| 1 | """ |
|---|
| 2 | paste app factory |
|---|
| 3 | """ |
|---|
| 4 | import logging |
|---|
| 5 | import os |
|---|
| 6 | import sys |
|---|
| 7 | |
|---|
| 8 | from paste.httpexceptions import HTTPExceptionHandler |
|---|
| 9 | from traclegos.web import View |
|---|
| 10 | |
|---|
| 11 | def str2list(string): |
|---|
| 12 | """returns a list from a comma-separated string""" |
|---|
| 13 | # XXX this could go in a utils.py file |
|---|
| 14 | return [ i.strip() for i in string.split(',') if i.strip() ] |
|---|
| 15 | |
|---|
| 16 | def make_app(global_conf, **app_conf): |
|---|
| 17 | """create the traclegos view and wrap it in middleware""" |
|---|
| 18 | key_str = 'traclegos.' |
|---|
| 19 | |
|---|
| 20 | # constructor arguments |
|---|
| 21 | list_items = [ 'conf', 'site_templates', |
|---|
| 22 | 'available_templates', 'available_repositories', |
|---|
| 23 | 'available_databases' ] |
|---|
| 24 | args = dict([(key.split(key_str, 1)[-1], value) |
|---|
| 25 | for key, value in app_conf.items() |
|---|
| 26 | if key.startswith(key_str) ]) |
|---|
| 27 | for item in list_items: |
|---|
| 28 | if args.has_key(item): |
|---|
| 29 | args[item] = str2list(args[item]) |
|---|
| 30 | |
|---|
| 31 | # variables |
|---|
| 32 | args['variables'] = dict([(key.split(key_str, 1)[-1], value) |
|---|
| 33 | for key, value in global_conf.items() |
|---|
| 34 | if key.startswith(key_str) ]) |
|---|
| 35 | |
|---|
| 36 | app = View(**args) |
|---|
| 37 | return HTTPExceptionHandler(app) |
|---|
| 38 | |
|---|
| 39 | try: |
|---|
| 40 | |
|---|
| 41 | from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin |
|---|
| 42 | from repoze.who.plugins.htpasswd import HTPasswdPlugin |
|---|
| 43 | from repoze.who.plugins.form import RedirectingFormPlugin |
|---|
| 44 | from repoze.who.middleware import PluggableAuthenticationMiddleware |
|---|
| 45 | from acct_mgr.pwhash import htpasswd |
|---|
| 46 | |
|---|
| 47 | |
|---|
| 48 | def check(password, hashed): |
|---|
| 49 | """check callback for AccountManager's htpasswd""" |
|---|
| 50 | return hashed == htpasswd(password, hashed) |
|---|
| 51 | |
|---|
| 52 | def make_auth_app(global_conf, **app_conf): |
|---|
| 53 | """example authenticated app with an htpasswd file""" |
|---|
| 54 | |
|---|
| 55 | assert 'auth.htpasswd' in app_conf |
|---|
| 56 | assert os.path.exists(app_conf['auth.htpasswd']) |
|---|
| 57 | |
|---|
| 58 | app_conf['traclegos.auth'] = True |
|---|
| 59 | |
|---|
| 60 | # make the app |
|---|
| 61 | app = make_app(global_conf, **app_conf) |
|---|
| 62 | |
|---|
| 63 | # wrap in repoze.who authentication middleware |
|---|
| 64 | htpasswd_auth = HTPasswdPlugin(app_conf['auth.htpasswd'], check) |
|---|
| 65 | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt') |
|---|
| 66 | form = RedirectingFormPlugin('/', '/login', '/logout', 'auth_tkt') |
|---|
| 67 | identifiers = [('form', form), ('auth_tkt', auth_tkt)] |
|---|
| 68 | authenticators = [('htpasswd_auth', htpasswd_auth)] |
|---|
| 69 | challengers = [('form', form)] |
|---|
| 70 | |
|---|
| 71 | from repoze.who.classifiers import default_request_classifier |
|---|
| 72 | from repoze.who.classifiers import default_challenge_decider |
|---|
| 73 | log_stream = None |
|---|
| 74 | |
|---|
| 75 | return PluggableAuthenticationMiddleware(app, |
|---|
| 76 | identifiers, |
|---|
| 77 | authenticators, |
|---|
| 78 | challengers, |
|---|
| 79 | [], |
|---|
| 80 | default_request_classifier, |
|---|
| 81 | default_challenge_decider, |
|---|
| 82 | log_stream=None, |
|---|
| 83 | log_level=logging.DEBUG) |
|---|
| 84 | |
|---|
| 85 | from repoze.who.plugins.ldap import LDAPAuthenticatorPlugin |
|---|
| 86 | import ldap |
|---|
| 87 | |
|---|
| 88 | def ldap_remote_user(remote_user): |
|---|
| 89 | """return remote username appropriate to LDAP""" |
|---|
| 90 | if remote_user: |
|---|
| 91 | dn = dict([i.split('=') for i in remote_user.split(',')]) |
|---|
| 92 | return dn['uid'] |
|---|
| 93 | |
|---|
| 94 | def make_ldap_auth_app(global_conf, **app_conf): |
|---|
| 95 | """example authenticated app with ldap""" |
|---|
| 96 | |
|---|
| 97 | assert 'auth.base_dn' in app_conf, "No base_dn specified" |
|---|
| 98 | assert 'auth.ldap_host' in app_conf, "No ldap_host specified" |
|---|
| 99 | |
|---|
| 100 | app_conf['traclegos.auth'] = True |
|---|
| 101 | |
|---|
| 102 | # make the app |
|---|
| 103 | app = make_app(global_conf, **app_conf) |
|---|
| 104 | |
|---|
| 105 | # XXX bad touch |
|---|
| 106 | # this should really be passed to the make_app factory and used there |
|---|
| 107 | # but there's no current way of doing this intelligently |
|---|
| 108 | app.application.remote_user_name = ldap_remote_user |
|---|
| 109 | |
|---|
| 110 | # get the ldap connection |
|---|
| 111 | conn = ldap.open(app_conf['auth.ldap_host']) |
|---|
| 112 | if app_conf.get('auth.use_tls', 'False').lower() == 'true': |
|---|
| 113 | conn.start_tls_s() |
|---|
| 114 | |
|---|
| 115 | # wrap in repoze.who authentication middleware |
|---|
| 116 | ldap_auth = LDAPAuthenticatorPlugin(conn, app_conf['auth.base_dn']) |
|---|
| 117 | auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt') |
|---|
| 118 | form = RedirectingFormPlugin('/', '/login', '/logout', 'auth_tkt') |
|---|
| 119 | identifiers = [('form', form), ('auth_tkt', auth_tkt)] |
|---|
| 120 | authenticators = [('ldap_auth', ldap_auth)] |
|---|
| 121 | challengers = [('form', form)] |
|---|
| 122 | |
|---|
| 123 | from repoze.who.classifiers import default_request_classifier |
|---|
| 124 | from repoze.who.classifiers import default_challenge_decider |
|---|
| 125 | log_stream = None |
|---|
| 126 | |
|---|
| 127 | #import logging |
|---|
| 128 | #logger = logging.getLogger('something') |
|---|
| 129 | #logger.setLevel(logging.DEBUG) |
|---|
| 130 | return PluggableAuthenticationMiddleware(app, |
|---|
| 131 | identifiers, |
|---|
| 132 | authenticators, |
|---|
| 133 | challengers, |
|---|
| 134 | [], |
|---|
| 135 | default_request_classifier, |
|---|
| 136 | default_challenge_decider, |
|---|
| 137 | log_stream=None, |
|---|
| 138 | log_level=logging.DEBUG) |
|---|
| 139 | |
|---|
| 140 | |
|---|
| 141 | except ImportError: |
|---|
| 142 | pass |
|---|