
it isn't enabled.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Fri, 13 Feb 2015 15:21:53 +0000 (10:21 -0500)]
Fix typo in nss and infoldap info plugins
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Fri, 30 Jan 2015 21:12:23 +0000 (16:12 -0500)]
Test for Single Logout Service
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Fri, 30 Jan 2015 20:07:12 +0000 (15:07 -0500)]
Implement Single Logout Service for SP-initiated logout
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Fri, 30 Jan 2015 15:03:03 +0000 (10:03 -0500)]
Add SAML-specific session data for tracking login/logout sessions
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Thu, 29 Jan 2015 22:21:35 +0000 (17:21 -0500)]
Register SingleLogoutService SAML2 metadata
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rob Crittenden [Thu, 29 Jan 2015 15:24:02 +0000 (10:24 -0500)]
Add helper to store provider specific data
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Patrick Uiterwijk [Fri, 6 Feb 2015 14:05:04 +0000 (15:05 +0100)]
Ignore .rnd (openssl stuff)
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Fri, 6 Feb 2015 13:54:19 +0000 (14:54 +0100)]
Make test results more clear
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 3 Feb 2015 15:37:47 +0000 (16:37 +0100)]
Fall back to default templates dir if it does not exist in template_dir
This would enable people to only override the templates they care about
overriding, like master.html, while still retaining the rest.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Tue, 3 Feb 2015 13:23:05 +0000 (14:23 +0100)]
Remove print lines from openid
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Patrick Uiterwijk [Tue, 3 Feb 2015 13:21:06 +0000 (14:21 +0100)]
Add the OpenID xrds template to setup.py
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Simo Sorce [Mon, 19 Jan 2015 22:47:56 +0000 (17:47 -0500)]
Add expiration to Idp metadata
Also regenerate it frequently, so that any change in configuration can be
automatically reflected in the metadata downloaded my clients over time.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 19 Jan 2015 22:02:41 +0000 (17:02 -0500)]
Add Metadata Generator helper class
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 19 Jan 2015 20:15:03 +0000 (15:15 -0500)]
Add support for expiration in Metadata
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 19 Jan 2015 20:14:43 +0000 (15:14 -0500)]
Add function to import a cert from a file
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Wed, 28 Jan 2015 19:37:24 +0000 (20:37 +0100)]
Update spec file after Fedora review
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
John Dennis [Tue, 27 Jan 2015 16:53:31 +0000 (11:53 -0500)]
Fix request multipart logging when only 1 part is present
Test to see if the request parameter value is a cherrypy Part
class. This was already being done for the case where the value was a
list, but it was omitted for single values. Logic was combined into new
local function print_param().
Changed the test for the class back to using
if isinstance(item, cherrypy._cpreqbody.Part):
instead of:
if getattr(item, "part_class", None):
because using isinstance() clearly indicates what is being done. The
use of getattr() was introduced to prevent a pylint warning concering
use of protected values. The getattr() hack is confusing and proably
not robust if the class implementation changes. The patch now disables
this warning. I cannot explain why cherrypy marks these modules as
protected when clearly one has to utilize them and they are documented
in the cherrypy API doc. Disabling the warning seems the cleanest and
most robust approach.
Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Mon, 26 Jan 2015 22:10:20 +0000 (17:10 -0500)]
Fix int/pep8 errors in latest patches
Mea culpa for not checking before pushing
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: John Dennis <jdennis@redhat.com>
John Dennis [Mon, 12 Jan 2015 15:47:37 +0000 (10:47 -0500)]
Add source code context information to debug logs
The log.debug() function helpfully adds the name of the function
invoking it but in a complicated software package there are many
functions/methods which share the same name. Thus a debug message
like this:
DEBUG(__init__): xxx
does not give you much context, there are probably hundreds of
__init__ methods. It would help to qualify the method name which it's
class name, that gives a lot more context when reading the
log. Sometimes it's also helpful to know the file and line number.
This patch adds the class name to the function and included the
filename and line number as well. The file path is trimmed to the last
3 components, sufficient to give context but not too verbose. Now the
debug message might look like this instead:
DEBUG(ipsilon/providers/common.py:129 LoadProviders.__init__()): xxx
Also included is a config option 'stacktrace_on_error' which will
include a stacktrace when the log.error function is called. It can be
very useful to see a stacktrace when logging an error, it defaults to
off.
Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
John Dennis [Tue, 20 Jan 2015 22:13:34 +0000 (17:13 -0500)]
Add request/response logging via cherrypy tool hooks
The ability to easily review the HTTP Ipsilon request and response is
boon for development and issue debugging. Normally these HTTP
conversations occur on SSL/TLS encrypted connections making it
difficult to use other tools to view the traffic. Client side tools
have known pitfalls (e.g. Firebug) and not all conversations are
browser initiated (e.g. SAML ECP). Logging performed by the server
hosting Ipsilon makes logging at the server level server specific
(e.g. Apache's dumpio requires post-processing the log file to extract
and reassamble the HTTP conversation). The best place to log requests
and responses is within Ipsilon using the cherrypy framework
Ipsilon is embedded in. Cherrypy provides user defined hooks that can
be invoked at specific places in the request pipeline. We establish a
hook at the last stage just before the response is written to the
client, it logs the incoming request and outgoing response.
Resolves: https://fedorahosted.org/ipsilon/ticket/44
Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 22 Jan 2015 14:03:55 +0000 (15:03 +0100)]
Fix a copy-paste error
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Mon, 12 Jan 2015 13:24:37 +0000 (14:24 +0100)]
Fix some copy-paste errors in help output
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
https://fedorahosted.org/ipsilon/ticket/33
Simo Sorce [Mon, 12 Jan 2015 20:02:18 +0000 (15:02 -0500)]
Use referer too as source of transaction IDs
This allows us to use apache module that use things like ErrorDocument
directives to do internal redirects and still retain the original
transaction intact.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Tue, 16 Dec 2014 15:40:03 +0000 (16:40 +0100)]
Fix file permissions and remove shebang's
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 12 Dec 2014 17:26:18 +0000 (12:26 -0500)]
Bump RPM spec version to 0.3.0
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Thu, 11 Dec 2014 21:33:44 +0000 (22:33 +0100)]
Update version and maintainer info
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Sat, 6 Dec 2014 17:40:38 +0000 (12:40 -0500)]
Make quickrun create a symlink to ui
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:49:14 +0000 (15:49 -0500)]
Change working directory for quickrun
Set the current working directory to the provided one, so if realtive
paths are used by plugins they within the quickrun working area.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:54:02 +0000 (15:54 -0500)]
Make pep8 happy again
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 5 Dec 2014 17:28:21 +0000 (12:28 -0500)]
Add OpenIDStore to store associations and nonces
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 20:37:28 +0000 (15:37 -0500)]
Add defaults to List objects
Otherwise we get backtraces when checking for list members and no configuration
have been stored in the database yet.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 5 Dec 2014 19:28:22 +0000 (14:28 -0500)]
Allow to pass drectly a URL to the Store class
This is useful for plugins that want to use their own database configuration
but still want to reuse he Store class for simplicity.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 09:18:05 +0000 (10:18 +0100)]
Add support for Persona Identity Provider
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 13:45:13 +0000 (14:45 +0100)]
Make sure the XRDS is returned as string
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 13:39:30 +0000 (14:39 +0100)]
Delay exposing OpenID
This makes sure we have loaded the configuration
before using it
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Thu, 13 Nov 2014 12:59:41 +0000 (13:59 +0100)]
Fix LDAP plugin configuration checks
Interpret config value correctly (it is a boolean now)
Pass required argument
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Tue, 11 Nov 2014 23:34:58 +0000 (18:34 -0500)]
Improve spec file
Add missing dependencies.
Split into smaller packages so that admins can choose what to install and
what dependencies to drag in.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 03:56:38 +0000 (22:56 -0500)]
Bump version to 0.2.6
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 20:20:14 +0000 (15:20 -0500)]
Fix svg parsing in mod_wsgi
Whe ipsilon is used behind apache we need to cast the template to a string.
Otherwise mod_wsgi returns a TypeError complaining about the fact data is
a unicode string instead of a byte string.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 12 Nov 2014 03:55:01 +0000 (22:55 -0500)]
Add admin svg to setup.py
Otherwise it will be missing from oficial distribution files.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 11 Nov 2014 23:37:38 +0000 (18:37 -0500)]
Add missing openid paths to setup.py
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 6 Nov 2014 19:01:04 +0000 (14:01 -0500)]
Add visual cues to configuration panels
Make it easier to recognize which plugins are enabled and which are
disabled. Also make it easier to recognize when a plugin has just changed
state, by flashing its row (help also realize it may have moved up/down)
Based on concept work by Petr Vobornik
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 4 Nov 2014 22:56:50 +0000 (17:56 -0500)]
Use indirection to report error strings
This way if CSS/Code changes we have just one place to fix.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 7 Nov 2014 20:25:43 +0000 (15:25 -0500)]
Add test to check file based configuration works
This is a stripped down version of test1 that manually stored the
configuration of the IDP as well as the SP metadata in the admin.conf
file, and then check thatthe SP can be successfully used.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 3 Nov 2014 22:28:58 +0000 (17:28 -0500)]
Return proper errors if config is read-only
Do not throw 501 errors, instead return warnings that the configuration
changes cannot be applied.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 30 Oct 2014 02:01:55 +0000 (22:01 -0400)]
Add option to source configuration from a file
If the configfile:// schema is used, the data is sourced from an ini
style config file instead of being read from a database.
The tables in this data source will be considered read-only and
all modification functions will throw exceptions.
Only 2 and 3 columns tables are supported, and the first column
values must not contain spaces (typically a name/identifier).
The adminconfig db is the only supported one at this time.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 30 Oct 2014 01:51:52 +0000 (21:51 -0400)]
Remove unused option
Autotable is always enabled, so remove the option and just alays use it.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 20:31:06 +0000 (16:31 -0400)]
Make internal functions private
load_data and reset_data are used only internally,
turn them into private functions
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 20:30:17 +0000 (16:30 -0400)]
Remove unused function
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 27 Oct 2014 15:25:46 +0000 (11:25 -0400)]
Refactor plugin initialization and enablement
Move most plugin enablement and initialization code in plugin.py to
reduce code duplication and simplify and unifify plugin enablement
for all base plugin types (login, info, providers).
This patch breaks backwards compatibility as it changes how the list
of enabled plugins is stored in the database tables.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 27 Oct 2014 14:43:27 +0000 (10:43 -0400)]
Set newurl on admin actions to stay on the page
By setting newurl, the browser state is replaced with the base configuration
URL, so that user actions like hitting reload do not end up trying to
trigger another change or an enablement/disablement of a plugin.
It also insures actions are not accidentally triggered when hitting the back
button.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 23 Oct 2014 15:45:32 +0000 (11:45 -0400)]
Refactor plugin configuration
Fork a PluginConfig class out of PluginObject, the base object now supports
a simple dictionary config, while using PluginConfig provide access to
structured util.config based configuration.
Change UI code that deal with plugins configuration to properly use the new
structured config objects in order to represent data in appropriate format
based on the data type.
Use the new util.config objects to represent plugins configuration.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 23 Oct 2014 15:44:43 +0000 (11:44 -0400)]
Add config utilities to represent data types
This will be used to properly format data in configuration UIs, and
to properly import/export data from/to th database for internal use.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 20 Oct 2014 20:08:06 +0000 (16:08 -0400)]
In configure we do not need to set_config()
All we care about in configure is to store the config in the db,
so skip setting the config explicitly in the plugin object and go
straight to the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Mon, 10 Nov 2014 19:57:53 +0000 (14:57 -0500)]
Add simple SqlSession implementation
This allows us to store session data in the DB. This way session data can
be shared by multiple servers behind a balancer.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 29 Oct 2014 14:22:36 +0000 (10:22 -0400)]
Add test to check a real database (pgsql) works
Change config template to e able to set up ipsilon with an extrenal
database.
For the easy install the database server must have 3 datbases configured,
and named exactly: admincondif, userprefs, transactions
If different names are required manual instalation will be necessary.
Database URLs (including credentials) can be set using the new option
named --database-url
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 15:20:00 +0000 (11:20 -0400)]
Fix plugins enablement code
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sun, 19 Oct 2014 20:02:22 +0000 (16:02 -0400)]
Add SVG Image to the Home administration page
This SVG image contain HREF links that are template in jinja to link
images/text i the SVG to the menu pages.
Clicking on elements of the SVG thus redirects to the relevant menu item.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 16 Oct 2014 00:26:24 +0000 (20:26 -0400)]
Update style of plugins config page too
Also fix a bug that would cause the config page to show no fields
when saving.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Thu, 16 Oct 2014 00:04:14 +0000 (20:04 -0400)]
Reuse the AdminPlugins class for the providers too
This way we can remove even more duplicated code... \o/
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 15 Oct 2014 04:17:53 +0000 (00:17 -0400)]
Improve UI for enabling/disabling plugins config
Use the same templates for both info and login plugins
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 16:54:06 +0000 (12:54 -0400)]
Change default font-size to a bigger one
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 16:54:57 +0000 (12:54 -0400)]
Disable clean-css for now
During developemtn it makes it easier to have a human readbale css file.
In future we may change the code to strip unnecessary chracters on the fly
or restore clean-css generation.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 17 Oct 2014 17:03:14 +0000 (13:03 -0400)]
Add default link to system fonts
This avoids annoying 404s to the browser if open-sans fonts are installed
If they are not installed fallback fonts will be used by the browser.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Wed, 15 Oct 2014 02:30:32 +0000 (22:30 -0400)]
Allow to call forms from any of the admin pages
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 22:01:04 +0000 (18:01 -0400)]
Use self.log in authpam.py
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 24 Oct 2014 21:45:45 +0000 (17:45 -0400)]
Fix lp-test target compaints
This was making make test fail even though make tests was working
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Patrick Uiterwijk [Fri, 24 Oct 2014 20:14:45 +0000 (22:14 +0200)]
infoldap is of course LDAP
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Patrick Uiterwijk [Fri, 24 Oct 2014 17:25:19 +0000 (19:25 +0200)]
Map some common attributes from fas to userdata
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Simo Sorce [Tue, 14 Oct 2014 22:39:19 +0000 (18:39 -0400)]
Properly handle empty values in storage
Do not return default values if an actual empty string is found
in the database.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Tue, 14 Oct 2014 03:41:12 +0000 (23:41 -0400)]
Return to provider if user cancels login
When the cancel button is hit return to the provider and eventually to the
original application via return urls.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Fri, 10 Oct 2014 17:34:00 +0000 (13:34 -0400)]
Handle invalid/expired transactions gracefully
Return a useful error page every time and invalid or expired
transaction is requested, instead of ending up with an internal
backtrace and an ugly 500 error.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Simo Sorce [Sat, 11 Oct 2014 16:14:20 +0000 (12:14 -0400)]
Remove useless log file
Tests do not log into this log file, so remove it for now, it just clutters
the tests dir without reason.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>