view | history | commit | commitdiff
David Tulloh
2016-04-20 d7df42ae13a2a9bfb73a76ed96997dad88a794a9
commit | author | age
bd39e1 1 # Login application for demo SSO: using the repoze.who API.
TS 2 from repoze.who.api import APIFactory
3 from repoze.who.config import WhoConfig
4 from webob import Request
5
6 LOGIN_FORM_TEMPLATE = """\
7 <html>
8 <head>
9 <title> Demo SSO Login </title>
10 </head>
11 <body>
12 <h1> Demo SSO Login </h1>
13 <p style="color: Red">%(message)s</p>
14 <form action="#" method="post">
15  <input type="hidden" name="came_from" value="%(came_from)s" />
16  <fieldset id="login_name_fs">
17   <label for="login_name">Login Name</label>
18   <input type="text" id="login_name" name="login_name" value="%(login_name)s" />
19  </fieldset>
20  <fieldset id="password_fs">
21   <label for="password">Login Name</label>
22   <input type="password" id="password" name="password" />
23  </fieldset>
24  <input type="submit" name="form.submitted" value="Log In" />
25 </form>
26 </body>
27 </html>
28 """
29
30 MAX_AGE = '3600' # seconds
31
32 AUTH = {
33     'phred': 'y4bb3d4bb4d00',
34     'bharney': 'b3dr0ck',
35 }
36
43e387 37 # This config would normally be in a separate file:  inlined here for
TS 38 # didactic purposes.
bd39e1 39 WHO_CONFIG = """\
TS 40 [plugin:auth_tkt]
41 # identification + authorization
42 use = repoze.who.plugins.auth_tkt:make_plugin
43 secret = s33kr1t
44 cookie_name = auth_cookie
45 secure = True
46 include_ip = True
d7df42 47 digest_algo = sha512
bd39e1 48
TS 49 [general]
50 request_classifier = repoze.who.classifiers:default_request_classifier
51 challenge_decider = repoze.who.classifiers:default_challenge_decider
52 remote_user_key = REMOTE_USER
53
54 [identifiers]
55 plugins =
56         auth_tkt
57
58 [authenticators]
59 plugins =
60         auth_tkt
61
62 [challengers]
63 plugins =
64
65 [mdproviders]
66 plugins =
67 """
68
4a8793 69 # oh emacs python-mode, you disappoint me """
CM 70
bd39e1 71 api_factory = None
TS 72
73 def _configure_api_factory():
74     global api_factory
75     if api_factory is None:
43e387 76         config = WhoConfig(here='/tmp') # XXX config file location
bd39e1 77         config.parse(WHO_CONFIG)
TS 78         api_factory = APIFactory(identifiers=config.identifiers,
79                                  authenticators=config.authenticators,
80                                  challengers=config.challengers,
81                                  mdproviders=config.mdproviders,
82                                  request_classifier=config.request_classifier,
83                                  challenge_decider=config.challenge_decider,
84                                 )
85     return api_factory
86
87 def _validate(login_name, password):
88     # Your application's logic goes here
89     return AUTH.get(login_name) == password
90
91 def login(environ, start_response):
92     request = Request(environ)
93     message = ''
43e387 94     if 'form.submitted' in request.POST:
TS 95         came_from = request.POST['came_from']
96         login_name = request.POST['login_name']
97         password = request.POST['password']
bd39e1 98         remote_addr = environ['REMOTE_ADDR']
TS 99         tokens = userdata = ''
43e387 100         if _validate(login_name, password):
TS 101             api = _configure_api_factory()(environ)
bd39e1 102             headers = [('Location', came_from)]
43e387 103             headers.extend(api.remember(login_name))
TS 104             start_response('302 Found', headers)
105             return []
bd39e1 106         message = 'Authentication failed'
TS 107     else:
43e387 108         came_from = request.GET.get('came_from')
bd39e1 109         login_name = ''
TS 110
111     body = LOGIN_FORM_TEMPLATE % {'message': message,
112                                   'came_from': came_from,
113                                   'login_name': login_name,
114                                  }
43e387 115     start_response('200 OK', [])
TS 116     return [body]
117
118 def main(global_config, **local_config):
119     return login