| commit | author | age | ||
| 6919cb | 1 | try: |
| TS | 2 | import urlparse |
| 3 | except ImportError: #pragma NO COVER Python >= 3.0 | |
| 4 | from urllib import parse as urlparse | |
| c80261 | 5 | import urllib |
| TS | 6 | import cgi |
| 7 | ||
| 02a504 | 8 | from webob.exc import HTTPFound |
| c80261 | 9 | from zope.interface import implements |
| TS | 10 | |
| 11 | from repoze.who.interfaces import IChallenger | |
| 6919cb | 12 | from repoze.who._compat import construct_url |
| TS | 13 | from repoze.who._compat import header_value |
| c80261 | 14 | |
| TS | 15 | class RedirectorPlugin(object): |
| 16 | """ Plugin for issuing challenges as redirects to a configured URL. | |
| 17 | ||
| 18 | o If the ``reason_param`` option is configured, and the application has | |
| 19 | supplied an ``X-Authorization-Failure-Reason`` header, the plugin | |
| 20 | includes that reason in the query string of the redirected URL. | |
| 21 | """ | |
| 22 | implements(IChallenger) | |
| 23 | ||
| 24 | def __init__(self, | |
| 25 | login_url, | |
| 26 | came_from_param='came_from', | |
| 27 | reason_param='reason', | |
| 28 | reason_header='X-Authorization-Failure-Reason', | |
| 29 | ): | |
| 30 | self.login_url = login_url | |
| 31 | self.came_from_param = came_from_param | |
| c76058 | 32 | if ((reason_param is None and reason_header is not None) or |
| TS | 33 | (reason_param is not None and reason_header is None)): |
| 34 | raise ValueError( | |
| 35 | "Must supply both 'reason_header' and 'reason_param', " | |
| 36 | "or neither one.") | |
| c80261 | 37 | self.reason_param = reason_param |
| TS | 38 | self.reason_header = reason_header |
| 39 | self._login_url_parts = list(urlparse.urlparse(login_url)) | |
| 40 | ||
| 41 | # IChallenger | |
| 42 | def challenge(self, environ, status, app_headers, forget_headers): | |
| 43 | if self.reason_param is not None or self.came_from_param is not None: | |
| 44 | url_parts = self._login_url_parts[:] | |
| 45 | query = url_parts[4] | |
| 46 | query_elements = cgi.parse_qs(query) | |
| c76058 | 47 | if self.reason_param is not None: |
| TS | 48 | reason = header_value(app_headers, self.reason_header) |
| 49 | if reason: | |
| 50 | query_elements[self.reason_param] = reason | |
| c80261 | 51 | if self.came_from_param is not None: |
| TS | 52 | query_elements[self.came_from_param] = construct_url(environ) |
| 53 | url_parts[4] = urllib.urlencode(query_elements, doseq=True) | |
| 54 | login_url = urlparse.urlunparse(url_parts) | |
| 55 | else: | |
| 56 | login_url = self.login_url | |
| 57 | headers = [('Location', login_url)] + forget_headers | |
| 58 | cookies = [(h,v) for (h,v) in app_headers if h.lower() == 'set-cookie'] | |
| 59 | headers += cookies | |
| 60 | return HTTPFound(headers=headers) | |
| 61 | ||
| 62 | def make_plugin(login_url, | |
| 63 | came_from_param=None, | |
| 64 | reason_param=None, | |
| 65 | reason_header=None, | |
| 66 | ): | |
| 67 | if reason_header is not None and reason_param is None: | |
| 68 | raise Exception("Can't set 'reason_header' without 'reason_param'.") | |
| 69 | ||
| 70 | if reason_header is None and reason_param is not None: | |
| 71 | reason_header='X-Authorization-Failure-Reason' | |
| 72 | ||
| 73 | return RedirectorPlugin(login_url, | |
| 74 | came_from_param=came_from_param, | |
| 75 | reason_param=reason_param, | |
| 76 | reason_header=reason_header, | |
| 77 | ) | |
