commit | author | age
|
bd39e1
|
1 |
# Login application for demo SSO: using the repoze.who API. |
TS |
2 |
from repoze.who.api import APIFactory |
|
3 |
from repoze.who.config import WhoConfig |
|
4 |
from webob import Request |
|
5 |
|
|
6 |
LOGIN_FORM_TEMPLATE = """\ |
|
7 |
<html> |
|
8 |
<head> |
|
9 |
<title> Demo SSO Login </title> |
|
10 |
</head> |
|
11 |
<body> |
|
12 |
<h1> Demo SSO Login </h1> |
|
13 |
<p style="color: Red">%(message)s</p> |
|
14 |
<form action="#" method="post"> |
|
15 |
<input type="hidden" name="came_from" value="%(came_from)s" /> |
|
16 |
<fieldset id="login_name_fs"> |
|
17 |
<label for="login_name">Login Name</label> |
|
18 |
<input type="text" id="login_name" name="login_name" value="%(login_name)s" /> |
|
19 |
</fieldset> |
|
20 |
<fieldset id="password_fs"> |
|
21 |
<label for="password">Login Name</label> |
|
22 |
<input type="password" id="password" name="password" /> |
|
23 |
</fieldset> |
|
24 |
<input type="submit" name="form.submitted" value="Log In" /> |
|
25 |
</form> |
|
26 |
</body> |
|
27 |
</html> |
|
28 |
""" |
|
29 |
|
|
30 |
MAX_AGE = '3600' # seconds |
|
31 |
|
|
32 |
AUTH = { |
|
33 |
'phred': 'y4bb3d4bb4d00', |
|
34 |
'bharney': 'b3dr0ck', |
|
35 |
} |
|
36 |
|
43e387
|
37 |
# This config would normally be in a separate file: inlined here for |
TS |
38 |
# didactic purposes. |
bd39e1
|
39 |
WHO_CONFIG = """\ |
TS |
40 |
[plugin:auth_tkt] |
|
41 |
# identification + authorization |
|
42 |
use = repoze.who.plugins.auth_tkt:make_plugin |
|
43 |
secret = s33kr1t |
|
44 |
cookie_name = auth_cookie |
|
45 |
secure = True |
|
46 |
include_ip = True |
d7df42
|
47 |
digest_algo = sha512 |
bd39e1
|
48 |
|
TS |
49 |
[general] |
|
50 |
request_classifier = repoze.who.classifiers:default_request_classifier |
|
51 |
challenge_decider = repoze.who.classifiers:default_challenge_decider |
|
52 |
remote_user_key = REMOTE_USER |
|
53 |
|
|
54 |
[identifiers] |
|
55 |
plugins = |
|
56 |
auth_tkt |
|
57 |
|
|
58 |
[authenticators] |
|
59 |
plugins = |
|
60 |
auth_tkt |
|
61 |
|
|
62 |
[challengers] |
|
63 |
plugins = |
|
64 |
|
|
65 |
[mdproviders] |
|
66 |
plugins = |
|
67 |
""" |
|
68 |
|
4a8793
|
69 |
# oh emacs python-mode, you disappoint me """ |
CM |
70 |
|
bd39e1
|
71 |
api_factory = None |
TS |
72 |
|
|
73 |
def _configure_api_factory(): |
|
74 |
global api_factory |
|
75 |
if api_factory is None: |
43e387
|
76 |
config = WhoConfig(here='/tmp') # XXX config file location |
bd39e1
|
77 |
config.parse(WHO_CONFIG) |
TS |
78 |
api_factory = APIFactory(identifiers=config.identifiers, |
|
79 |
authenticators=config.authenticators, |
|
80 |
challengers=config.challengers, |
|
81 |
mdproviders=config.mdproviders, |
|
82 |
request_classifier=config.request_classifier, |
|
83 |
challenge_decider=config.challenge_decider, |
|
84 |
) |
|
85 |
return api_factory |
|
86 |
|
|
87 |
def _validate(login_name, password): |
|
88 |
# Your application's logic goes here |
|
89 |
return AUTH.get(login_name) == password |
|
90 |
|
|
91 |
def login(environ, start_response): |
|
92 |
request = Request(environ) |
|
93 |
message = '' |
43e387
|
94 |
if 'form.submitted' in request.POST: |
TS |
95 |
came_from = request.POST['came_from'] |
|
96 |
login_name = request.POST['login_name'] |
|
97 |
password = request.POST['password'] |
bd39e1
|
98 |
remote_addr = environ['REMOTE_ADDR'] |
TS |
99 |
tokens = userdata = '' |
43e387
|
100 |
if _validate(login_name, password): |
TS |
101 |
api = _configure_api_factory()(environ) |
bd39e1
|
102 |
headers = [('Location', came_from)] |
43e387
|
103 |
headers.extend(api.remember(login_name)) |
TS |
104 |
start_response('302 Found', headers) |
|
105 |
return [] |
bd39e1
|
106 |
message = 'Authentication failed' |
TS |
107 |
else: |
43e387
|
108 |
came_from = request.GET.get('came_from') |
bd39e1
|
109 |
login_name = '' |
TS |
110 |
|
|
111 |
body = LOGIN_FORM_TEMPLATE % {'message': message, |
|
112 |
'came_from': came_from, |
|
113 |
'login_name': login_name, |
|
114 |
} |
43e387
|
115 |
start_response('200 OK', []) |
TS |
116 |
return [body] |
|
117 |
|
|
118 |
def main(global_config, **local_config): |
|
119 |
return login |