/ - Diff - Larpe - Redmine Entr’ouvert

AUTHORS
	1	Damien Laniel <dlaniel@entrouvert.com>
	2
	3	Artwork and administrave interface design taken from DotClear, version 1.2 and
	4	2.0, released under the GNU General Public License; and GTK+, version 2.8,
	5	released under the GNU Lesser General Public License.

     		    GNU GENERAL PUBLIC LICENSE
     		       Version 2, June 1991
      Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      Everyone is permitted to copy and distribute verbatim copies
      of this license document, but changing it is not allowed.
     			    Preamble
       The licenses for most software are designed to take away your
     freedom to share and change it.  By contrast, the GNU General Public
     License is intended to guarantee your freedom to share and change free
     software--to make sure the software is free for all its users.  This
     General Public License applies to most of the Free Software
     Foundation's software and to any other program whose authors commit to
     using it.  (Some other Free Software Foundation software is covered by
     the GNU Lesser General Public License instead.)  You can apply it to
     your programs, too.
       When we speak of free software, we are referring to freedom, not
     price.  Our General Public Licenses are designed to make sure that you
     have the freedom to distribute copies of free software (and charge for
     this service if you wish), that you receive source code or can get it
     if you want it, that you can change the software or use pieces of it
     in new free programs; and that you know you can do these things.
       To protect your rights, we need to make restrictions that forbid
     anyone to deny you these rights or to ask you to surrender the rights.
     These restrictions translate to certain responsibilities for you if you
     distribute copies of the software, or if you modify it.
       For example, if you distribute copies of such a program, whether
     gratis or for a fee, you must give the recipients all the rights that
     you have.  You must make sure that they, too, receive or can get the
     source code.  And you must show them these terms so they know their
     rights.
       We protect your rights with two steps: (1) copyright the software, and
     (2) offer you this license which gives you legal permission to copy,
     distribute and/or modify the software.
       Also, for each author's protection and ours, we want to make certain
     that everyone understands that there is no warranty for this free
     software.  If the software is modified by someone else and passed on, we
     want its recipients to know that what they have is not the original, so
     that any problems introduced by others will not reflect on the original
     authors' reputations.
       Finally, any free program is threatened constantly by software
     patents.  We wish to avoid the danger that redistributors of a free
     program will individually obtain patent licenses, in effect making the
     program proprietary.  To prevent this, we have made it clear that any
     patent must be licensed for everyone's free use or not licensed at all.
       The precise terms and conditions for copying, distribution and
     modification follow.
     		    GNU GENERAL PUBLIC LICENSE
        TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 . This License applies to any program or other work which contains
     a notice placed by the copyright holder saying it may be distributed
     under the terms of this General Public License.  The "Program", below,
     refers to any such program or work, and a "work based on the Program"
     means either the Program or any derivative work under copyright law:
     that is to say, a work containing the Program or a portion of it,
     either verbatim or with modifications and/or translated into another
     language.  (Hereinafter, translation is included without limitation in
     the term "modification".)  Each licensee is addressed as "you".
     Activities other than copying, distribution and modification are not
     covered by this License; they are outside its scope.  The act of
     running the Program is not restricted, and the output from the Program
     is covered only if its contents constitute a work based on the
     Program (independent of having been made by running the Program).
     Whether that is true depends on what the Program does.
 . You may copy and distribute verbatim copies of the Program's
     source code as you receive it, in any medium, provided that you
     conspicuously and appropriately publish on each copy an appropriate
     copyright notice and disclaimer of warranty; keep intact all the
     notices that refer to this License and to the absence of any warranty;
     and give any other recipients of the Program a copy of this License
     along with the Program.
     You may charge a fee for the physical act of transferring a copy, and
     you may at your option offer warranty protection in exchange for a fee.
 . You may modify your copy or copies of the Program or any portion
     of it, thus forming a work based on the Program, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:
         a) You must cause the modified files to carry prominent notices
         stating that you changed the files and the date of any change.
         b) You must cause any work that you distribute or publish, that in
         whole or in part contains or is derived from the Program or any
         part thereof, to be licensed as a whole at no charge to all third
         parties under the terms of this License.
         c) If the modified program normally reads commands interactively
         when run, you must cause it, when started running for such
         interactive use in the most ordinary way, to print or display an
         announcement including an appropriate copyright notice and a
         notice that there is no warranty (or else, saying that you provide
         a warranty) and that users may redistribute the program under
         these conditions, and telling the user how to view a copy of this
         License.  (Exception: if the Program itself is interactive but
         does not normally print such an announcement, your work based on
         the Program is not required to print an announcement.)
     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the Program,
     and can be reasonably considered independent and separate works in
     themselves, then this License, and its terms, do not apply to those
     sections when you distribute them as separate works.  But when you
     distribute the same sections as part of a whole which is a work based
     on the Program, the distribution of the whole must be on the terms of
     this License, whose permissions for other licensees extend to the
     entire whole, and thus to each and every part regardless of who wrote it.
     Thus, it is not the intent of this section to claim rights or contest
     your rights to work written entirely by you; rather, the intent is to
     exercise the right to control the distribution of derivative or
     collective works based on the Program.
     In addition, mere aggregation of another work not based on the Program
     with the Program (or with a work based on the Program) on a volume of
     a storage or distribution medium does not bring the other work under
     the scope of this License.
 . You may copy and distribute the Program (or a work based on it,
     under Section 2) in object code or executable form under the terms of
     Sections 1 and 2 above provided that you also do one of the following:
         a) Accompany it with the complete corresponding machine-readable
         source code, which must be distributed under the terms of Sections
 and 2 above on a medium customarily used for software interchange; or,
         b) Accompany it with a written offer, valid for at least three
         years, to give any third party, for a charge no more than your
         cost of physically performing source distribution, a complete
         machine-readable copy of the corresponding source code, to be
         distributed under the terms of Sections 1 and 2 above on a medium
         customarily used for software interchange; or,
         c) Accompany it with the information you received as to the offer
         to distribute corresponding source code.  (This alternative is
         allowed only for noncommercial distribution and only if you
         received the program in object code or executable form with such
         an offer, in accord with Subsection b above.)
     The source code for a work means the preferred form of the work for
     making modifications to it.  For an executable work, complete source
     code means all the source code for all modules it contains, plus any
     associated interface definition files, plus the scripts used to
     control compilation and installation of the executable.  However, as a
     special exception, the source code distributed need not include
     anything that is normally distributed (in either source or binary
     form) with the major components (compiler, kernel, and so on) of the
     operating system on which the executable runs, unless that component
     itself accompanies the executable.
     If distribution of executable or object code is made by offering
     access to copy from a designated place, then offering equivalent
     access to copy the source code from the same place counts as
     distribution of the source code, even though third parties are not
     compelled to copy the source along with the object code.
 . You may not copy, modify, sublicense, or distribute the Program
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense or distribute the Program is
     void, and will automatically terminate your rights under this License.
     However, parties who have received copies, or rights, from you under
     this License will not have their licenses terminated so long as such
     parties remain in full compliance.
 . You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify or
     distribute the Program or its derivative works.  These actions are
     prohibited by law if you do not accept this License.  Therefore, by
     modifying or distributing the Program (or any work based on the
     Program), you indicate your acceptance of this License to do so, and
     all its terms and conditions for copying, distributing or modifying
     the Program or works based on it.
 . Each time you redistribute the Program (or any work based on the
     Program), the recipient automatically receives a license from the
     original licensor to copy, distribute or modify the Program subject to
     these terms and conditions.  You may not impose any further
     restrictions on the recipients' exercise of the rights granted herein.
     You are not responsible for enforcing compliance by third parties to
     this License.
 . If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent issues),
     conditions are imposed on you (whether by court order, agreement or
     otherwise) that contradict the conditions of this License, they do not
     excuse you from the conditions of this License.  If you cannot
     distribute so as to satisfy simultaneously your obligations under this
     License and any other pertinent obligations, then as a consequence you
     may not distribute the Program at all.  For example, if a patent
     license would not permit royalty-free redistribution of the Program by
     all those who receive copies directly or indirectly through you, then
     the only way you could satisfy both it and this License would be to
     refrain entirely from distribution of the Program.
     If any portion of this section is held invalid or unenforceable under
     any particular circumstance, the balance of the section is intended to
     apply and the section as a whole is intended to apply in other
     circumstances.
     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of any
     such claims; this section has the sole purpose of protecting the
     integrity of the free software distribution system, which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is willing
     to distribute software through any other system and a licensee cannot
     impose that choice.
     This section is intended to make thoroughly clear what is believed to
     be a consequence of the rest of this License.
 . If the distribution and/or use of the Program is restricted in
     certain countries either by patents or by copyrighted interfaces, the
     original copyright holder who places the Program under this License
     may add an explicit geographical distribution limitation excluding
     those countries, so that distribution is permitted only in or among
     countries not thus excluded.  In such case, this License incorporates
     the limitation as if written in the body of this License.
 . The Free Software Foundation may publish revised and/or new versions
     of the General Public License from time to time.  Such new versions will
     be similar in spirit to the present version, but may differ in detail to
     address new problems or concerns.
     Each version is given a distinguishing version number.  If the Program
     specifies a version number of this License which applies to it and "any
     later version", you have the option of following the terms and conditions
     either of that version or of any later version published by the Free
     Software Foundation.  If the Program does not specify a version number of
     this License, you may choose any version ever published by the Free Software
     Foundation.
 . If you wish to incorporate parts of the Program into other free
     programs whose distribution conditions are different, write to the author
     to ask for permission.  For software which is copyrighted by the Free
     Software Foundation, write to the Free Software Foundation; we sometimes
     make exceptions for this.  Our decision will be guided by the two goals
     of preserving the free status of all derivatives of our free software and
     of promoting the sharing and reuse of software generally.
     			    NO WARRANTY
 . BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
     FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
     OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
     PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
     OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
     TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
     REPAIR OR CORRECTION.
 . IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
     WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
     REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
     INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
     OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
     TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
     YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
     PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGES.
     		     END OF TERMS AND CONDITIONS
     	    How to Apply These Terms to Your New Programs
       If you develop a new program, and you want it to be of the greatest
     possible use to the public, the best way to achieve this is to make it
     free software which everyone can redistribute and change under these terms.
       To do so, attach the following notices to the program.  It is safest
     to attach them to the start of each source file to most effectively
     convey the exclusion of warranty; and each file should have at least
     the "copyright" line and a pointer to where the full notice is found.
         <one line to give the program's name and a brief idea of what it does.>
         Copyright (C) <year>  <name of author>
         This program is free software; you can redistribute it and/or modify
         it under the terms of the GNU General Public License as published by
         the Free Software Foundation; either version 2 of the License, or
         (at your option) any later version.
         This program is distributed in the hope that it will be useful,
         but WITHOUT ANY WARRANTY; without even the implied warranty of
         MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
         GNU General Public License for more details.
         You should have received a copy of the GNU General Public License along
         with this program; if not, write to the Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
     Also add information on how to contact you by electronic and paper mail.
     If the program is interactive, make it output a short notice like this
     when it starts in an interactive mode:
         Gnomovision version 69, Copyright (C) year name of author
         Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
         This is free software, and you are welcome to redistribute it
         under certain conditions; type `show c' for details.
     The hypothetical commands `show w' and `show c' should show the appropriate
     parts of the General Public License.  Of course, the commands you use may
     be called something other than `show w' and `show c'; they could even be
     mouse-clicks or menu items--whatever suits your program.
     You should also get your employer (if you work as a programmer) or your
     school, if any, to sign a "copyright disclaimer" for the program, if
     necessary.  Here is a sample; alter the names:
       Yoyodyne, Inc., hereby disclaims all copyright interest in the program
       `Gnomovision' (which makes passes at compilers) written by James Hacker.
       <signature of Ty Coon>, 1 April 1989
       Ty Coon, President of Vice
     This General Public License does not permit incorporating your program into
     proprietary programs.  If your program is a subroutine library, you may
     consider it more useful to permit linking proprietary applications with the
     library.  If this is what you want to do, use the GNU Lesser General
     Public License instead of this License.

     include Makefile
     include setup.py
     include larpectl
     include apache2-vhost-larpe
     include apache2.conf
     include larpe-reload-apache2-script
     include larpe-reload-apache2.c
     include README COPYING MANIFEST.in MANIFEST NEWS AUTHORS
     recursive-include larpe *.py *.ptl
     recursive-include data *
     recursive-include root *
     recursive-include po *.po *.pot Makefile
     recursive-include doc *.rst Makefile *.png *.sty custom.tex *.py *.sh *.css

     prefix = /usr
     config_prefix = /var
     config_dir = $(config_prefix)/lib/larpe
     INSTALL = /usr/bin/install -c
     PYTHON = /usr/bin/python
     LARPE_VERSION = 0.2.9
     larpe-reload-apache2: larpe-reload-apache2.c
     install: larpe-reload-apache2
     	rm -rf build
     	$(MAKE) -C po install
     	$(PYTHON) setup.py install --root "$(DESTDIR)/" --prefix "$(prefix)" --no-compile
     	$(INSTALL) -d $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) larpectl $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) -m 4550 larpe-reload-apache2 $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) -d $(DESTDIR)/etc/larpe
     	$(INSTALL) -m 644 conf/apache2-vhost-larpe-common $(DESTDIR)/etc/larpe
     	$(INSTALL) -d $(DESTDIR)$(config_dir)
     	$(INSTALL) -d $(DESTDIR)$(config_dir)/vhosts.d
     	$(INSTALL) -d $(DESTDIR)$(config_dir)/vhost-locations.d
     	$(INSTALL) -d $(DESTDIR)$(config_dir)/vhosts.d.disabled
     	$(INSTALL) -d $(DESTDIR)$(config_dir)/vhost-locations.d.disabled
     uninstall:
     	$(MAKE) -C po uninstall
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpe-reload-apache2
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpe-reload-apache2-script
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpectl
     	-rm -rf $(DESTDIR)$(prefix)/share/larpe/
     	@echo
     	@echo "Depending on your Python version, you will have to remove manually the files in /usr/lib/python(version)/site-packages/larpe/"
     clean:
     	$(MAKE) -C po clean
     	$(MAKE) -C doc clean
     	-$(PYTHON) setup.py clean
     	-rm -f larpe-reload-apache2
     dist: clean
     	tar czf dist/larpe-$(LARPE_VERSION).tar.gz -C .. --transform s/trunk/larpe-$(LARPE_VERSION)/ --exclude-from=exclude_from_dist trunk
     .PHONY: clean dist

     NEWS
     ====
     Version 1.0
     -----------
     - Adds Liberty Alliance to some sites without modying sites code
     - SAML 2.0 and ID-FF 1.2 support (authentication and logout)
     - Form prefilling with ID-WSF 2.0
     - Configuration assistant (wizard-like) for configuring new sites
     - Fully tested for several sites with very different behaviours
     - Plugin system to handle specific behaviour of some sites
     - Automatic Apache 2 configuration
     - Automatic creation of Apache python filters to transform authentication boxes on the sites
     - Support for proxies
     - Logging and debug options
     - Packages for Debian and Fedora (and children of both) distributions

     Larpe - Liberty Alliance Reverse Proxy
     ======================================
     Description
     -----------
     Larpe is a Liberty Alliance Reverse Proxy.  It allows any service provider (that
     is a website) to use Liberty Alliance features (Identity federation, Single
     Sign On and Single Sign Logout) without changing the code of the service
     provider itself.  It uses the Lasso library which is certified by the Liberty
     Alliance consortium.
     Documentation
     -------------
     * README, as you are doing;
     * doc/en/ for English documentation, published as HTML on
       http://larpe.labs.libre-entreprise.org/doc/en/larpe-admin.html
     Copyright
     ---------
     Larpe is copyrighted by Entr'ouvert and is licensed under the GNU General
     Public Licence.  Artwork and administrative design are from DotClear and
     released under the GNU General Public License by Olivier Meunier and others.
     Some artwork comes from GTK+ (LGPL).
     Read the COPYING file for the complete license text.  Read the AUTHORS file for
     additional credits.

     - Tests
       - egroupware
       - http://labs.libre-entreprise.org/
       - logs.entrouvert.org
     ====== Roadmap de Larpe ======
     ===== 0.2 =====
       * Vérifier la compatibilité avec egroupware
       * Mettre le vhosts générés dans /var/lib/larpe/vhosts.d et mettre un include /var/lib/larpe/vhosts.d/* dans la conf générale
       * Supprimer debconf
       * Vérification des formulaires de configuration d'hôtes
         * Tests de valeurs erronés diverses
         * Erreur si on donne un label qui existe deja
       * Ne plus inclure le binaire larpe-reload-apache2 dans les sources
       * Corriger les avertissements debian
       * Ne pas demander la clé publique de l'idp
       * Compléter les traductions
       * Ajouter la possibilité de changer la langue dans l'interface d'administration
       * Mettre à jour la documentation
         * Ajouter un chapitre sur les sites testés et leurs options de configuration particulières
       * Traduire la documentation en français
     ===== 0.3 =====
       * Implémenter le SLO en SOAP
       * Supprimer un /liberty/ des urls
       * Voir comment activer le SSLProxyEngine quand on utilise un sous répertoire
       * Faire un site web pour présenter Larpe
       * Ajouter la possibilité d'envoyer les exceptions par courriel à l'administrateur
       * Améliorer la journalisation des accès et des erreurs
     ===== 1.0 =====
       * Support de SAML 2.0
       * Implémenter l'accès à un site nécessitant une authentification préalable avant tout accès
         * Choix de cette fonctionnalité par une option de configuration par site
       * Lors de la création d'un site, choix d'un moteur de site connu (mediawiki, squirrelmail, ...) qui pré-remplirait un ensemble d'options nécessaire à ce moteur
       * Documentation technique pour les développeurs ?
     ===== Non classés =====
       * Support des sites qui ont une authentification HTTP (à priori, nécessite de charger toute la configuration de larpe dans le filtre python d'apache)
       * Création de nouveaux comptes pour les sites, avec des jetons (déjà implémenté en partie ; est-ce utile ?)
     Fait
     ====
     - Serveur python principal
       - Fonctionnalités liberty
         - SSO (depuis le sp et depuis l'idp)
         - Fédération
         - SLO (depuis le sp et depuis l'idp)
         - Défédération (depuis l'idp) en SOAP et redirect
       - Support https
       - Possibilité d'utiliser toutes les combinaisons de sous domaines et de sous répertoires
         - RP par vhost (appli1.example.com, rp de appli1.interne)
         - RP par repertoire (www.example.com/appli1, rp de appl1.interne)
       - Récupère la configuration de l'IP des vhosts
     - Administration
       - Authentification liberty sur l'admin
       - Créer de nouveaux sites (+ modifier, supprimer)
       - Écrire les vhosts correspondants
       - Rechargement de la configuration d'apache
         - Script + wrapper en C suid root
       - Gestion d'utilisateurs pour administrer le RP (Authentification http)
       - Gestion des traductions
     - Filtre Python branché en sortie sur Apache à la suite du filtre de réécriture html (proxy_html)
       - Générique
       - Personalisable par site pour une meilleure intégration dans les pages
     - Sites testés
       - Dotclear
       - Dacode
         - linuxfr.org
       - Sympa
         - listes.entrouvert.com
         - listes.libre-entreprise.org
       - Mediawiki
         - all4dev.libre-entreprise.org
         - www.libre-entreprise.org
       - www.besancon.com
       - Egroupware
         - quintine.entrouvert.org/egroupware/
       - squirrelmail
       - Concerto Espace-famille
       - Ciril Net RH
       - Agirhe
     - Documentation
     - Paquets Debian
       - Debconf pour demander le nom de domaine et le courriel de l'admin, ainsi que le compte administrateur
     - Installation sur lupin
     - Batterie de tests de non-regression

     <VirtualHost *>
         ServerName localhost
         ServerAdmin root@localhost
         include /etc/larpe/apache2-vhost-larpe-common
         include /var/lib/larpe/vhost-locations.d
         CustomLog /var/log/apache2/larpe-access.log combined
         ErrorLog /var/log/apache2/larpe-error.log
     </VirtualHost>
     include /var/lib/larpe/vhosts.d

     # Static files
     DocumentRoot /usr/share/larpe/web/
     # Python application
     SCGIMount / 127.0.0.1:3007
     # Static files for larpe
     <Location /larpe/>
         ProxyPass   !
         SCGIHandler off
     </Location>
     # Larpe python application
     <Location /liberty/>
         ProxyPass   !
     </Location>
     # No gzip compression
     RequestHeader unset Accept-Encoding

     import re
     import os
     import pickle
     from larpe import sessions
     from mod_python import Cookie
     def is_auth_ok(req):
         """ Test if you are authenticate on the Larpe server """
         cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret007')
         sessions_dir = os.path.join("%(larpe_dir)s", "sessions")
         for name, cookie in cookies.iteritems():
             value = cookie.value.replace('"', '')
             if "larpe-" in name and value in os.listdir(sessions_dir):
                 try:
                     file = open(os.path.join(sessions_dir, value), "rb")
                     session = pickle.load(file)
                     if not session.users or not session.id:
                         return False
                     return True
                 except Exception, err:
                     return False
         return False
     def filter_page(filter, page):
         r = re.compile(r"""(<a.*?href=["']).*?(["'].*?>D.*?connexion</a>)""")
         page = r.sub(r"""\1%(logout_url)s\2""", page)
         return page
     def outputfilter(filter):
         """ Apache called this function by default """
         if not re.search("^/liberty/.*", filter.req.uri) and not is_auth_ok(filter.req):
             filter.write('<meta http-equiv="refresh" content="0; url=%(login_url)s" />')
             filter.close()
             return
         if filter.req.content_type is not None:
             is_html = re.search('text/html', filter.req.content_type)
         if filter.req.content_type is None or not is_html:
             filter.pass_on()
         else:
             if not hasattr(filter.req, 'temp_doc'):
                 # Create a new attribute to hold the document
                 filter.req.temp_doc = []
                 # If content-length ended up wrong, Gecko browsers truncated data
                 if 'Content-Length' in filter.req.headers_out:
                     del filter.req.headers_out['Content-Length']
             temp_doc = filter.req.temp_doc
             s = filter.read()
             # Could get '' at any point, but only get None at end
             while s:
                 temp_doc.append(s)
                 s = filter.read()
             # The end
             if s is None:
                 page = ''.join(temp_doc)
                 page = filter_page(filter, page)
                 filter.write(page)
                 filter.close()

     import re
     def filter_page(filter, page):
         current_form = re.compile('<form [^>]*?action="%(auth_form_action)s".*?>.*?</form>', re.DOTALL)
         page = current_form.sub('<form method="post" action="/liberty/%(name)s/login"><input type="submit" value="Connexion" /></form>', page)
         return page
     def outputfilter(filter):
         # Only filter html code
         if filter.req.content_type is not None:
             is_html = re.search('text/html', filter.req.content_type)
         if filter.req.content_type is None or not is_html:
             filter.pass_on()
         else:
             if not hasattr(filter.req, 'temp_doc'):
                 # Create a new attribute to hold the document
                 filter.req.temp_doc = []
                 # If content-length ended up wrong, Gecko browsers truncated data
                 if 'Content-Length' in filter.req.headers_out:
                     del filter.req.headers_out['Content-Length']
             temp_doc = filter.req.temp_doc
             s = filter.read()
             # Could get '' at any point, but only get None at end
             while s:
                 temp_doc.append(s)
                 s = filter.read()
             # The end
             if s is None:
                 page = ''.join(temp_doc)
                 page = filter_page(filter, page)
                 filter.write(page)
                 filter.close()

     larpe (1.1.1-1) unstable; urgency=low
       * Removing a useless import
       * Change Debian maintainer
       * Change architecture from any to all
       * Using pysupport instead of pycentral
       * Update Debian package dependencies
      -- Jerome Schneider <jschneider@entrouvert.com>  Mon, 19 Jul 2010 16:18:28 +0200
     larpe (1.1-1) unstable; urgency=low
       * New release
         - Rewrite filter management
         - Filters are now customisable
         - Improve Ciril module
         - Improve plugins management
         - Support multi filters
         - Fix SAML 2 logout
         - Fix site authentification plugins management
         - Fix sessions management
         - Code cleaning
      -- Jerome Schneider <jschneider@entrouvert.com>  Mon, 19 Jul 2010 11:52:47 +0200
     larpe (1.0-1) unstable; urgency=low
       * New release
         - SAML 2.0 and ID-FF 1.2 support (authentication and logout)
         - Form prefilling with ID-WSF 2.0
         - Configuration assistant (wizard-like) for configuring new sites
         - Fully tested for several sites with very different behaviours
         - Plugin system to handle specific behaviour of some sites
         - Automatic Apache 2 configuration
         - Automatic creation of Apache python filters to transform authentication
           boxes on the sites
         - Support for proxies
         - Logging and debug options
      -- Damien Laniel <dlaniel@entrouvert.com>  Mon, 09 Mar 2009 11:19:49 +0100
     larpe (0.2.1-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Wed, 20 Jun 2007 15:43:16 +0200
     larpe (0.2.0-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue, 30 Jan 2007 18:07:04 +0100
     larpe (0.1.1-2) unstable; urgency=low
       * Use python2.4
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue, 19 Dec 2006 17:21:05 +0100
     larpe (0.1.1-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Thu,  5 Oct 2006 11:47:53 +0200
     larpe (0.1.0-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Wed,  4 Oct 2006 10:19:26 +0200
     larpe (0.0.4-1) unstable; urgency=low
       * New version, many improvements, more compatible sites, some bug fixes
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue,  3 Oct 2006 20:44:06 +0200
     larpe (0.0.3-1) unstable; urgency=low
       * New version, many improvements, more compatible sites, some bug fixes
      -- Damien Laniel <dlaniel@entrouvert.com>  Mon, 25 Sep 2006 11:11:36 +0200
     larpe (0.0.2-1) unstable; urgency=low
       * Initial package.
      -- Damien Laniel <dlaniel@entrouvert.com>  Fri, 08 Sep 2006 16:00:00 +0200

debian/compat
	1	5

     #!/bin/sh -e
     # Source debconf library.
     . /usr/share/debconf/confmodule
     # Hostname
     #db_input high larpe/hostname || true
     #db_go
     # Administrator email address
     #db_input medium larpe/admin_email || true
     #db_go
     # Enable this vhost
     #db_input high larpe/enable_vhost || true
     #db_go
     # Administrator login
     #db_input high larpe/admin_username || true
     #db_go
     # Administrator password
     #db_input high larpe/admin_password || true
     #db_go

     Source: larpe
     Section: web
     Priority: optional
     Maintainer: Jérôme Schneider <jschneider@entrouvert.com>
     Build-Depends: debhelper (>= 5.0.37.2), python, python-support (>= 0.4), gettext, python-quixote (>= 2.5)
     Standards-Version: 3.8.0
     Package: larpe
     Architecture: all
     Depends: ${shlibs:Depends}, ${python:Depends}, python-quixote (>= 2.5), python-lasso (>= 2.2.1), python-scgi, python-libxml2, apache2, libapache2-mod-scgi, libapache2-mod-python, libapache2-mod-proxy-html
     XB-Python-Version: ${python:Versions}
     Description: Liberty Alliance Reverse Proxy
      Larpe allows any service provider (that is a website) to use Liberty Alliance
      identity management and Single Sign On features without changing the code of
      the service provider itself.
+     .

     This package was debianized by Damien Laniel <dlaniel@entrouvert.com> on
     Fri, 08 Sep 2006 16:00:00 +0200.
     Upstream Author: Damien Laniel <dlaniel@entrouvert.com>
     Copyright (c) 2005 Entr'ouvert;
     copyright (c) 2003-2005 dotclear for some graphics.
     License is GNU GPL v2 or later plus OpenSSL exception clause.
     This program is free software; you can redistribute it and/or
     modify it under the terms of the GNU General Public License
     as published by the Free Software Foundation; either version 2
     of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
     On Debian GNU/Linux systems, the complete text of the GNU General Public
     License can be found in `/usr/share/common-licenses/GPL'.

debian/dirs
	1	etc/apache2/sites-available
	2	etc/larpe
	3	usr/sbin
	4	var/lib/larpe

debian/docs
	1	README
	2	AUTHORS

     #! /bin/sh
     ### BEGIN INIT INFO
     # Provides:          larpe
     # Required-Start:    $local_fs $network
     # Required-Stop:     $local_fs $network
     # Default-Start:     2 3 4 5
     # Default-Stop:      0 1 6
     # Short-Description: Start Larpe Liberty Alliance reverse proxy
     # Description:       Start Larpe Liberty Alliance reverse proxy
     ### END INIT INFO
     set -e
     # Gracefully exit if the package has been removed.
     test -x $DAEMON || exit 0
     # Source function library
     . /lib/lsb/init-functions
     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
     DESC="larpe"
     NAME=larpe
     DAEMON=/usr/sbin/larpectl
     PIDFILE=/var/run/$NAME.pid
     SCRIPTNAME=/etc/init.d/$NAME
     # Read config file if it is present.
     if [ -r /etc/default/$NAME ]
     then
         . /etc/default/$NAME
     fi
+    #
     # Function that starts the daemon/service.
+    #
     d_start() {
         start-stop-daemon --start --quiet --pidfile $PIDFILE --oknodo \
     		--chuid www-data:www-data --make-pidfile --background --exec $DAEMON -- start $OPTIONS
+    }
+    #
     # Function that stops the daemon/service.
+    #
     d_stop() {
         start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo
         rm -f $PIDFILE
+    }
     case "$1" in
         start)
             log_begin_msg "Starting $DESC: $NAME"
             d_start
             log_end_msg $?
             ;;
         stop)
             log_begin_msg "Stopping $DESC: $NAME"
             d_stop
             log_end_msg $?
             ;;
         restart|force-reload)
+        #
         #	If the "reload" option is implemented, move the "force-reload"
         #	option to the "reload" entry above. If not, "force-reload" is
         #	just the same as "restart".
+        #
             log_begin_msg "Restarting $DESC: $NAME"
             d_stop
             sleep 1
             d_start
             log_end_msg $?
             ;;
         *)
             echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
             exit 1
             ;;
     esac
     exit 0

debian/larpe-reload-apache2-script
	1	#!/bin/sh
	2
	3	/etc/init.d/apache2 reload

     #! /bin/sh
     # postinst script for larpe
+    #
     # see: dh_installdeb(1)
     set -e
     # summary of how this script can be called:
     #        * <postinst> `configure' <most-recently-configured-version>
     #        * <old-postinst> `abort-upgrade' <new version>
     #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
     #          <new-version>
     #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
     #          <failed-install-package> <version> `removing'
     #          <conflicting-package> <version>
     # for details, see http://www.debian.org/doc/debian-policy/ or
     # the debian-policy package
+    #
     # quoting from the policy:
     #     Any necessary prompting should almost always be confined to the
     #     post-installation script, and should be protected with a conditional
     #     so that unnecessary prompting doesn't happen if a package's
     #     installation fails and the `postinst' is called with `abort-upgrade',
     #     `abort-remove' or `abort-deconfigure'.
     PACKAGE=larpe
     VERSION=2.4
     LIB="/usr/lib/python$VERSION"
     DIRLIST="/usr/share/pycentral/larpe/site-packages/larpe/"
     case "$1" in
         configure|abort-upgrade|abort-remove|abort-deconfigure)
             for i in $DIRLIST ; do
                 /usr/bin/python$VERSION -O $LIB/compileall.py -q $i
                 /usr/bin/python$VERSION $LIB/compileall.py -q $i
             done
             # Load Apache 2 modules
             for module in "proxy" "rewrite" "headers" "proxy_http"; do
                 a2enmod ${module} > /dev/null || true
             done
             # Restart Apache 2
             set +e
             if [ -x /usr/sbin/invoke-rc.d ]; then
                 invoke-rc.d apache2 restart || true
             else
                 /etc/init.d/apache2 restart || true
             fi
             set -e
         ;;
         *)
             echo "postinst called with unknown argument \`$1'" >&2
             exit 1
         ;;
     esac
     # dh_installdeb will replace this with shell code automatically
     # generated by other debhelper scripts.
     #DEBHELPER#
     exit 0

     #! /bin/sh
     # prerm script for larpe
+    #
     # see: dh_installdeb(1)
     set -e
     # summary of how this script can be called:
     #        * <prerm> `remove'
     #        * <old-prerm> `upgrade' <new-version>
     #        * <new-prerm> `failed-upgrade' <old-version>
     #        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
     #        * <deconfigured's-prerm> `deconfigure' `in-favour'
     #          <package-being-installed> <version> `removing'
     #          <conflicting-package> <version>
     # for details, see http://www.debian.org/doc/debian-policy/ or
     # the debian-policy package
     PACKAGE=larpe
     case "$1" in
         remove|upgrade|deconfigure)
         	dpkg --listfiles $PACKAGE |
                       awk '$0~/\.py$/ {print $0"c\n" $0"o"}' |
                       xargs rm -f >&2
             ;;
         failed-upgrade)
             ;;
         *)
             echo "prerm called with unknown argument \`$1'" >&2
             exit 1
         ;;
     esac
     # dh_installdeb will replace this with shell code automatically
     # generated by other debhelper scripts.
     #DEBHELPER#
     exit 0

debian/pycompat
	1	2

     #!/usr/bin/make -f
     # GNU copyright 1997 to 1999 by Joey Hess.
     # Uncomment this to turn on verbose mode.
     #export DH_VERBOSE=1
     PYTHON=/usr/bin/python
     LARPE_USER = www-data
     LARPE_GROUP = www-data
     ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
     	CFLAGS += -g
     endif
     ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
     	INSTALL_PROGRAM += -s
     endif
     build: build-stamp
     build-stamp:
     	dh_testdir
     	touch build-stamp
     clean:
     	dh_testdir
     	dh_testroot
     	rm -f build-stamp
     	make clean
     	dh_clean
     install: build
     	dh_testdir
     	dh_testroot
     	dh_clean -k
     	dh_installdirs
     	make install prefix=/usr DESTDIR=$(CURDIR)/debian/larpe
     	# Apache Vhost
     	dh_install conf/apache2-vhost-larpe etc/apache2/sites-available
     	# Apache reload script
     	dh_install debian/larpe-reload-apache2-script usr/sbin
     	# Give files ownership to Larpe user and group
     	chown -R $(LARPE_USER):$(LARPE_GROUP) $(CURDIR)/debian/larpe/usr/share/larpe/
     	chown -R $(LARPE_USER):$(LARPE_GROUP) $(CURDIR)/debian/larpe/var/lib/larpe/
     	chgrp $(LARPE_GROUP) $(CURDIR)/debian/larpe/usr/sbin/larpe-reload-apache2
     # Build architecture-independent files here.
     binary-indep: build install
     # We have nothing to do by default.
     # Build architecture-dependent files here.
     binary-arch: build install
     	dh_testdir
     	dh_testroot
     	dh_installdocs
     	dh_installinit
     	dh_installchangelogs
     	dh_link
     	dh_strip
     	dh_compress
     	dh_fixperms -X /var/lib/larpe -X /usr/sbin/larpe-reload-apache2
     	dh_pysupport
     	dh_installdeb
     	dh_shlibdeps
     	dh_gencontrol
     	dh_md5sums
     	dh_builddeb
     binary: binary-indep binary-arch
     .PHONY: build clean binary-indep binary-arch binary install

     all:
     	$(MAKE) -C en
     clean:
     	$(MAKE) -C en clean
     .PHONY: clean

     RST2HTML = rst2html
     RST2LATEX = ../scripts/rst2latex.py
     PDFLATEX = pdflatex
     RM = rm -f
     all: larpe-admin.pdf larpe-admin.html
     %.html: %.rst
     	$(RST2HTML) --stylesheet=default.css --link-stylesheet --language=en $? > $@
     figures-no-alpha-stamp:
     	-$(RM) -r figures-no-alpha/
     	mkdir figures-no-alpha/
     	for F in figures/*.png; do \
     		../scripts/removealpha.sh $$F figures-no-alpha/`basename $$F`; \
     	done
     	touch figures-no-alpha-stamp
     %.tex: %.rst #figures-no-alpha-stamp
     	cat $? | sed -e 's/figures\//figures-no-alpha\//' \
     			-e 's/ ::$$/ : ::/g' \
     			-e 's/.. section-numbering:://' | $(RST2LATEX) --language=en > $@
     %.pdf: %.tex custom.tex
     	$(PDFLATEX) $?
     	logfile=`echo "$@" |sed -r "s/(.*)....$$/\\1/"`.log; while [ -f "$$logfile" -a -n "`grep "Rerun to get cross-references right" $$logfile`" ]; do $(PDFLATEX) $< ; done
     clean:
     	-$(RM) *.aux *.toc *.log *.out
     	-$(RM) larpe-admin.pdf
     	-$(RM) larpe-admin.tex
     	-$(RM) larpe-admin.html
     	-$(RM) -r figures-no-alpha figures-no-alpha-stamp
     .PHONY: all clean

     \usepackage{float,fancyhdr,lscape,sectsty,colortbl,color,lastpage,setspace}
     \usepackage[perpage,bottom]{footmisc}
     \usepackage[hang]{caption2}
     \usepackage{marvosym}
     \usepackage{float,url,listings,tocbibind,fancyhdr,calc,placeins}
     \usepackage{palatino}
     \usepackage[Glenn]{fncychap}
     \pagestyle{fancy}
     \fancyhead{}
     \fancyfoot{}
     \fancyhead[L]{Authentic}
     \fancyhead[R]{Administrator Guide}
     \fancyfoot[C]{Page \thepage}
     \addtolength{\headheight}{1.6pt}
     \setlength\parindent{0pt}
     \setlength{\parskip}{1ex plus 0.5ex minus 0.2ex}
     \setlength\abovecaptionskip{0.1ex}
     \makeatletter
     \renewcommand{\maketitle}{\begin{titlepage}%
         \let\footnotesize\small
         \let\footnoterule\relax
         \parindent \z@
         \reset@font
         \null\vfil
         \begin{flushleft}
           \huge \@title
         \end{flushleft}
         \par
         \hrule height 1pt
         \par
         \begin{flushright}
           \LARGE \@author \par
         \end{flushright}
         \vskip 60\p@
         \vfil\null
       \end{titlepage}%
       \setcounter{footnote}{0}%
+    }
     \makeatother

     body {
     	font-family: sans-serif;
+    }
     h1 a, h2 a, h3 a, h4 a {
     	text-decoration: inherit;
     	color: inherit;
+    }
     pre.literal-block {
     	background: #eee;
     	border: 1px inset black;
     	padding: 2px;
     	margin: auto 10px;
     	overflow: auto;
+    }
     h1.title {
     	text-align: center;
     	background: #eef;
     	border: 1px solid #aaf;
     	letter-spacing: 1px;
+    }
     div.section {
     	margin-bottom: 2em;
+    }
     div.section h1 {
     	padding: 0 15px;
     	background: #eef;
     	border: 1px solid #aaf;
+    }
     div.section h2 {
     	padding: 0 15px;
     	background: #eef;
     	border: 1px solid #aaf;
+    }
     div.document {
     	margin-top: 1em;
     	border-top: 1px solid #aaf;
     	border-bottom: 1px solid #aaf;
+    }
     div.section p,
     div.section ul {
     	text-align: justify;
+    }
     div.contents {
     	float: right;
     	border: 1px solid black;
     	margin: 1em;
     	background: #eef;
     	max-width: 33%;
+    }
     div#building-liberty-services-with-lasso div#table-of-contents {
     	max-width: inherit;
     	float: none;
     	background: white url(lasso.png) bottom right no-repeat;
+    }
     div.contents ul {
     	padding-left: 1em;
     	list-style: none;
+    }
     div.contents li {
     	padding-bottom: 2px;
+    }
     div.contents p {
     	background: #ddf;
     	text-align: center;
     	border-bottom: 1px solid black;
     	margin: 0;
+    }
     th.docinfo-name {
     	text-align: right;
     	padding-right: 0.5em;
+    }
     dd {
     	margin-bottom: 1ex;
+    }
     table.table {
     	margin: 1ex 0;
     	border-spacing: 0px;
+    }
     table.table th {
     	padding: 0px 1ex;
     	background: #eef;
     	font-weight: normal;
+    }
     table.table td {
     	padding: 0 0.5ex;
+    }
     div.note, div.warning {
     	padding: 0.3ex;
     	padding-left: 60px;
     	min-height: 50px;
     	margin: 1ex 1em;
+    }
     div.note {
     	background: #ffa url(note.png) top left no-repeat;
     	border: 1px solid #fd8;
+    }
     div.warning {
     	background: #ffd url(warning.png) top left no-repeat;
+    }
     p.admonition-title {
     	font-weight: bold;
     	display: inline;
     	display: none;
     	padding-right: 1em;
+    }
     div.figure {
     	margin: 0 auto;
     	width: 70%;
     	min-width: 800px;
     	text-align: center;
+    }
     div.figure p.caption {
     	font-style: italic;
     	margin: 1ex 0 2em 0;
     	text-align: center;
+    }

     %%% Copyright   Ulf A. Lindgren
     %%%
     %%% Note        Premission is granted to modify this file under
     %%%             the condition that it is saved using another
     %%%             file and package name.
     %%%
     %%% Revision    1.1 (1997)
     %%%
     %%%             Jan. 8th Modified package name base date option
     %%%             Jan. 22th Modified FmN and FmTi for error in book.cls
     %%%                  \MakeUppercase{#}->{\MakeUppercase#}
     %%%             Apr. 6th Modified Lenny option to prevent undesired
     %%%                  skip of line.
     %%%             Nov. 8th Fixed \@chapapp for AMS
     %%%
     %%% Revision    1.2 (1998)
     %%%
     %%%             Feb. 11th Fixed appendix problem related to Bjarne
     %%%             Aug. 11th Fixed problem related to 11pt and 12pt
     %%%                  suggested by Tomas Lundberg. THANKS!
     %%%
     %%% Revision    1.3 (2004)
     %%%             Sep. 20th problem with frontmatter, mainmatter and
     %%%                  backmatter, pointed out by Lapo Mori
     %%%
     %%% Revision    1.31 (2004)
     %%%             Sep. 21th problem with the Rejne definition streched text
     %%%                  caused ugly gaps in the vrule aligned with the title
     %%%                  text. Kindly pointed out to me by Hendri Adriaens
     %%%
     %%% Revision    1.32 (2005)
     %%%             Jun. 23th compatibility problem with the KOMA class 'scrbook.cls'
     %%%                  a remedy is a redefinition of '\@schapter' in
     %%%                  line with that used in KOMA. The problem was pointed
     %%%                  out to me by Mikkel Holm Olsen
     %%%
     %%% Revision    1.33 (2005)
     %%%             Aug. 9th misspelled ``TWELV'' corrected, the error was pointed
     %%%                  out to me by George Pearson
     %%%
     %%% Last modified   Aug. 9th 2005
     \NeedsTeXFormat{LaTeX2e}[1995/12/01]
     \ProvidesPackage{fncychap}
                  [2004/09/21 v1.33
                      LaTeX package (Revised chapters)]
     %%%% DEFINITION OF Chapapp variables
     \newcommand{\CNV}{\huge\bfseries}
     \newcommand{\ChNameVar}[1]{\renewcommand{\CNV}{#1}}
     %%%% DEFINITION OF TheChapter variables
     \newcommand{\CNoV}{\huge\bfseries}
     \newcommand{\ChNumVar}[1]{\renewcommand{\CNoV}{#1}}
     \newif\ifUCN
     \UCNfalse
     \newif\ifLCN
     \LCNfalse
     \def\ChNameLowerCase{\LCNtrue\UCNfalse}
     \def\ChNameUpperCase{\UCNtrue\LCNfalse}
     \def\ChNameAsIs{\UCNfalse\LCNfalse}
     %%%%% Fix for AMSBook 971008
     \@ifundefined{@chapapp}{\let\@chapapp\chaptername}{}
     %%%%% Fix for Bjarne and appendix 980211
     \newif\ifinapp
     \inappfalse
     \renewcommand\appendix{\par
       \setcounter{chapter}{0}%
       \setcounter{section}{0}%
       \inapptrue%
       \renewcommand\@chapapp{\appendixname}%
       \renewcommand\thechapter{\@Alph\c@chapter}}
     %%%%% Fix for frontmatter, mainmatter, and backmatter 040920
     \@ifundefined{@mainmatter}{\newif\if@mainmatter \@mainmattertrue}{}
     %%%%%
     \newcommand{\FmN}[1]{%
     \ifUCN
        {\MakeUppercase#1}\LCNfalse
     \else
        \ifLCN
           {\MakeLowercase#1}\UCNfalse
        \else #1
        \fi
     \fi}
     %%%% DEFINITION OF Title variables
     \newcommand{\CTV}{\Huge\bfseries}
     \newcommand{\ChTitleVar}[1]{\renewcommand{\CTV}{#1}}
     %%%% DEFINITION OF the basic rule width
     \newlength{\RW}
     \setlength{\RW}{1pt}
     \newcommand{\ChRuleWidth}[1]{\setlength{\RW}{#1}}
     \newif\ifUCT
     \UCTfalse
     \newif\ifLCT
     \LCTfalse
     \def\ChTitleLowerCase{\LCTtrue\UCTfalse}
     \def\ChTitleUpperCase{\UCTtrue\LCTfalse}
     \def\ChTitleAsIs{\UCTfalse\LCTfalse}
     \newcommand{\FmTi}[1]{%
     \ifUCT
        {\MakeUppercase#1}\LCTfalse
     \else
        \ifLCT
           {\MakeLowercase#1}\UCTfalse
        \else {#1}
        \fi
     \fi}
     \newlength{\mylen}
     \newlength{\myhi}
     \newlength{\px}
     \newlength{\py}
     \newlength{\pyy}
     \newlength{\pxx}
     \def\mghrulefill#1{\leavevmode\leaders\hrule\@height #1\hfill\kern\z@}
     \newcommand{\DOCH}{%
       \CNV\FmN{\@chapapp}\space \CNoV\thechapter
       \par\nobreak
       \vskip 20\p@
+      }
     \newcommand{\DOTI}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
     \newcommand{\DOTIS}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
     %%%%%% SONNY DEF
     \DeclareOption{Sonny}{%
       \ChNameVar{\Large\sf}
       \ChNumVar{\Huge}
       \ChTitleVar{\Large\sf}
       \ChRuleWidth{0.5pt}
       \ChNameUpperCase
       \renewcommand{\DOCH}{%
         \raggedleft
         \CNV\FmN{\@chapapp}\space \CNoV\thechapter
         \par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTI}[1]{%
         \CTV\raggedleft\mghrulefill{\RW}\par\nobreak
         \vskip 5\p@
         \CTV\FmTi{#1}\par\nobreak
         \mghrulefill{\RW}\par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTIS}[1]{%
         \CTV\raggedleft\mghrulefill{\RW}\par\nobreak
         \vskip 5\p@
         \CTV\FmTi{#1}\par\nobreak
         \mghrulefill{\RW}\par\nobreak
         \vskip 40\p@}
+    }
     %%%%%% LENNY DEF
     \DeclareOption{Lenny}{%
       \ChNameVar{\fontsize{14}{16}\usefont{OT1}{phv}{m}{n}\selectfont}
       \ChNumVar{\fontsize{60}{62}\usefont{OT1}{ptm}{m}{n}\selectfont}
       \ChTitleVar{\Huge\bfseries\rm}
       \ChRuleWidth{1pt}
       \renewcommand{\DOCH}{%
         \settowidth{\px}{\CNV\FmN{\@chapapp}}
         \addtolength{\px}{2pt}
         \settoheight{\py}{\CNV\FmN{\@chapapp}}
         \addtolength{\py}{1pt}
         \settowidth{\mylen}{\CNV\FmN{\@chapapp}\space\CNoV\thechapter}
         \addtolength{\mylen}{1pt}
         \settowidth{\pxx}{\CNoV\thechapter}
         \addtolength{\pxx}{-1pt}
         \settoheight{\pyy}{\CNoV\thechapter}
         \addtolength{\pyy}{-2pt}
         \setlength{\myhi}{\pyy}
         \addtolength{\myhi}{-1\py}
         \par
         \parbox[b]{\textwidth}{%
         \rule[\py]{\RW}{\myhi}%
         \hskip -\RW%
         \rule[\pyy]{\px}{\RW}%
         \hskip -\px%
         \raggedright%
         \CNV\FmN{\@chapapp}\space\CNoV\thechapter%
         \hskip1pt%
         \mghrulefill{\RW}%
         \rule{\RW}{\pyy}\par\nobreak%
         \vskip -\baselineskip%
         \vskip -\pyy%
         \hskip \mylen%
         \mghrulefill{\RW}\par\nobreak%
         \vskip \pyy}%
         \vskip 20\p@}
       \renewcommand{\DOTI}[1]{%
         \raggedright
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTIS}[1]{%
         \raggedright
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
+     }
     %%%%%%% GLENN DEF
     \DeclareOption{Glenn}{%
       \ChNameVar{\bfseries\Large\sf}
       \ChNumVar{\Huge}
       \ChTitleVar{\bfseries\Large\rm}
       \ChRuleWidth{1pt}
       \ChNameUpperCase
       \ChTitleUpperCase
       \renewcommand{\DOCH}{%
         \settoheight{\myhi}{\CTV\FmTi{Test}}
         \setlength{\py}{\baselineskip}
         \addtolength{\py}{\RW}
         \addtolength{\py}{\myhi}
         \setlength{\pyy}{\py}
         \addtolength{\pyy}{-1\RW}
         \raggedright
         \CNV\FmN{\@chapapp}\space\CNoV\thechapter
         \hskip 3pt\mghrulefill{\RW}\rule[-1\pyy]{2\RW}{\py}\par\nobreak}
       \renewcommand{\DOTI}[1]{%
         \addtolength{\pyy}{-4pt}
         \settoheight{\myhi}{\CTV\FmTi{#1}}
         \addtolength{\myhi}{\py}
         \addtolength{\myhi}{-1\RW}
         \vskip -1\pyy
         \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 2pt
         \raggedleft\CTV\FmTi{#1}\par\nobreak
         \vskip 80\p@}
     \newlength{\backskip}
       \renewcommand{\DOTIS}[1]{%
     %    \setlength{\py}{10pt}
     %    \setlength{\pyy}{\py}
     %    \addtolength{\pyy}{\RW}
     %    \setlength{\myhi}{\baselineskip}
     %    \addtolength{\myhi}{\pyy}
     %    \mghrulefill{\RW}\rule[-1\py]{2\RW}{\pyy}\par\nobreak
     %    \addtolength{}{}
     %\vskip -1\baselineskip
     %    \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 2pt
     %    \raggedleft\CTV\FmTi{#1}\par\nobreak
     %    \vskip 60\p@}
     %% Fix suggested by Tomas Lundberg
         \setlength{\py}{25pt}  % eller vad man vill
         \setlength{\pyy}{\py}
         \setlength{\backskip}{\py}
         \addtolength{\backskip}{2pt}
         \addtolength{\pyy}{\RW}
         \setlength{\myhi}{\baselineskip}
         \addtolength{\myhi}{\pyy}
         \mghrulefill{\RW}\rule[-1\py]{2\RW}{\pyy}\par\nobreak
         \vskip -1\backskip
         \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 3pt %
         \raggedleft\CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
+     }
     %%%%%%% CONNY DEF
     \DeclareOption{Conny}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\centering\Huge\rm\bfseries}
       \ChNumVar{\Huge}
       \ChTitleVar{\centering\Huge\rm}
       \ChRuleWidth{2pt}
       \renewcommand{\DOCH}{%
         \mghrulefill{3\RW}\par\nobreak
         \vskip -0.5\baselineskip
         \mghrulefill{\RW}\par\nobreak
         \CNV\FmN{\@chapapp}\space \CNoV\thechapter
         \par\nobreak
         \vskip -0.5\baselineskip
+       }
       \renewcommand{\DOTI}[1]{%
         \mghrulefill{\RW}\par\nobreak
         \CTV\FmTi{#1}\par\nobreak
         \vskip 60\p@
+        }
       \renewcommand{\DOTIS}[1]{%
         \mghrulefill{\RW}\par\nobreak
         \CTV\FmTi{#1}\par\nobreak
         \vskip 60\p@
+        }
+      }
     %%%%%%% REJNE DEF
     \DeclareOption{Rejne}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\centering\Large\rm}
       \ChNumVar{\Huge}
       \ChTitleVar{\centering\Huge\rm}
       \ChRuleWidth{1pt}
       \renewcommand{\DOCH}{%
         \settoheight{\py}{\CNoV\thechapter}
         \parskip=0pt plus 1pt % Set parskip to default, just in case v1.31
         \addtolength{\py}{-1pt}
         \CNV\FmN{\@chapapp}\par\nobreak
         \vskip 20\p@
         \setlength{\myhi}{2\baselineskip}
         \setlength{\px}{\myhi}
         \addtolength{\px}{-1\RW}
         \rule[-1\px]{\RW}{\myhi}\mghrulefill{\RW}\hskip
 pt\raisebox{-0.5\py}{\CNoV\thechapter}\hskip 10pt\mghrulefill{\RW}\rule[-1\px]{\RW}{\myhi}\par\nobreak
          \vskip -3\p@% Added -2pt vskip to correct for streched text v1.31
+        }
       \renewcommand{\DOTI}[1]{%
         \setlength{\mylen}{\textwidth}
         \parskip=0pt plus 1pt % Set parskip to default, just in case v1.31
         \addtolength{\mylen}{-2\RW}
         {\vrule width\RW}\parbox{\mylen}{\CTV\FmTi{#1}}{\vrule width\RW}\par\nobreak%
         \vskip -3pt\rule{\RW}{2\baselineskip}\mghrulefill{\RW}\rule{\RW}{2\baselineskip}%
         \vskip 60\p@% Added -2pt in vskip to correct for streched text v1.31
+        }
       \renewcommand{\DOTIS}[1]{%
         \setlength{\py}{\fboxrule}
         \setlength{\fboxrule}{\RW}
         \setlength{\mylen}{\textwidth}
         \addtolength{\mylen}{-2\RW}
         \fbox{\parbox{\mylen}{\vskip 2\baselineskip\CTV\FmTi{#1}\par\nobreak\vskip \baselineskip}}
         \setlength{\fboxrule}{\py}
         \vskip 60\p@
+        }
+      }
     %%%%%%% BJARNE DEF
     \DeclareOption{Bjarne}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\raggedleft\normalsize\rm}
       \ChNumVar{\raggedleft \bfseries\Large}
       \ChTitleVar{\raggedleft \Large\rm}
       \ChRuleWidth{1pt}
     %% Note thechapter -> c@chapter fix appendix bug
     %% Fixed misspelled 12
       \newcounter{AlphaCnt}
       \newcounter{AlphaDecCnt}
       \newcommand{\AlphaNo}{%
         \ifcase\number\theAlphaCnt
           \ifnum\c@chapter=0
             ZERO\else{}\fi
         \or ONE\or TWO\or THREE\or FOUR\or FIVE
         \or SIX\or SEVEN\or EIGHT\or NINE\or TEN
         \or ELEVEN\or TWELVE\or THIRTEEN\or FOURTEEN\or FIFTEEN
         \or SIXTEEN\or SEVENTEEN\or EIGHTEEN\or NINETEEN\fi
+    }
       \newcommand{\AlphaDecNo}{%
         \setcounter{AlphaDecCnt}{0}
         \@whilenum\number\theAlphaCnt>0\do
           {\addtocounter{AlphaCnt}{-10}
            \addtocounter{AlphaDecCnt}{1}}
          \ifnum\number\theAlphaCnt=0
          \else
            \addtocounter{AlphaDecCnt}{-1}
            \addtocounter{AlphaCnt}{10}
          \fi
         \ifcase\number\theAlphaDecCnt\or TEN\or TWENTY\or THIRTY\or
         FORTY\or FIFTY\or SIXTY\or SEVENTY\or EIGHTY\or NINETY\fi
+        }
       \newcommand{\TheAlphaChapter}{%
         \ifinapp
           \thechapter
         \else
           \setcounter{AlphaCnt}{\c@chapter}
           \ifnum\c@chapter<20
             \AlphaNo
           \else
             \AlphaDecNo\AlphaNo
           \fi
         \fi
+        }
       \renewcommand{\DOCH}{%
         \mghrulefill{\RW}\par\nobreak
         \CNV\FmN{\@chapapp}\par\nobreak
         \CNoV\TheAlphaChapter\par\nobreak
         \vskip -1\baselineskip\vskip 5pt\mghrulefill{\RW}\par\nobreak
         \vskip 20\p@
+        }
       \renewcommand{\DOTI}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
       \renewcommand{\DOTIS}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
+    }
     \DeclareOption*{%
       \PackageWarning{fancychapter}{unknown style option}
+      }
     \ProcessOptions* \relax
     \def\@makechapterhead#1{%
       \vspace*{50\p@}%
       {\parindent \z@ \raggedright \normalfont
         \ifnum \c@secnumdepth >\m@ne
           \if@mainmatter%%%%% Fix for frontmatter, mainmatter, and backmatter 040920
             \DOCH
           \fi
         \fi
         \interlinepenalty\@M
         \DOTI{#1}
       }}
     %%% Begin: To avoid problem with scrbook.cls (fncychap version 1.32)
     %%OUT:
     %\def\@schapter#1{\if@twocolumn
     %                   \@topnewpage[\@makeschapterhead{#1}]%
     %                 \else
     %                   \@makeschapterhead{#1}%
     %                   \@afterheading
     %                 \fi}
     %%IN:
     \def\@schapter#1{%
     \if@twocolumn%
       \@makeschapterhead{#1}%
     \else%
       \@makeschapterhead{#1}%
       \@afterheading%
     \fi}
     %%% End: To avoid problem with scrbook.cls (fncychap version 1.32)
     \def\@makeschapterhead#1{%
       \vspace*{50\p@}%
       {\parindent \z@ \raggedright
         \normalfont
         \interlinepenalty\@M
         \DOTIS{#1}
         \vskip 40\p@
       }}
     \endinput

     =====================================
     Larpe - Administrator Guide
     =====================================
     :author: Damien Laniel
     :contact: dlaniel@entrouvert.com
     :copyright: Copyright © 2006 Entr'ouvert
     .. contents:: Table of contents
     Overview
     ========
     Larpe is a Liberty Alliance Reverse Proxy. It allows any service provider
     (that is a website) to use Liberty Alliance features (Identity federation,
     Single Sign On and Single Logout) without changing the code of
     the service provider itself. It uses the Lasso_ library
     which is certified by the `Liberty Alliance`_ consortium. Lasso_ and Larpe
     are released under the terms of the `GNU GPL license`_.
     How to get and install Larpe
     ============================
     Installation under Debian_ Sarge
     ++++++++++++++++++++++++++++++++
     To work correctly Larpe relies on :
     * Apache2_ ;
     * Lasso_ (0.6.3) ;
     * Quixote_ (2.0) ;
     * SCGI_ ;
     * mod_python_ ;
     * libxml2 ;
     * mod_proxy_html.
     You will also need a Liberty Alliance Identity Provider, be it on the same server or not.
     We recommend Authentic_ for that need.
     Package Installation
     --------------------
     You need to add the following line to your /etc/apt/sources.list; this will
     give you access to the repository where Larpe is stored::
      deb http://deb.entrouvert.org/ sarge main
     As root type::
      apt-get update
      apt-get install larpe
     And follow the debconf wizard to set it up.
     All the required packages are now installed and configured.
     You might need to change the "<VirtualHost \*>" in your apache2 configuration
     (/etc/apache2/sites-available/apache2-vhost-larpe) depending on how you
     previously configured apache.
     Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
     administration interface is reachable at http://your_domain_name/admin. The username
     and password are the ones you entered during the installation wizard.
     If you don't want to modify your sources.list file, you can manually dowload and
     install the required packages with the dpkg -i command :
     * Larpe, Authentic and Lasso on http://deb.entrouvert.org/ ;
     * Quixote 2.0 on http://authentic.labs.libre-entreprise.org/.
     Installation with another Linux distribution
     ++++++++++++++++++++++++++++++++++++++++++++
     We suppose Apache2_, SCGI_, mod_python_, libxml2 and mod_proxy_html are already installed. You need then to
     download and install the following sources :
     * Lasso http://lasso.entrouvert.org ;
     * Quixote http://www.mems-exchange.org/software/Quixote/ ;
     * Authentic http://authentic.labs.libre-entreprise.org/ ;
     * Larpe http://labs.libre-entreprise.org/frs/?group_id=108.
     To install Larpe, uncompress the sources you have downloaded and launch the
     setup.py script ::
      tar xzf larpe*.tar.gz
      cd larpe*
      python setup.py install
     You need then to configure Apache2_ correctly. You should use the provided apache2-vhost-larpe template and adapt to your configuration.
     Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
     administration interface is reachable at http://your_domain_name/admin.
     Basic Larpe configuration
     =========================
     Identity Provider configuration
     +++++++++++++++++++++++++++++++
     If you don't have a configured Identity Provider yet, please read Authentic
     manual to set it up. Then you must have the metadata and public key of the Identity
     Provider to begin with Larpe.
     Then in Larpe administration interface, click on "Settings", then "Identity Provider".
     Fill in the metadata and public key that you've got from your Identity Provider then
     click Submit.
     Your Identity Provider is now configured in Larpe, you can then configure as many Service
     Providers as you want.
     Service Provider Configuration
     ++++++++++++++++++++++++++++++
     Service Provider configuration
     ------------------------------
     Click on "Hosts" then "New Host".
     Fill in the following parameters :
     * Label : the name you want to give to your Service Provider ;
     * Original Site Address : the root URL of your Service Provider ;
     * Authentication Page : if the page which contains the authentication form for
       your Service Provider is on a separate page, fill the url of this page here ;
     * Authentication Form Page : if you didn't fill the previous field and if the
       authentication form if not on the first page of your Service Provider either,
       fill the url of the page which contains the authentication form here ;
     * Logout Address : when you want Single Sign On and Identity Federation, you probably
       want Single Logout too. If so, fill the logout url of your original site here ;
     * Reversed Host Name : the domain name where you want to access your Service Provider
       through the reverse proxy. It can be the domain name of Larpe or not ;
     Then click "Submit". Wait a few seconds then go to http://reversed_host_name/reverse_directory/
     to check if it works. If not, wait a bit more and try again. If it really doesn't work,
     please submit a bug report at http://labs.libre-entreprise.org/tracker/?func=add&group_id=108&atid=512
     Service Provider Example: Linuxfr
     ---------------------------------
     To help you setup your own Service Provider, we provide an example of a working Service Provider
     to guide you.
     To setup Linuxfr, fill in the following parameters :
     * Label : Linuxfr ;
     * Original Site Address : http://linuxfr.org/ ;
     * Authentication Page : Nothing here ;
     * Authentication Form Page : http://linuxfr.org/pub/ ;
     * Logout Address : http://linuxfr.org/close_session.html ;
     * Reversed Host Name : linuxfr.reverse-proxy.example.com.
     With "reverse-proxy.example.com" being the hostname you've set up before for your reverse-proxy
     Don't forget to add this new hostname to your /etc/hosts as well.
     You can then go to the reversed Linuxfr at http://linuxfr.reverse-proxy.example.com/
     Service Provider Liberty Alliance final setup
     ---------------------------------------------
     Now that you can access your Service Provider, you need a final step to use Liberty Alliance
     features. Click on "Hosts", the click on the "Edit" icon of the Service Provider you've
     just configured. Save the Service Provider Metadata (for ID-FF 1.2) and the Public Key
     (right click then "Save as"). Configure this Service Provider on your Identity Provider
     with these two files.
     Licenses
     ========
     Larpe, Authentic_, Candle_ and Lasso_ are released under the terms of the
     `GNU GPL license`_.
     .. _Lasso: http://lasso.entrouvert.org/
     .. _`Liberty Alliance`: http://projectliberty.org/
     .. _`GNU GPL License`: http://www.gnu.org/copyleft/gpl.html
     .. _Debian: http://www.debian.org/
     .. _Apache2: http://httpd.apache.org/
     .. _Quixote: http://www.mems-exchange.org/software/Quixote
     .. _mod_python: http://www.modpython.org/
     .. _SCGI: http://www.mems-exchange.org/software/scgi/
     .. _Candle: http://candle.labs.libre-entreprise.org/
     .. _Authentic: http://www.entrouvert.com/fr/authentic/

doc/scripts/removealpha.sh
	1	#! /bin/sh
	2
	3	size=$(identify $1 \| cut -d ' ' -f 3)
	4	composite $1 -size $(identify $1 \| cut -d ' ' -f3) xc:white $2
	5

     #! /usr/bin/python
     """A minimal reST frontend, to create appropriate LaTeX files."""
     try:
         import locale
         locale.setlocale(locale.LC_ALL, '')
     except:
         pass
     from docutils.core import publish_cmdline, Publisher
     def set_io(self, source_path=None, destination_path=None):
         Publisher.set_io_orig(self, source_path, destination_path='/dev/null')
     Publisher.set_io_orig, Publisher.set_io = Publisher.set_io, set_io
     output = publish_cmdline(writer_name='latex',
         settings_overrides = {
             'documentclass': 'report',
             'documentoptions': '11pt,a4paper,titlepage',
             'use_latex_toc': True,
             'use_latex_docinfo': True,
             'stylesheet': 'custom.tex'})
     output = output.replace('\\includegraphics',
         '\\includegraphics[width=.9\\textwidth,height=15cm,clip,keepaspectratio]')
     output = output.replace('\\begin{figure}[htbp]', '\\begin{figure}[H]')
     print output

     .svn
     *.pyc
     *.pyo
     *.pye
     *.ptle
     *.swp
     debian.sarge
     make_debian_package.sh
     build
     dist
     tests
     larpe/filter

     #!/bin/sh
+    #
     # The command "/etc/init.d/httpd reload" on Fedora actually _restarts_ Apache
     # We need to _reload_ it without closing existing connections
     APACHE2CTL=/usr/sbin/apachectl
     echo -n "Testing Apache config... "
     if ! $APACHE2CTL configtest > /dev/null 2>&1; then
     	$APACHE2CTL configtest || true
     	echo "[FAILED]"
     	exit 1
     else
     	echo "[OK]"
     fi
     echo -n "Reloading Apache config... "
     if $APACHE2CTL graceful $2 ; then
     	echo "[OK]"
     else
     	echo "[FAILED]"
     fi

     #! /bin/bash
+    #
     # larpe        Startup script for the Larpe reverse proxy
+    #
     # description: Larpe is Liberty Alliance reverse proxy.  It is used to add Liberty Alliance \
     #           features to some sites without modifying the sites themselves.
     # processname: larpe
     # config: /etc/httpd/conf.d/larpe.conf
     # config: /etc/larpe/apache2-vhost-larpe-common
     # config: /etc/sysconfig/larpe
     # pidfile: /var/run/larpe.pid
+    #
     ### BEGIN INIT INFO
     # Provides:          larpe
     # Required-Start:    $local_fs $network
     # Required-Stop:     $local_fs $network
     # Default-Start:
     # Default-Stop:      0 1 2 3 4 5 6
     # Short-Description: Start Larpe Liberty Alliance reverse proxy
     # Description:       Start Larpe Liberty Alliance reverse proxy
     ### END INIT INFO
     prog=larpe
     LARPECTL=/usr/sbin/larpectl
     PIDFILE=/var/run/larpe.pid
     # Source function library.
     . /etc/rc.d/init.d/functions
     # Source networking configuration.
     . /etc/sysconfig/network
     # Check that networking is up.
     [ ${NETWORKING} = "no" ] && exit 0
     [ -x $LARPECTL ] || exit 5
     # Read config file if it is present.
     if [ -f /etc/sysconfig/larpe ]; then
     	. /etc/sysconfig/larpe
     fi
     RETVAL=0
+    #
     # Function that starts the daemon/service.
+    #
     start() {
     	echo -n $"Starting $prog: "
     	$LARPECTL start &
     	RETVAL=$?
     	if [ $RETVAL -eq 0 ]
     	then
     		touch /var/lock/subsys/$prog
     	fi
     	echo
     	return $RETVAL
+    }
+    #
     # Function that stops the daemon/service.
+    #
     stop() {
     	echo -n $"Stopping $prog: "
     	killproc $LARPECTL
     	RETVAL=$?
     	if [ $RETVAL -eq 0 ]
     	then
     		rm -rf /var/lock/subsys/$prog
     	fi
     	echo
     	return $RETVAL
+    }
     # See how we were called.
     case "$1" in
     	start)
     		start
     	;;
     	stop)
     		stop
     	;;
     	status)
     		status $prog
     		RETVAL=$?
     	;;
     	restart)
     		stop
     		start
     	;;
     	condrestart)
     		if [ -f ${PIDFILE} ] ; then
     			stop
     			start
     		fi
     	;;
     	*)
     		echo $"Usage: $prog {start|stop|restart|condrestart|status}"
     		exit 1
     esac
     exit $RETVAL

     %{!?python_sitearch: %define python_sitearch %(%{__python} -c 'from distutils import sysconfig; print sysconfig.get_python_lib(1)')}
     # eval to 2.3 if python isn't yet present, workaround for no python in fc4 minimal buildroot
     %{!?python_version: %define python_version %(%{__python} -c 'import sys; print sys.version.split(" ")[0]' || echo "2.3")}
     %define apacheconfdir   %{_sysconfdir}/httpd/conf.d
     Summary: Liberty Alliance Reverse Proxy
     Name: larpe
     Version: 0.2.9
     Release: 2%{?dist}
     License: GPL
     Group: System Environment/Applications
     Url: http://larpe.labs.libre-entreprise.org/
     Source0: http://labs.libre-entreprise.org/frs/download.php/591/%{name}-%{version}.tar.gz
     Buildroot: %{_tmppath}/%{name}-%{version}-%(id -u -n)
     BuildRequires: python >= 2.3, python-quixote >= 2.0
     BuildRequires: gettext
     Requires: httpd >= 2.0, mod_scgi, mod_proxy_html
     Requires: lasso-python >= 0.6.3, python-quixote >= 2.0, python-scgi
     Requires: initscripts
     Requires(post): /sbin/chkconfig
     Requires(preun):/sbin/chkconfig
     Requires(preun): /sbin/service
     %description
     Larpe is a Liberty Alliance Reverse Proxy. It allows any service provider (that is a website)
     to use Liberty Alliance features (Identity federation, Single Sign On and Single Logout) without
     changing the code of the service provider itself.
     It uses the Lasso library which is certified by the Liberty Alliance consortium.
     It is a quixote application and is commonly runned inside Apache web server.
     %package doc
     Summary: Documentation files for %{name} development.
     Group: Documentation
     BuildRequires: python-docutils, tetex-latex
     %description doc
     This package contains development documentation for %{name}.
     %prep
     %setup -q
     # Change Apache vhost path in Larpe config
     sed -i s#"/var/log/apache2/larpe-access.log"#"logs/larpe_access_log combined\n    TransferLog logs/larpe_access_log"# conf/apache2-vhost-larpe
     sed -i s#"/var/log/apache2/larpe-error.log"#"logs/larpe_error_log"# conf/apache2-vhost-larpe
     sed -i s#"APACHE_MAIN_VHOST.*$"#"APACHE_MAIN_VHOST='/etc/httpd/conf.d/larpe.conf'"# larpe/Defaults.py
     %build
     %install
     rm -rf %{buildroot}
     # install generic files
     make install prefix=%{_prefix} DESTDIR=%{buildroot}
     # install init script
     install -d %{buildroot}/%{_initrddir}
     install -p -m 0755 fedora/larpe.init %{buildroot}%{_initrddir}/larpe
     # apache configuration
     mkdir -p %{buildroot}%{apacheconfdir}
     install -p -m 644 conf/apache2-vhost-larpe %{buildroot}%{apacheconfdir}/larpe.conf
     # apache reload script
     install -p -m 0755 fedora/larpe-reload-apache2-script %{buildroot}%{_sbindir}/
     # install doc files
     install -d -m 0755 %{buildroot}%{_datadir}/gtk-doc/html/larpe
     make -C doc DESTDIR=%{buildroot}%{_datadir}/gtk-doc/html/larpe
     %clean
     rm -fr %{buildroot}
     %post
     /sbin/chkconfig --add %{name}
     # manual post-installation
     cat <<_EOF_
     You must edit first %{apacheconfdir}/larpe.conf
     You must enable Larpe with "chkconfig larpe on ; service larpe start"
     You must also restart Apache with "service httpd restart"!
     _EOF_
     %preun
     if [ $1 = 0 ]; then
     	/sbin/service %{name} stop > /dev/null 2>&1
     	/sbin/chkconfig --del %{name}
     fi
     %files
     %defattr(-,root,root,755)
     %config %{_initrddir}/larpe
     %config(noreplace) %{apacheconfdir}/larpe.conf
     %config(noreplace) %{_sysconfdir}/larpe/apache2-vhost-larpe-common
     %{_sbindir}/larpectl
     %{_sbindir}/larpe-reload-apache2
     %{_sbindir}/larpe-reload-apache2-script
     %{python_sitearch}/%{name}
     %{_datadir}/%{name}
     %{_datadir}/locale/fr/LC_MESSAGES/larpe.mo
     /var/lib/larpe
     %defattr(644,root,root,755)
     %doc AUTHORS COPYING NEWS README
     %files doc
     %defattr(-,root,root)
     %doc %{_datadir}/gtk-doc/html/%{name}
     %changelog
     * Tue Mar 05 2009 Jean-Marc Liger <jmliger@siris.sorbonne.fr> 0.2.9-2
     - Added missing BuildRequires gettext
     - Enabled larpe init script
     * Mon Jan 19 2009 Damien Laniel <dlaniel@entrouvert.com> 0.2.9-1
     - Updated to 0.2.9
     - Use Larpe Makefile to install generic files
     - Copy fedora specific files
     * Sat Jan 17 2009 Jean-Marc Liger <jmliger@siris.sorbonne.fr> 0.2.1-2
     - Added missing BuildRequires tetex-latex for doc subpackage
     - Rebuilt on CentOS 4,5
     * Wed Jan 14 2009 Jean-Marc Liger <jmliger@siris.sorbonne.fr> 0.2.1-1
     - Updated to 0.2.1
     - Added missing Requires lasso-python
     - Added missing Requires python-scgi
     - Rebuilt on CentOS 4,5
     * Fri Mar 02 2007 Jean-Marc Liger <jmliger@siris.sorbonne.fr> 0.2.0-1
     - Updated to 0.2.0
     - Added BuildRequires python-quixote
     - Built on Fedora Core 3 / RHEL 4 and Fedora Core 6 / RHEL 5
     * Wed Jan 24 2007 Jean-Marc Liger <jmliger@siris.sorbonne.fr> 0.1.0-1
     - First 0.1.0
     - Built on Fedora Core 3 / RHEL 4 and Fedora Core 6 / RHEL 5

     /*
       Template for a setuid program that calls a script.
       The script should be in an unwritable directory and should itself
       be unwritable.  In fact all parent directories up to the root
       should be unwritable.  The script must not be setuid, that's what
       this program is for.
       This is a template program.  You need to fill in the name of the
       script that must be executed.  This is done by changing the
       definition of FULL_PATH below.
       There are also some rules that should be adhered to when writing
       the script itself.
       The first and most important rule is to never, ever trust that the
       user of the program will behave properly.  Program defensively.
       Check your arguments for reasonableness.  If the user is allowed to
       create files, check the names of the files.  If the program depends
       on argv[0] for the action it should perform, check it.
       Assuming the script is a Bourne shell script, the first line of the
       script should be
       #!/bin/sh -
       The - is important, don't omit it.  If you're using esh, the first
       line should be
       #!/usr/local/bin/esh -f
       and for ksh, the first line should be
       #!/usr/local/bin/ksh -p
       The script should then set the variable IFS to the string
       consisting of <space>, <tab>, and <newline>.  After this (*not*
       before!), the PATH variable should be set to a reasonable value and
       exported.  Do not expect the PATH to have a reasonable value, so do
       not trust the old value of PATH.  You should then set the umask of
       the program by calling
       umask 077 # or 022 if you want the files to be readable
       If you plan to change directories, you should either unset CDPATH
       or set it to a good value.  Setting CDPATH to just ``.'' (dot) is a
       good idea.
       If, for some reason, you want to use csh, the first line should be
       #!/bin/csh -fb
       You should then set the path variable to something reasonable,
       without trusting the inherited path.  Here too, you should set the
       umask using the command
       umask 077 # or 022 if you want the files to be readable
     */
     #include <unistd.h>
     #include <stdlib.h>
     #include <stdio.h>
     #include <sys/types.h>
     #include <sys/stat.h>
     #include <string.h>
     /* CONFIGURATION SECTION */
     #ifndef FULL_PATH/* so that this can be specified from the Makefile */
       #define FULL_PATH	"/usr/sbin/larpe-reload-apache2-script"
     #endif
     #ifndef UMASK
       #define UMASK		077
     #endif
     /* END OF CONFIGURATION SECTION */
     #if defined(__STDC__) && defined(__sgi)
     #define environ _environ
     #endif
     /* don't change def_IFS */
     char def_IFS[] = "IFS= \t\n";
     /* you may want to change def_PATH, but you should really change it in */
     /* your script */
     #ifdef __sgi
     char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin";
     #else
     char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin";
     #endif
     /* don't change def_CDPATH */
     char def_CDPATH[] = "CDPATH=.";
     /* don't change def_ENV */
     char def_ENV[] = "ENV=:";
     /*
       This function changes all environment variables that start with LD_
       into variables that start with XD_.  This is important since we
       don't want the script that is executed to use any funny shared
       libraries.
       The other changes to the environment are, strictly speaking, not
       needed here.  They can safely be done in the script.  They are done
       here because we don't trust the script writer (just like the script
       writer shouldn't trust the user of the script).
       If IFS is set in the environment, set it to space,tab,newline.
       If CDPATH is set in the environment, set it to ``.''.
       Set PATH to a reasonable default.
     */
     void
     clean_environ(void)
+    {
         char **p;
         extern char **environ;
         for (p = environ; *p; p++) {
     	if (strncmp(*p, "LD_", 3) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "_RLD", 4) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "PYTHON", 6) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "IFS=", 4) == 0)
     	    *p = def_IFS;
     	else if (strncmp(*p, "CDPATH=", 7) == 0)
     	    *p = def_CDPATH;
     	else if (strncmp(*p, "ENV=", 4) == 0)
     	    *p = def_ENV;
+        }
         putenv(def_PATH);
+    }
     int
     main(int argc, char **argv)
+    {
         struct stat statb;
         gid_t egid = getegid();
         uid_t euid = geteuid();
         /*
           Sanity check #1.
           This check should be made compile-time, but that's not possible.
           If you're sure that you specified a full path name for FULL_PATH,
           you can omit this check.
         */
         if (FULL_PATH[0] != '/') {
     	fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
     		FULL_PATH);
     	fprintf(stderr, "You can only use this wrapper if you\n");
     	fprintf(stderr, "compile it with an absolute path.\n");
     	exit(1);
+        }
         /*
           Sanity check #2.
           Check that the owner of the script is equal to either the
           effective uid or the super user.
         */
         if (stat(FULL_PATH, &statb) < 0) {
     	perror("stat");
     	exit(1);
+        }
         if (statb.st_uid != 0 && statb.st_uid != euid) {
     	fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
     		FULL_PATH);
     	fprintf(stderr, "The script should be owned by root,\n");
     	fprintf(stderr, "and shouldn't be writeable by anyone.\n");
     	exit(1);
+        }
         if (setregid(egid, egid) < 0)
     	perror("setregid");
         if (setreuid(euid, euid) < 0)
     	perror("setreuid");
         clean_environ();
         umask(UMASK);
         while (**argv == '-')/* don't let argv[0] start with '-' */
     	(*argv)++;
         execv(FULL_PATH, argv);
         fprintf(stderr, "%s: could not execute the script\n", argv[0]);
         exit(1);
+    }

     '''Default global variables'''
     APP_DIR = '/var/lib/larpe'
     DATA_DIR = '/usr/share/larpe'
     ERROR_LOG = None #'/var/log/larpe.log'
     WEB_ROOT = 'larpe'
     APACHE_MAIN_VHOST = '/etc/apache2/sites-available/apache2-vhost-larpe'
     APACHE_VHOST_COMMON = '/etc/larpe/apache2-vhost-larpe-common'
     APACHE_RELOAD = '/usr/sbin/larpe-reload-apache2'

     '''Setup path and load Lasso library'''
     try:
         from quixote.ptl import compile_package
         compile_package(__path__)
     except ImportError:
         pass
     import sys
     import os
     sys.path.insert(0, os.path.dirname(__file__))
     import qommon
     try:
         import lasso
     except ImportError:
         lasso = None
     if lasso and not hasattr(lasso, 'SAML2_SUPPORT'):
         lasso.SAML2_SUPPORT = False

larpe/admin/__init__.py
	1	try:
	2	from quixote.ptl import compile_package
	3	compile_package(__path__)
	4	except ImportError:
	5	pass
	6	from root import RootDirectory

     import os
     import re
     import urllib
     import base64
     from quixote import get_publisher, get_request
     from qommon import get_cfg
     from larpe.hosts import Host
     from larpe.Defaults import APP_DIR, APACHE_MAIN_VHOST, APACHE_VHOST_COMMON, APACHE_RELOAD
     def write_apache2_vhosts():
         hosts = Host.select(lambda x: x.name != 'larpe')
         hosts.sort()
         vhosts_dir = os.path.join(APP_DIR, 'vhosts.d')
         vhost_locations_dir = os.path.join(APP_DIR, 'vhost-locations.d')
         vhosts_dir_disabled = os.path.join(APP_DIR, 'vhosts.d.disabled')
         vhost_locations_dir_disabled = os.path.join(APP_DIR, 'vhost-locations.d.disabled')
         vhost_file_name = get_request().get_server().split(':')[0]
         vhost_file = None
         reversed_hostname = ''
         vhost = None
         if get_publisher().cfg.get(str('allow_config_generation'), True):
             vhost_file = open(os.path.join(vhosts_dir, vhost_file_name), 'w')
             locations_file = open(os.path.join(vhost_locations_dir, vhost_file_name), 'w')
         else:
             vhost_file = open(os.path.join(vhosts_dir_disabled, vhost_file_name), 'w')
             locations_file = open(os.path.join(vhost_locations_dir_disabled, vhost_file_name), 'w')
         try:
             main_vhost = open(APACHE_MAIN_VHOST, 'r')
             file_content = main_vhost.read()
             regexp = re.compile('<VirtualHost (.*?)>')
             vhost_ip = regexp.findall(file_content)[0]
         except (IOError, IndexError):
             vhost_ip = '*'
         for host in hosts:
             if host.orig_site is None:
                 # This site hasn't been fully configured
                 continue
             if host.reversed_hostname != reversed_hostname \
                     and host.reversed_hostname != get_cfg('proxy_hostname'):
                 if vhost is not None:
                     vhost.close()
                 vhost = Vhost(host, vhost_ip)
                 vhost.write(vhost_file)
                 reversed_hostname = host.reversed_hostname
             if host.reversed_hostname == get_cfg('proxy_hostname'):
                 conf_file = locations_file
             else:
                 conf_file = vhost_file
             Location(host).write(conf_file)
         if vhost_file is not None:
             if vhost is not None:
                 vhost.close()
             vhost_file.close()
         if locations_file is not None:
             locations_file.close()
         if get_publisher().cfg.get(str('allow_config_generation'), True):
             os.system(APACHE_RELOAD)
     class Vhost(object):
         def __init__(self, host, main_ip_port):
             self.host = host
             self.main_ip_port = main_ip_port
             self.conf_file = None
         def get_ip_port(self):
             if self.host.scheme == 'https':
                 return self.main_ip_port.replace(':80', ':443')
             else:
                 return self.main_ip_port.replace(':443', ':80')
         ip_port = property(get_ip_port)
         def get_proxy_url(self):
             if get_cfg('proxy', {}).get('enabled') and self.host.use_proxy == True:
                 return 'http://%(ip)s:%(port)s' % get_cfg('proxy', {})
             return None
         proxy_url = property(get_proxy_url)
         def get_proxy_auth(self):
             if self.get_proxy_url() and get_cfg('proxy', {}).get('user'):
                 credentials = base64.encodestring(
                     '%(user)s:%(password)s' % get_cfg('proxy', {}))[:-1]
                 return '"Basic %s"' % credentials
             return None
         proxy_auth = property(get_proxy_auth)
         def get_cfg(self):
             return { 'ip_port': self.ip_port,
                      'reversed_hostname': self.host.reversed_hostname,
                      'proxy_url': self.proxy_url,
                      'proxy_auth': self.proxy_auth }
         cfg = property(get_cfg)
         def write(self, conf_file):
             self.conf_file = conf_file
             conf_lines = []
             # Start Virtual Host
             conf_lines.append('<VirtualHost %(ip_port)s>' % self.cfg)
             # Server name and administrator
             conf_lines.append('ServerName %(reversed_hostname)s' % self.cfg)
             conf_lines.append('# ServerAdmin root@localhost\n')
             # Include common vhost configuration
             conf_lines.append('include %s\n' % APACHE_VHOST_COMMON)
             # SSL
             if self.host.scheme == 'https':
                 conf_lines.append('SSLEngine On\n')
             if self.host.orig_site.startswith('https'):
                 conf_lines.append('SSLProxyEngine On\n')
             # Remote proxy configuration
             if self.proxy_url is not None:
                 conf_lines.append('ProxyRemote * %(proxy_url)s' % self.cfg)
                 if self.proxy_auth is not None:
                     conf_lines.append(
                         'RequestHeader set Proxy-Authorization %(proxy_auth)s\n' % self.cfg)
             # Write it all
             conf_file.write('\n\t'.join(conf_lines))
         def close(self):
             if self.conf_file:
                 self.conf_file.write('</VirtualHost>\n\n')
     def apache_escape_chars(url):
         special_characters = ('\\', '.', '?', '*', '+', '^', '$', '|', '(', ')', '[', ']')
         for char in special_characters:
             url = url.replace(char, '\%s' % char)
         return url
     class Location(object):
         def __init__(self, host):
             self.host = host
         def get_reversed_directory(self):
             if not self.host.reversed_directory:
                 return '%s/' % get_request().environ['SCRIPT_NAME']
             else:
                 return '%s/%s/' % (get_request().environ['SCRIPT_NAME'], self.host.reversed_directory)
         reversed_directory = property(get_reversed_directory)
         def get_python_path(self):
             if self.host.apache_output_python_filters and \
                     self.host.apache_python_paths:
                 python_path = 'PythonPath "sys.path'
                 for path in self.host.apache_python_paths:
                     python_path += "+['%s']" % path
                 python_path += '"'
                 return python_path
             else:
                 return None
         python_path = property(get_python_path)
         def get_output_filters(self):
             python_filters = ''
             output_filters = []
             if self.host.apache_output_python_filters:
                 i = 0
                 for filter_file in self.host.apache_output_python_filters:
                     filter_name = 'filter%d' % i
                     python_filters += 'PythonOutputFilter %s %s\n\t\t' % (filter_file, filter_name)
                     output_filters.append(filter_name)
                     i += 1
             if self.host.apache_output_filters:
                 for output_filter in self.host.apache_output_filters:
                     output_filters.append(output_filter)
             if output_filters:
                 return python_filters + 'SetOutputFilter ' + ';'.join(output_filters)
             else:
                 return None
         output_filters = property(get_output_filters)
         def get_old_auth_url(self):
             old_auth_url = None
             if self.host.initiate_sso_url:
                 old_auth_url = self.host.initiate_sso_url
             elif self.host.auth_url is not None:
                 if self.host.auth_url.startswith('http://'):
                     chars_to_skip = 5
                 else:
                     chars_to_skip = 6
                 regexp = re.compile(self.host.orig_site[chars_to_skip:])
                 old_auth_url_short = regexp.sub('', self.host.auth_url[chars_to_skip:])
                 if old_auth_url_short.startswith('/'):
                     old_auth_url = old_auth_url_short
                 else:
                     old_auth_url = '/' + old_auth_url_short
             if old_auth_url:
                 old_auth_url = apache_escape_chars(old_auth_url)
             return old_auth_url
         old_auth_url = property(get_old_auth_url)
         def get_new_auth_url(self):
             if not hasattr(self.host, 'base_url'):
                 return None
             base_url_tokens = self.host.base_url.split('/')
             base_url_tokens[-1] = 'login'
             return '/'.join(base_url_tokens)
         new_auth_url = property(get_new_auth_url)
         def get_old_logout_url(self):
             old_logout_url = None
             if self.host.logout_url is not None:
                 if self.host.logout_url.startswith('http://'):
                     chars_to_skip = 5
                 else:
                     chars_to_skip = 6
                 regexp = re.compile(self.host.orig_site[chars_to_skip:])
                 old_logout_url_short = regexp.sub('', self.host.logout_url[chars_to_skip:])
                 if old_logout_url_short.startswith('/'):
                     old_logout_url = old_logout_url_short
                 else:
                     old_logout_url = '/' + old_logout_url_short
                 old_logout_url = apache_escape_chars(old_logout_url)
             return old_logout_url
         old_logout_url = property(get_old_logout_url)
         def get_new_logout_url(self):
             if not hasattr(self.host, 'base_url'):
                 return None
             base_url_tokens = self.host.base_url.split('/')
             base_url_tokens[-1] = 'logout'
             return '/'.join(base_url_tokens)
         new_logout_url = property(get_new_logout_url)
         def get_orig_site_url_and_dir(self):
             # Split url
             if self.host.orig_site.startswith('http://'):
                 orig_host, orig_query = urllib.splithost(self.host.orig_site[5:])
             else:
                 orig_host, orig_query = urllib.splithost(self.host.orig_site[6:])
             # Add a trailing slash if necessary
             if self.host.orig_site.endswith('/'):
                 orig_url = self.host.orig_site
                 orig_dir = orig_query
             else:
                 orig_url = self.host.orig_site + '/'
                 orig_dir = orig_query + '/'
             return orig_url, orig_dir
         def get_orig_url(self):
             orig_url, orig_dir = self.get_orig_site_url_and_dir()
             return orig_url
         orig_url = property(get_orig_url)
         def get_orig_dir(self):
             orig_url, orig_dir = self.get_orig_site_url_and_dir()
             return orig_dir
         orig_dir = property(get_orig_dir)
         def get_cfg(self):
             return { 'reversed_directory': self.reversed_directory,
                      'old_auth_url': self.old_auth_url,
                      'new_auth_url': self.new_auth_url,
                      'old_logout_url': self.old_logout_url,
                      'new_logout_url': self.new_logout_url,
                      'orig_url': self.orig_url,
                      'orig_dir': self.orig_dir }
         cfg = property(get_cfg)
         def write(self, conf_file):
             conf_lines = []
             # Start Location
             conf_lines.append('\n\t<Location %(reversed_directory)s>' % self.cfg)
             # No user restriction
             conf_lines.append('Allow from all')
             # Apache output filters
             if self.python_path:
                 conf_lines.append(self.python_path)
             if self.output_filters:
                 conf_lines.append(self.output_filters)
             # Redirect rules
             # Redirect old authentication url to the new one
             if self.old_auth_url is not None and self.host.auth_form_places == 'form_once':
                 conf_lines.append(
                     'RedirectMatch         %(old_auth_url)s    %(new_auth_url)s' % self.cfg)
             # Redirect old logout url to the new one
             if self.old_logout_url is not None:
                 conf_lines.append(
                     'RedirectMatch         %(old_logout_url)s    %(new_logout_url)s' % self.cfg)
             # Redirect the home page to the login page
             if self.host.redirect_root_to_login is True:
                 conf_lines.append('RedirectMatch        ^/$      %(new_auth_url)s' % self.cfg)
             # Convert urls in http headers to/from the new domain
             conf_lines.append('ProxyPass           %(orig_url)s' % self.cfg)
             conf_lines.append('ProxyPassReverse    %(orig_url)s' % self.cfg)
             # Convert urls in html pages to/from the new domain
             conf_lines.append('ProxyHTMLURLMap     %(orig_dir)s     %(reversed_directory)s' % self.cfg)
             conf_lines.append('ProxyHTMLURLMap     %(orig_url)s    %(reversed_directory)s' % self.cfg)
             # Write it all and close the Location
             conf_file.write('\n\t\t'.join(conf_lines))
             conf_file.write('\n\t</Location>\n')

     from quixote import get_response, redirect
     from quixote.directory import Directory
     from qommon.form import *
     from qommon.admin.menu import html_top, command_icon
     from field_prefill import FieldPrefill
     class FieldUI:
         def __init__(self, field_prefill):
             self.field_prefill = field_prefill
         def form_edit(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'name', title = _('Field name'), required = True,
                 size = 50, value = self.field_prefill.name)
             form.add(StringWidget, 'xpath', title = _('Xpath of the attribute'), required = True,
                 size = 50, value = self.field_prefill.xpath, hint=_('Example: /pp:PP/pp:InformalName'))
             form.add(IntWidget, 'number', title = _('Number of the field in the data'), required = True,
                 size = 3, value = self.field_prefill.number,
                 hint=_('Change it if there are multiple fields corresponding to the same Xpath and you want to get another than the first one'))
             form.add(CheckboxWidget, 'raw_xml', title=_('Get raw XML value'),
                 value = self.field_prefill.raw_xml)
             form.add(StringWidget, 'regexp_match', title = _('Python regexp of a string to match'),
                 size = 50, value = self.field_prefill.regexp_match)
             form.add(StringWidget, 'regexp_replacing', title = _('Python regexp of the replacing string'),
                 size = 50, value = self.field_prefill.regexp_replacing)
             form.add(WidgetDict, 'select_options', title = _('Options mapping for a select field'),
                     value = self.field_prefill.select_options, add_element_label = _('Add item'))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_edit(self, form):
             for f in ('name', 'xpath', 'number', 'raw_xml',  'regexp_match', 'regexp_replacing', 'select_options'):
                 widget = form.get_widget(f)
                 setattr(self.field_prefill, f, widget.parse())
             self.field_prefill.store()
     class FieldPage(Directory):
         _q_exports = ['', 'delete']
         def __init__(self, field_id):
             self.field_prefill = FieldPrefill.get(field_id)
             self.field_ui = FieldUI(self.field_prefill)
             get_response().breadcrumb.append((field_id + '/', field_id))
         def _q_index [html] (self):
             form = self.field_ui.form_edit()
             redo = False
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if form.get_widget('select_options') and form.get_widget('select_options').get_widget('add_element').parse():
                 form.clear_errors()
                 redo = True
             if redo is False and form.is_submitted() and not form.has_errors():
                 self.field_ui.submit_edit(form)
                 return redirect('..')
             get_response().breadcrumb.append( ('edit', _('Edit')) )
             html_top('edit', title = _('Edit'))
             '<h2>%s</h2>' % _('Edit')
             form.render()
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this field.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('delete_form', title = _('Delete Field'))
                 '<h2>%s : %s</h2>' % (_('Delete Field'), self.field_prefill.id)
                 form.render()
             else:
                 self.field_prefill.remove_self()
                 return redirect('..')
     class FieldsDirectory(Directory):
         _q_exports = ['', 'new']
         def __init__(self, form_prefill):
             get_response().breadcrumb.append(('fields/', _('Fields')))
             self.form_prefill = form_prefill
         def _q_lookup(self, component):
             return FieldPage(component)
         def _q_index [html] (self):
             html_top('fields', title = _('Fields'))
             """<ul id="nav-fields-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Field')
             '<ul class="biglist">'
             for field_prefill in FieldPrefill.select(lambda x: x.form_id == self.form_prefill.id):
                 if not field_prefill.name:
                     continue
                 # Split too long xpath
                 xpath = field_prefill.xpath
                 xpath_tokens = xpath.split(str('/'))
                 if len(xpath_tokens) > 3:
                     xpath = str('.../') + str('/').join(xpath_tokens[-3:])
                 '<li>'
                 '<strong class="label">%s</strong>' % field_prefill.name
                 '<br />%s' % xpath
                 '<p class="commands">'
                 command_icon('%s/' % field_prefill.id, 'edit')
                 command_icon('%s/delete' % field_prefill.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append(('new', _('New')) )
             field_prefill = FieldPrefill()
             field_prefill.form_id = self.form_prefill.id
             field_prefill.store()
             return redirect('%s/' % field_prefill.id)

     from quixote import get_response, redirect
     from quixote.directory import Directory
     from qommon.form import *
     from qommon.admin.menu import html_top, command_icon
     from form_prefill import FormPrefill
     from fields_prefill import FieldsDirectory
     class FormUI:
         def __init__(self, form_prefill):
             self.form_prefill = form_prefill
         def form_edit(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'name', title = _('Form name'), required = True,
                 size = 50, value = self.form_prefill.name, hint=_('Only used for display'))
             form.add(UrlWidget, 'url', title = _('Form address'), required = True,
                 size = 50, value = self.form_prefill.url)
             form.add(StringWidget, 'profile', title = _('ID-WSF data profile'), required = True,
                 size = 50, value = self.form_prefill.profile, hint=_('Example: urn:liberty:id-sis-pp:2005-05'))
             form.add(StringWidget, 'prefix', title = _('ID-WSF data XML prefix'), required = True,
                 size = 50, value = self.form_prefill.prefix, hint=_('Example: pp'))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_edit(self, form):
             for f in ('name', 'url', 'profile', 'prefix'):
                 widget = form.get_widget(f)
                 setattr(self.form_prefill, f, widget.parse())
             self.form_prefill.store()
     class FormPage(Directory):
         _q_exports = ['', 'edit', 'delete']
         def __init__(self, form_id):
             self.form_prefill = FormPrefill.get(form_id)
             self.form_ui = FormUI(self.form_prefill)
             get_response().breadcrumb.append((form_id + '/', form_id))
         def _q_index [html] (self):
             html_top('forms_prefill', title = 'Form prefilling')
             '<h2>%s</h2>' % _('Form prefilling configuration')
             '<dl>'
             '<dt><a href="edit">%s</a></dt> <dd>%s</dd>' % (
                     _('Edit'), _('Configure this form'))
             '<dt><a href="fields/">%s</a></dt> <dd>%s</dd>' % (
                     _('Fields'), _('Configure the fields of this form'))
             '</dl>'
         def _q_lookup(self, component):
             if component == 'fields':
                 return FieldsDirectory(self.form_prefill)
         def edit [html] (self):
             form = self.form_ui.form_edit()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if form.is_submitted() and not form.has_errors():
                 self.form_ui.submit_edit(form)
                 return redirect('.')
             get_response().breadcrumb.append( ('edit', _('Edit')) )
             html_top('edit', title = _('Edit'))
             '<h2>%s</h2>' % _('Edit')
             form.render()
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this form.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('delete_form', title = _('Delete Form'))
                 '<h2>%s : %s</h2>' % (_('Delete Form'), self.form_prefill.id)
                 form.render()
             else:
                 self.form_prefill.remove_self()
                 return redirect('..')
     class FormsDirectory(Directory):
         _q_exports = ['', 'new']
         def __init__(self, host):
             get_response().breadcrumb.append(('forms_prefill/', _('Forms')))
             self.host = host
         def _q_lookup(self, component):
             return FormPage(component)
         def _q_index [html] (self):
             html_top('forms', title = _('Forms'))
             """<ul id="nav-forms-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Form')
             '<ul class="biglist">'
             for form_prefill in FormPrefill.select(lambda x: x.host_id == self.host.id):
                 if not form_prefill.name:
                     continue
                 '<li>'
                 '<strong class="label">%s</strong>' % form_prefill.name
                 url = form_prefill.url
                 '<br /><a href="%s">%s</a>' % (url, url)
                 '<p class="commands">'
                 command_icon('%s/' % form_prefill.id, 'edit')
                 command_icon('%s/delete' % form_prefill.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append(('new', _('New')) )
             form_prefill = FormPrefill()
             form_prefill.host_id = self.host.id
             form_prefill.store()
             return redirect('%s/edit' % form_prefill.id)

     import os
     import urllib
     import urlparse
     from quixote import redirect, get_request, get_response, get_publisher
     from quixote.directory import Directory
     import lasso
     from qommon.admin.menu import html_top, command_icon
     from qommon import get_cfg
     from qommon.form import *
     from qommon.misc import http_get_page, get_abs_path
     from larpe import site_authentication
     from larpe import errors
     from larpe import misc
     from larpe.hosts import Host
     from larpe.admin.apache import Location
     from larpe.admin.liberty_utils import *
     from larpe.admin.apache import write_apache2_vhosts
     from larpe.admin.forms_prefill import FormsDirectory
     from larpe.Defaults import DATA_DIR
     from larpe.plugins import site_authentication_plugins
     def check_basic_configuration(form):
         get_publisher().reload_cfg()
         # Check reversed_hostname and reversed_directory
         reversed_hostname = form.get_widget('reversed_hostname').parse()
         reversed_directory = form.get_widget('reversed_directory').parse()
         if reversed_hostname == get_publisher().cfg['proxy_hostname'] and not reversed_directory:
             form.set_error('reversed_hostname',
                 _('You must either choose a different hostname from Larpe or specify a reversed directory'))
     def convert_label_to_name(label):
         '''Build host name from host label'''
         name = label.lower()
         invalid_characters = [' ', "'"]
         for char in invalid_characters:
             name = name.replace(char, '_')
         return name
     class DictWidget(Widget):
         def render_content [html] (self):
             self.render_br = False
             if self.value['enabled'] is True:
                 htmltag('input', xml_end=True, type='checkbox', name=self.name + '_enabled', checked='checked')
             else:
                 htmltag('input', xml_end=True, type='checkbox', name=self.name + '_enabled')
             ' ' + self.name + ' &nbsp;'
             htmltag('input', xml_end=True, type='text', name=self.name, value=self.value['value'], size='35', **self.attrs)
         def _parse(self, request):
             enabled = request.form.get(self.name + '_enabled')
             value = request.form.get(self.name)
             self.value = { 'enabled': enabled, 'value': value }
     class ConfigurationAssistant(Directory):
         _q_exports = ['start', 'check_new_address', 'modify_site_address_and_name',
                       'authentication_and_logout_adresses', 'check_auto_detected_configuration',
                       'credentials', 'send_authentication_request', 'check_authentication',
                       'see_authentication_response', 'see_response_html_page',
                       'see_bad_response_html_page', 'authentication_success_criteria',
                       'modify_authentication_request', 'auth_request_post_parameters',
                       'auth_request_http_headers', 'sso_init_link', 'metadatas',
                       'check_full_configuration', 'advanced_options']
         def __init__(self, host):
             self.host = host
         def html_top [html] (self, title):
             html_top('hosts', title)
             '<h2>%s</h2>' % title
         def start [html] (self):
             # Check the global domain name has been previously set
             get_publisher().reload_cfg()
             if not get_cfg('domain_names') or not get_cfg('domain_names')[0]:
                 get_response().breadcrumb.append(('start', _('Basic configuration')))
                 self.html_top(_('Need domain name configuration'))
                 return htmltext(_('''Before configuring hosts, you must
     <a href="../../../settings/domain_names">setup a global domain name</a> in
     %(settings)s menu.''') % { 'settings': _('Settings') })
             form = self.form_start()
             if form.get_widget('cancel').parse():
                 return redirect('../..')
             connection_failure = None
             if form.is_submitted() and not form.has_errors():
                 try:
                     self.submit_start_form(form)
                 except Exception, e:
                     connection_failure = e
                 else:
                     if form.get_widget('terminate').parse():
                         return redirect('..')
                     return redirect('check_new_address')
             get_response().breadcrumb.append(('start', _('Basic configuration')))
             self.html_top(_('Step 1 - Basic configuration'))
             if connection_failure:
                 '<div class="errornotice">%s</div>' % connection_failure
             form.render()
         def form_start(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlWidget, 'orig_site', title = _('Original site root address'), required = True,
                     size = 50, value = self.host.orig_site,
                     hint = _('If your site address is http://test.org/index.php, put http://test.org/ here'))
             get_publisher().reload_cfg()
             if get_cfg('proxy', {}).get('enabled'):
                 form.add(CheckboxWidget, 'use_proxy', title = _('Use a proxy'),
                         hint = _("Uncheck it if Larpe doesn't need to use the proxy to connect to this site"),
                         value = self.host.use_proxy)
             else:
                 form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                     _('''If Larpe needs to use a proxy to connect to this site, you must first configure
      it in <a href="../../../settings/proxy">global proxy parameters</a>.''')))
             form.add_submit('cancel', _('Cancel'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             return form
         def submit_start_form(self, form):
             fields = ['orig_site']
             use_proxy = get_cfg('proxy', {}).get('enabled')
             if use_proxy:
                 fields += ['use_proxy']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             # If no proxy is setup yet, set use_proxy to False for new hosts in case a proxy is later configured
             if not use_proxy:
                 self.host.use_proxy = False
             # Remove what is after the last '/'
             #self.host.orig_site = '/'.join(self.host.orig_site.split('/')[:-1])
             html_page = self.get_data_after_redirects(self.host.orig_site)
             if not self.host.label:
                 # Look for html title in original site index page
                 regexp = re.compile("""<title.*?>(.*?)</title>""", re.DOTALL | re.IGNORECASE)
                 title = regexp.findall(html_page)
                 if title:
                     self.host.label = title[0]
                 else:
                     self.host.label = 'Untitled'
                 # If another site already uses this site title, add trailings "_" until we find an available name
                 existing_label = True
                 while existing_label is True:
                     for any_host in Host.select():
                         if any_host.id != self.host.id and self.host.label == any_host.label:
                             self.host.label += '_'
                             break
                     else:
                         existing_label = False
                 # Fill host.name attribute
                 self.host.name = convert_label_to_name(self.host.label)
             if not self.host.scheme:
                 # Get tokens from orig site url
                 orig_scheme, rest = urllib.splittype(self.host.orig_site)
                 orig_host, rest = urllib.splithost(rest)
                 get_publisher().reload_cfg()
                 # Set url scheme (HTTP or HTTPS)
                 # TODO: Handle the option "Both"
                 if get_cfg('sites_url_scheme'):
                     self.host.scheme = get_cfg('sites_url_scheme')
                 else:
                     self.host.scheme = orig_scheme
             if not self.host.reversed_hostname:
                 # Build a new domain name
                 short_name = orig_host.split('.')[0]
                 if short_name == 'www':
                     short_name = orig_host.split('.')[1]
                 self.host.reversed_hostname = '%s.%s' % (short_name, get_cfg('domain_names')[0])
                 # If another site already uses this domain name, add some trailing "_" until we find an available name
                 existing_domain = True
                 while existing_domain is True:
                     for any_host in Host.select():
                         if any_host.id != self.host.id and self.host.reversed_hostname == any_host.reversed_hostname:
                             self.host.reversed_hostname += '-'
                             break
                     else:
                         existing_domain = False
                 self.host.reversed_directory = None
             if not self.host.new_url:
                 # New url for this host
                 self.host.new_url = '%s://%s%s/' % (self.host.scheme, self.host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                 # FIXME: Check if the new domain name already exists
                 # New url for this host
                 #        self.host.new_url = '%s://%s%s/' % (self.host.scheme, self.host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                 #        if self.host.reversed_directory is not None:
                 #            self.host.new_url += '%s/' % self.host.reversed_directory
             self.host.store()
             write_apache2_vhosts()
         # XXX: Should use the FancyURLopener class instead when it supports proxies
         def get_data_after_redirects(self, start_url):
             if not start_url:
                 return ''
             status = 302
             location = None
             while status // 100 == 3:
                 if location is None:
                     url = start_url
                 elif location.startswith('http'):
                     # Location is an absolute path
                     url = location
                 else:
                     # Location is a relative path
                     url = urlparse.urljoin(start_url, location)
                 response, status, data, auth_headers = http_get_page(url, use_proxy=self.host.use_proxy)
                 location = response.getheader('Location', None)
             return data
         def create_dirs(self):
             # Hack : sites must use the configuration which is stored in main Larpe directory,
             # but they need to have a directory named with their hostname, which will contain the
             # main domain name for Larpe so they know where is the main configuration
             hostname_dir = get_abs_path(os.path.join('..', self.host.reversed_hostname))
             if not os.path.exists(hostname_dir):
                 os.mkdir(hostname_dir)
             # Load the configuration from the main directory
             get_publisher().reload_cfg()
             # Write it in the site directory
             get_publisher().write_cfg(hostname_dir)
             # Storage directories
             if not self.host.reversed_directory:
                 reversed_dir = 'default'
             else:
                 reversed_dir = self.host.reversed_directory
             self.host.site_dir = \
                 os.path.join(get_publisher().app_dir, 'sp', self.host.reversed_hostname, reversed_dir)
             user_dir = os.path.join(self.host.site_dir, 'users')
             token_dir = os.path.join(self.host.site_dir, 'tokens')
             filter_dir = os.path.join(self.host.site_dir, 'filters')
             for dir in (self.host.site_dir, user_dir, token_dir, filter_dir):
                 if not os.path.isdir(dir):
                     os.makedirs(dir)
         def generate_ssl_keys(self):
             # Generate SSL keys
             private_key_path = os.path.join(self.host.site_dir, 'private_key.pem')
             public_key_path = os.path.join(self.host.site_dir, 'public_key.pem')
             if not os.path.isfile(private_key_path) or not os.path.isfile(public_key_path):
                 set_provider_keys(private_key_path, public_key_path)
             self.host.private_key = private_key_path
             self.host.public_key = public_key_path
         def generate_metadatas(self):
             metadata_cfg = {}
             # Organization name
             self.host.organization_name = self.host.label
             metadata_cfg['organization_name'] = self.host.organization_name
             # Base URL
             base_url = '%s://%s%s/liberty/%s/liberty' % (self.host.scheme,
                                                          self.host.reversed_hostname,
                                                          get_request().environ['SCRIPT_NAME'],
                                                          self.host.name)
             metadata_cfg['base_url'] = base_url
             self.host.base_url = base_url
             if lasso.SAML2_SUPPORT:
                 saml2_base_url = '%s://%s%s/liberty/%s/saml' % (self.host.scheme,
                                                              self.host.reversed_hostname,
                                                              get_request().environ['SCRIPT_NAME'],
                                                              self.host.name)
                 metadata_cfg['saml2_base_url'] = saml2_base_url
                 self.host.saml2_base_url = saml2_base_url
             # Provider Id
             provider_id = '%s/metadata' % base_url
             metadata_cfg['provider_id'] = provider_id
             self.host.provider_id = provider_id
             if lasso.SAML2_SUPPORT:
                 saml2_provider_id = '%s/metadata' % saml2_base_url
                 metadata_cfg['saml2_provider_id'] = saml2_provider_id
                 self.host.saml2_provider_id = saml2_provider_id
             # Read public key
             public_key = ''
             if self.host.public_key is not None and os.path.exists(self.host.public_key):
                 metadata_cfg['signing_public_key'] = open(self.host.public_key).read()
             # Write metadatas
             metadata_path = os.path.join(self.host.site_dir, 'metadata.xml')
             open(metadata_path, 'w').write(get_metadata(metadata_cfg))
             self.host.metadata = metadata_path
             if lasso.SAML2_SUPPORT:
                 saml2_metadata_path = os.path.join(self.host.site_dir, 'saml2_metadata.xml')
                 open(saml2_metadata_path, 'w').write(get_saml2_metadata(metadata_cfg))
                 self.host.saml2_metadata = saml2_metadata_path
         def check_new_address [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             if form.get_widget('cancel').parse():
                 return redirect('start')
             if form.is_submitted():
                 self.create_dirs()
                 if self.host.private_key is None:
                     self.generate_ssl_keys()
                 self.generate_metadatas()
                 self.host.store()
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('authentication_and_logout_adresses')
             get_response().breadcrumb.append(('check_new_address', _('Check site address and name')))
             self.html_top(_('Step 2 - Check the new site address works'))
             '<h3>%s</h3>' % _('DNS configuration')
             '<p>%s</p>' % _('''Before opening the following link, ensure you have configured your DNS
     for this address. If you don't have a DNS server and you just want to test Larpe, add this
     domain name in the file "/etc/hosts".''')
             '<p>%s</p>' % _('''Then you can open this link in a new window or tab and see if your site
     is displayed. If it's ok, you can click the "%(next)s" button. Otherwise, click the "%(previous)s"
     button and check your settings.''') % {'next': _('Next'), 'previous': _('Previous')}
             '<h3>%s</h3>' % _('Site adress and name')
             '<p>%s' % _('The new address of this site is ')
             '<a href="%s">%s</a><br/>' % (self.host.new_url, self.host.new_url)
             '%s</p>' % _('The name of this site is "%s".') % self.host.label
             '<p>%s</p>' % htmltext(_('''You can also <a href="modify_site_address_and_name">
     modify the address or the name of this site</a>'''))
             form.render()
         def modify_site_address_and_name [html] (self):
             form = self.form_modify_site_address_and_name()
             if form.get_widget('cancel').parse():
                 return redirect('check_new_address')
             if form.is_submitted() and not form.has_errors():
                 label = form.get_widget('label').parse()
                 name = convert_label_to_name(label)
                 for any_host in Host.select():
                     if any_host.id != self.host.id and name == any_host.name:
                         form.set_error('label', _('An host with the same name already exists'))
                         break
             if form.is_submitted() and not form.has_errors():
                 self.submit_modify_site_address_and_name_form(form)
                 return redirect('check_new_address')
             get_response().breadcrumb.append(('modify_site_address_and_name', _('Modify site address and name')))
             self.html_top(_('Modify site address and name'))
             form.render()
         def form_modify_site_address_and_name(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlWidget, 'new_url', title = _('Address'), required = True,
                     size = 50, value = self.host.new_url)
             form.add(StringWidget, 'label', title = _('Name'), required = True,
                     size = 50, value = self.host.label)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_modify_site_address_and_name_form(self, form):
             fields = ['new_url', 'label']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             # Split url to retrieve components
             tokens = urlparse.urlparse(self.host.new_url)
             self.host.scheme = tokens[0]
             self.host.reversed_hostname = tokens[1]
             self.host.reversed_directory = tokens[2]
             if self.host.reversed_directory.startswith('/'):
                 self.host.reversed_directory = self.host.reversed_directory[1:]
             # Fill host.name attribute
             self.host.name = convert_label_to_name(self.host.label)
             self.host.store()
             write_apache2_vhosts()
         def authentication_and_logout_adresses [html] (self):
             form = self.form_authentication_and_logout_adresses()
             if form.get_widget('cancel').parse():
                 return redirect('check_new_address')
             if form.is_submitted() and not form.has_errors():
                 self.submit_authentication_and_logout_adresses_form(form)
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('check_auto_detected_configuration')
             get_response().breadcrumb.append(('authentication_and_logout_adresses', _('Authentication and logout')))
             self.html_top(_('Step 3 - Configure authentication and logout pages'))
             form.render()
         def form_authentication_and_logout_adresses(self):
             form = Form(enctype='multipart/form-data')
             form.add(ValidUrlWidget, 'auth_url', title = _('Authentication form page address'),
                     hint = _('Address of a page on the site which contains the authentication form'),
                     required = True, size = 50, value = self.host.auth_url)
             form.add(ValidUrlWidget, 'logout_url', title = _('Logout address'), required = False,
                     hint = _('Address of the logout link on the site'),
                     size = 50, value = self.host.logout_url)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             return form
         def submit_authentication_and_logout_adresses_form(self, form):
             fields = ['auth_url', 'logout_url']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             self.host.auth_form_url = self.host.auth_url
             if not self.host.http_headers:
                 self.host.http_headers = {
                     'Content-Type': { 'enabled': True, 'value': 'application/x-www-form-urlencoded', 'immutable': False },
                     'X-Forwarded-For': { 'enabled': True, 'value': _('(computed automatically)'), 'immutable': True },
                     'X-Forwarded-Host': { 'enabled': True, 'value': self.host.reversed_hostname, 'immutable': False },
+                }
             self.auto_detect_configuration()
             self.host.store()
             write_apache2_vhosts()
         def check_auto_detected_configuration [html] (self):
             plugins_name = site_authentication_plugins.get_plugins_name()
             plugins_name.append(None)
             plugins_name.sort()
             form = Form(enctype='multipart/form-data')
             form.add(SingleSelectWidget, 'plugin', title = _('Plugin'), required = False,
                     hint = _('You can force a plugin'),
                     value = self.host.site_authentication_plugin,
                     options = plugins_name)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             if form.get_widget('cancel').parse():
                 return redirect('authentication_and_logout_adresses')
             if form.is_submitted():
                 self.host.site_authentication_plugin = form.get_widget('plugin').parse()
                 self.host.store()
                 if form.get_widget('terminate').parse():
                     write_apache2_vhosts()
                     return redirect('..')
                 return redirect('credentials')
             get_response().breadcrumb.append(('check_auto_detected_configuration', _('Auto detected configuration')))
             self.html_top(_('Step 4 - Check automatically detected configuration for the authentication form'))
             host_attrs = (
                 ('auth_check_url', _('Address where the authentication form must be sent')),
                 ('login_field_name', _('Name of the login field')),
                 ('password_field_name', _('Name of the password field')),
+            )
             html_fields = ''
             success = True
             for attr, name in host_attrs:
                 color = 'black'
                 if attr in ('auth_check_url', 'login_field_name', 'password_field_name') and \
                         not getattr(self.host, str(attr)):
                     color = 'red'
                     success = False
                 html_fields += '<div style="margin-bottom: 0.1em; font-weight: bold; color: %s;">%s</div>' % (color, name)
                 html_fields += '<div style="margin-left: 1em; margin-bottom: 0.3em; color: %s;">%s</div>' % \
                     (color, getattr(self.host, str(attr)))
                 if getattr(self.host, str(attr)) == '':
                     html_fields += '<br />'
             '<p>'
             if success:
                 htmltext(_('''\
     The following authentication form parameters have been detected. If they look right, you can go to the next step.
     If you think they are wrong, go back and check your settings then try again.
     '''))
             else:
                 htmltext(_('''\
     The following authentication form parameters in red haven't been correctly detected. Go back and check
     your settings then try again.
     '''))
             '</p>'
             html_fields
             form.render()
         def credentials [html] (self):
             form = self.form_credentials()
             if form.get_widget('cancel').parse():
                 return redirect('check_auto_detected_configuration')
             if form.is_submitted() and not form.has_errors():
                 self.submit_credentials_form(form)
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('send_authentication_request')
             get_response().breadcrumb.append(('credentials', _('Credentials')))
             self.html_top(_('Step 5 - Fill in a valid username/password for this site'))
             form.render()
         def form_credentials(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'username', title = _('Username'), required = True,
                     size = 30, value = self.host.valid_username)
             form.add(PasswordWidget, 'password', title = _('Password'), required = True,
                     size = 30, value = self.host.valid_password)
             for name, values in self.host.select_fields.iteritems():
                 options = []
                 if values:
                     for value in values:
                         options.append(value)
                     form.add(SingleSelectWidget, name, title = name.capitalize(),
                         value = values[0], options = options)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             return form
         def submit_credentials_form(self, form):
             self.host.valid_username = form.get_widget('username').parse()
             self.host.valid_password = form.get_widget('password').parse()
             self.host.valid_select = {}
             for name, values in self.host.select_fields.iteritems():
                 if form.get_widget(name):
                     self.host.valid_select[name] = form.get_widget(name).parse()
             self.host.store()
         def send_authentication_request(self):
             site_auth = site_authentication.get_site_authentication(self.host)
             # Request with good credentials
             self.host.auth_request_status, self.host.auth_request_data = site_auth.local_auth_check_dispatch(
                 self.host.valid_username, self.host.valid_password, self.host.valid_select)
             self.host.auth_request_success, self.host.auth_request_return_content = \
                 site_auth.check_auth(self.host.auth_request_status, self.host.auth_request_data)
             # Request with bad credentials
             self.host.auth_bad_request_status, self.host.auth_bad_request_data = site_auth.local_auth_check_dispatch(
                 'this_is_a_bad_login', 'this_is_a_bad_password', {})
             self.host.auth_bad_request_success, self.host.auth_bad_request_return_content = \
                 site_auth.check_auth(self.host.auth_bad_request_status, self.host.auth_bad_request_data)
             self.host.store()
             return redirect('check_authentication')
         def check_authentication [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             if form.get_widget('cancel').parse():
                 return redirect('credentials')
             if form.is_submitted():
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('sso_init_link')
             get_response().breadcrumb.append(('check_authentication', _('Check authentication')))
             self.html_top(_('Step 6 - Check the authentication process'))
             if self.host.auth_request_success:
                 good_cred_status = 'Success <span style="color: green">[OK]</span>'
             else:
                 good_cred_status = 'Failed <span style="color: red">[KO]</span'
             if not self.host.auth_bad_request_success:
                 bad_cred_status = 'Failed <span style="color: green">[OK]</span>'
             else:
                 bad_cred_status = 'Success <span style="color: red">[KO]</span>'
             '<p>Results of authentication requests :</p>\n'
             '<ul>\n'
             '\t<li>With good credentials : %s</li>' % good_cred_status
             '\t<li>With bad credentials : %s</li>' % bad_cred_status
             '</ul>\n'
             if self.host.auth_request_success and not self.host.auth_bad_request_success :
                 '<p>%s</p>\n' % _('Authentication succeeded ! You can go to the next step.')
             else:
                 '<p>%s</p>\n' % _('Authentication has failed. To resolve this problem, you can :')
                 '<ul>\n'
                 '\t<li><a href="send_authentication_request">%s</a></li>\n' % \
                     _('Try authentication again')
                 '\t<li><a href="see_authentication_response">%s</a></li>\n' % \
                     _('See the response of the authentication requests')
                 '\t<li><a href="modify_authentication_request">%s</a></li>\n' % \
                     _('Modify the parameters of the authentication requests')
                 '\t<li><a href="authentication_success_criteria">%s</a></li>\n' % \
                     _('Change the way Larpe detects the authentication is successful or not')
                 '\t<li>%s</li>\n' % _('Go back and change your username and/or password')
                 '</ul>\n'
             form.render()
         def see_authentication_response [html] (self):
             get_response().breadcrumb.append(('see_authentication_response', _('Authentication response')))
             self.html_top(_('Authentication response'))
             '<h3>%s</h3>' % _('Response of the request with good credentials')
             '<div style="margin-bottom: 0.1em; font-weight: bold; color: black;">%s</div>' % \
                 str(_('HTTP status code'))
             '<div style="margin-left: 1em; margin-bottom: 0.3em; color: black;">%s (%s)</div>' % \
                 (self.host.auth_request_status, status_reasons[self.host.auth_request_status])
             '<dl>'
             '<dt><a href="see_bad_response_html_page">%s</a></dt>' % _('See HTML page')
             '</dl>'
             '<h3>%s</h3>' % _('Response of the request with bad credentials')
             '<div style="margin-bottom: 0.1em; font-weight: bold; color: black;">%s</div>' % \
                 str(_('HTTP status code'))
             '<div style="margin-left: 1em; margin-bottom: 0.3em; color: black;">%s (%s)</div>' % \
                 (self.host.auth_bad_request_status, status_reasons[self.host.auth_bad_request_status])
             '<dl>'
             '<dt><a href="see_response_html_page">%s</a></dt>' % _('See HTML page')
             '</dl>'
             '<div class="buttons"><a href="check_authentication"><input type="button" value="%s" /></a></div><br />' % _('Back')
         def see_response_html_page (self):
             return self.host.auth_request_data
         def see_bad_response_html_page (self):
             return self.host.auth_bad_request_data
         def authentication_success_criteria [html] (self):
             form = self.form_authentication_success_criteria()
             if form.get_widget('cancel').parse():
                 return redirect('check_authentication')
             if form.is_submitted() and not form.has_errors():
                 self.submit_authentication_success_criteria_form(form)
                 return redirect('check_authentication')
             get_response().breadcrumb.append(('authentication_success_criteria', _('Authentication success criteria')))
             self.html_top(_('Authentication success criteria'))
             form.render()
         def form_authentication_success_criteria(self):
             form = Form(enctype='multipart/form-data')
             form.add(RadiobuttonsWidget, 'auth_system', title = _('Authentication system of the original site'),
                     options=[
                         ('password', _('Check the existence of a password field'), 'password'),
                         ('match_text', _('Match some text to detect an authentication failure'), 'match_text'),
                     ],
                     sort=False,
                     delim=htmltext('<br />'),
                     value = self.host.auth_system)
             form.add(RegexStringWidget, 'auth_match_text', title = _('Text to match in case of authentication failure'),
                     required = False, size = 50, value = self.host.auth_match_text)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_authentication_success_criteria_form(self, form):
             for f in ('auth_system', 'auth_match_text'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             self.host.store()
         def modify_authentication_request [html] (self):
             get_response().breadcrumb.append(('modify_authentication_request', _('Authentication request')))
             self.html_top(_('Modify the parameters of the authentication requests'))
             '<dl>'
             '<dt><a href="auth_request_post_parameters">%s</a></dt> <dd>%s</dd>' % (
                     _('Modify POST parameters'), _('Configure the form attributes that will be sent within the authentication POST requests'))
             '<dt><a href="auth_request_http_headers">%s</a></dt> <dd>%s</dd>' % (
                     _('Modify HTTP headers'), _('Configure the HTTP headers of the authentication requests made by Larpe'))
             '</dl>'
             '<div class="buttons"><a href="check_authentication"><input type="button" value="%s" /></a></div><br />' % _('Back')
         def auth_request_post_parameters [html] (self):
             form = self.form_auth_request_post_parameters()
             if form.get_widget('cancel').parse():
                 return redirect('modify_authentication_request')
             if form.is_submitted() and not form.has_errors():
                 self.submit_auth_request_post_parameters_form(form)
                 return redirect('modify_authentication_request')
             get_response().breadcrumb.append(('auth_request_post_parameters', _('POST parameters')))
             self.html_top(_('Configure POST parameters'))
             '<p>%s</p>' % _('''Here are the detected form fields that will be sent as parameters of the
     authentication POST request. You can desactivate some or all of them, or change their value.''')
             form.render()
         def form_auth_request_post_parameters(self):
             form = Form(enctype='multipart/form-data')
             for name, value in self.host.post_parameters.iteritems():
                 if value['immutable']:
                     form.add(DictWidget, name, value, disabled = 'disabled')
                 else:
                     form.add(DictWidget, name, value)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_auth_request_post_parameters_form(self, form):
             for name, old_value in self.host.post_parameters.iteritems():
                 value = form.get_widget(name).parse()
                 if value['enabled'] == 'on':
                     old_value['enabled'] = True
                 else:
                     old_value['enabled'] = False
                 if old_value['immutable'] is False:
                     old_value['value'] = value['value']
                 self.host.post_parameters[name] = old_value
             self.host.store()
         def auth_request_http_headers [html] (self):
             form = self.form_auth_request_http_headers()
             if form.get_widget('cancel').parse():
                 return redirect('modify_authentication_request')
             if form.is_submitted() and not form.has_errors():
                 self.submit_auth_request_http_headers_form(form)
                 return redirect('modify_authentication_request')
             get_response().breadcrumb.append(('auth_request_http_headers', _('HTTP headers')))
             self.html_top(_('Configure HTTP headers'))
             '<p>%s</p>' % _('''Here are the HTTP headers that will be sent within the authentication
     POST request. You can desactivate some or all of them, or change their value.''')
             form.render()
         def form_auth_request_http_headers(self):
             form = Form(enctype='multipart/form-data')
             for name, value in self.host.http_headers.iteritems():
                 if value['immutable']:
                     form.add(DictWidget, name, value, disabled = 'disabled')
                 else:
                     form.add(DictWidget, name, value)
             form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                 _('The headers "Host", "Accept-Encoding" and "Content-Length" will also automatically be sent.')))
             if get_cfg('proxy', {}).get('enabled') and self.host.use_proxy:
                 form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                     _('''As Larpe uses a proxy for this site, the headers "Proxy-Authorization",
     "Proxy-Connection" and "Keep-Alive" will be sent as well.''')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_auth_request_http_headers_form(self, form):
             for name, old_value in self.host.http_headers.iteritems():
                 value = form.get_widget(name).parse()
                 if value['enabled'] == 'on':
                     old_value['enabled'] = True
                 else:
                     old_value['enabled'] = False
                 if old_value['immutable'] is False:
                     old_value['value'] = value['value']
                 self.host.http_headers[name] = old_value
             self.host.store()
         def generate_apache_filters(self):
             self.host.apache_python_paths = []
             self.host.apache_output_python_filters = []
             site_auth = site_authentication.get_site_authentication(self.host)
             output_filters = site_auth.output_filters
             replace_login_form = self.host.auth_form_places == 'form_everywhere' and \
                     self.host.auth_form_action
             if replace_login_form and not 'output_replace_form' in output_filters:
                 output_filters.append('output_replace_form')
             if output_filters:
                 location = Location(self.host)
                 conf = { 'auth_form_action': self.host.auth_form_action,
                         'name': self.host.name,
                         'larpe_dir': get_publisher().app_dir,
                         'logout_url': location.new_logout_url,
                         'login_url': location.new_auth_url }
                 # Set Python filter path for Apache configuration
                 python_path = os.path.join(self.host.site_dir, 'filters')
                 if python_path not in self.host.apache_python_paths:
                     self.host.apache_python_paths.append(python_path)
                 for filter in output_filters:
                     python_file = open(
                             os.path.join(self.host.site_dir, 'filters', filter + ".py"),
                             'w')
                     python_file.write(
                             open(os.path.join(DATA_DIR, "filters", filter + ".py")).read() % conf
+                            )
                     if not filter in self.host.apache_output_python_filters:
                         self.host.apache_output_python_filters.append(filter)
         def sso_init_link [html] (self):
             form = self.form_sso_init_link()
             if form.get_widget('cancel').parse():
                 return redirect('check_authentication')
             if form.is_submitted() and not form.has_errors():
                 self.submit_sso_init_link_form(form)
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('metadatas')
             get_response().breadcrumb.append(('sso_init_link', _('SSO initiation')))
             self.html_top(_('Step 7 - Configure how a Single Sign On can be initiated'))
             '<p>%s\n' % _('Most sites use one of the following 2 ways to allow users to initialise an authentication :')
             '\t<ol>\n'
             '\t\t<li>%s</li>\n' % \
                 _('''The site has a single authentication page. It redirects users to this page when
     they click a "Login" button or try to access a page which require users to be authenticated.''')
             '\t\t<li>%s</li>\n' % \
                 _('''The site includes an authentication form in most or all of his pages. Users can
     authenticate on any of these pages, and don't need to be redirected to a separate authentication page.''')
             '\t</ol>\n'
             '</p>\n'
             '<p>%s</p>' % _('Select the way your site works :')
             form.render()
         def form_sso_init_link(self):
             form = Form(enctype='multipart/form-data')
             form.add(RadiobuttonsWidget, 'auth_form_places',
                     options=[
                         ('form_once', _('The site has a single authentication page'), 'form_once'),
                         ('form_everywhere', _('The site includes an authentication form in most or all pages'), 'form_everywhere'),
                     ],
                     sort=False, required = True, delim=htmltext('<br />'), value = self.host.auth_form_places)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             return form
         def submit_sso_init_link_form(self, form):
             fields = [ 'auth_form_places', ]
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             self.host.auth_form_url = self.host.auth_url
             self.generate_apache_filters()
             self.host.store()
             write_apache2_vhosts()
         def metadatas [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             if form.get_widget('cancel').parse():
                 return redirect('sso_init_link')
             if form.is_submitted():
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('advanced_options')
             get_response().breadcrumb.append(('metadatas', _('Metadatas')))
             self.html_top(_('Step 8 - Metadatas of %(site_name)s' % {'site_name': self.host.name}))
             '<p>%s</p>' % \
                 _('''Download the metadatas and the public key for this site and
     upload them on your identity provider in order to use Liberty Alliance features.''')
             '<dl>'
             if hasattr(self.host, str('base_url')):
                 if lasso.SAML2_SUPPORT:
                     saml2_metadata_url = '%s/metadata.xml' % self.host.saml2_base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                                 saml2_metadata_url,
                                 _('SAML 2.0 Metadata'),
                                 _('Download SAML 2.0 metadata file'))
                 metadata_url = '%s/metadata.xml' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('ID-FF 1.2 Metadata'),
                             _('Download ID-FF 1.2 metadata file'))
             else:
                 '<p>%s</p>' % _('No metadata has been generated for this host.')
             if hasattr(self.host, str('base_url')) and self.host.public_key and os.path.exists(self.host.public_key):
                 public_key_url = '%s/public_key' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             public_key_url,
                             _('Public key'),
                             _('Download SSL Public Key file'))
             else:
                 '<p>%s</p>' % _('No public key has been generated for this host.')
             '</dl>'
             form.render()
         def advanced_options [html] (self):
             form = self.form_advanced_options()
             if form.get_widget('cancel').parse():
                 return redirect('metadatas')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('advanced_options', _('Advanced options')))
                 self.html_top(_('Step 9 - Advanced options'))
                 '<p>%s</p>' % _('Configure advanced options to setup the last details of your site.')
                 '<p>%s</p>' % _('''If you don't know what to configure here, just click %(next)s and
     come here later if needed.''') % {'next': _('Next')}
                 form.render()
             else:
                 self.submit_advanced_options_form(form)
                 if form.get_widget('terminate').parse():
                     return redirect('..')
                 return redirect('check_full_configuration')
         def form_advanced_options(self):
             form = Form(enctype='multipart/form-data')
             form.add(CheckboxWidget, 'redirect_root_to_login',
                     title=_('Redirect the root URL of the site to the login page.'),
                     value = self.host.redirect_root_to_login)
             form.add(UrlOrAbsPathWidget, 'return_url', title = _('Return address'),
                     hint = _('Where the user will be redirected after a successful authentication'),
                     required = False, size = 50, value = self.host.return_url)
             form.add(UrlOrAbsPathWidget, 'root_url', title = _('Error address'),
                     hint = _('Where the user will be redirected after a disconnection or an error'),
                     required = False, size = 50, value = self.host.root_url)
             form.add(UrlOrAbsPathWidget, 'initiate_sso_url', title = _('URL which must initiate the SSO'),
                     hint = _('''Address which must initiate the SSO. If empty, defaults to the previously
     specified "%s"''') % _('Authentication form page address'),
                     required = False, size = 50, value = self.host.initiate_sso_url)
             form.add(CheckboxWidget, 'proxy-html', title = _('Apache HTML proxy'),
                     hint = _('''Converts urls in the HTML pages according to the host new domain name.
     Disabled by default because it makes some sites not work correctly.'''),
                     value = 'proxy-html' in self.host.apache_output_filters)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             form.add_submit('terminate', _('Terminate'))
             return form
         def submit_advanced_options_form(self, form):
             old_redirect_root_to_login = self.host.redirect_root_to_login
             for f in ('redirect_root_to_login', 'return_url', 'root_url', 'initiate_sso_url'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             f = 'proxy-html'
             value = form.get_widget(f).parse()
             if value is True and f not in self.host.apache_output_filters:
                 self.host.apache_output_filters.append(f)
             if value is False and f in self.host.apache_output_filters:
                 self.host.apache_output_filters.remove(f)
             self.host.store()
             if self.host.initiate_sso_url or self.host.redirect_root_to_login is not old_redirect_root_to_login:
                 write_apache2_vhosts()
         def check_full_configuration [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Finish'))
             if form.get_widget('cancel').parse():
                 return redirect('advanced_options')
             if form.is_submitted():
                 return redirect('../..')
             get_response().breadcrumb.append(('check_full_configuration', _('Check everything works')))
             self.html_top(_('Step 10 - Check everything works'))
             '<p>%s</p>' % \
                 _('''Now you can fully test your site, start from the home page, initiate a
     Single Sign On, federate your identities and do a Single Logout.''')
             '<p>%s' % _('The address of your site is : ')
             '<a href="%s">%s</a>' % (self.host.new_url, self.host.new_url)
             '</p>'
             '<p>%s</p>' % \
                 _('''If everything works, click the "%(finish)s" button, otherwise you can go
     back and check your settings.''') % { 'finish': _('Finish') }
             form.render()
         def auto_detect_configuration(self):
             # Reset previous detected values
             self.host.auth_form = None
             self.host.auth_check_url = None
             self.host.login_field_name = None
             self.host.password_field_name = None
             if not self.host.post_parameters:
                 self.host.post_parameters = {}
             self.parse_page(self.host.auth_form_url)
         def parse_page(self, page_url):
             # Get the authentication page
             try:
                 response, status, page, auth_header = http_get_page(page_url, use_proxy=self.host.use_proxy)
             except Exception, msg:
                 print msg
                 return
             if page is None:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to get page'), self.host.auth_form_url))
             # Default authentication mode
             self.host.auth_mode = 'form'
             if not self.host.site_authentication_plugin:
                 self.host.site_authentication_plugin = site_authentication_plugins.auto_detect(page)
             self.parse_frames(page)
             self.parse_forms(page)
             if self.host.auth_form is not None:
                 self.parse_form_action()
                 input_fields = self.parse_input_fields()
                 self.parse_login_field(input_fields)
                 self.parse_password_field()
                 self.parse_select_fields()
                 self.parse_other_fields()
         def parse_frames(self, page):
             '''If there are frames, parse them recursively'''
             regexp = re.compile("""<frame.*?src=["'](.*?)["'][^>]*?>""", re.DOTALL | re.IGNORECASE)
             found_frames = regexp.findall(page)
             if found_frames:
                 for frame_url in found_frames:
                     if frame_url.startswith('http'):
                         frame_full_url = frame_url
                     else:
                         page_url_tokens = frame_url.split('/')
                         page_url_tokens[-1] = frame_url
                         frame_full_url = '/'.join(page_url_tokens)
                     self.parse_page(frame_full_url)
         def parse_forms(self, page):
             '''Search for an authentication form'''
             # Get all forms
             regexp = re.compile("""<form.*?</form>""", re.DOTALL | re.IGNORECASE)
             found_forms = regexp.findall(page)
             if not found_forms:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to find any form'), self.host.auth_form_url))
             # Get the first form with a password field
             for found_form in found_forms:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 if regexp.search(found_form) is not None:
                     self.host.auth_form = found_form
                     break
         def parse_form_action(self):
             '''Get the action url of the form'''
             regexp = re.compile("""<form.*?action=["']?(.*?)["']?[\s>].*?>""", re.DOTALL | re.IGNORECASE)
             self.host.auth_form_action = regexp.findall(self.host.auth_form)[0]
             # FIXME: Find a Python module which unescapes html entities
             self.host.auth_check_url = self.host.auth_form_action.replace('&amp;', '&')
             if not self.host.auth_check_url.startswith('http'):
                 if self.host.auth_check_url.startswith('/'):
                     if self.host.orig_site.startswith('https'):
                         orig_site_root = 'https://%s' % urllib.splithost(self.host.orig_site[6:])[0]
                     else:
                         orig_site_root = 'http://%s' % urllib.splithost(self.host.orig_site[5:])[0]
                     self.host.auth_check_url = orig_site_root + self.host.auth_check_url
                 else:
                     auth_form_url_tokens = self.host.auth_form_url.split('/')
                     auth_form_url_tokens[-1] = self.host.auth_check_url
                     self.host.auth_check_url = '/'.join(auth_form_url_tokens)
         def parse_input_fields(self):
             '''Get all input fields'''
             regexp = re.compile("""<input[^>]*?>""", re.DOTALL | re.IGNORECASE)
             return regexp.findall(self.host.auth_form)
         def parse_login_field(self, input_fields):
             '''Get login field name'''
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?text["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 text_fields = regexp.findall(self.host.auth_form)
                 login_field = ''
                 if text_fields:
                     login_field = text_fields[0]
                 else:
                     for field in input_fields:
                         if re.search("""type=["']?""", field, re.DOTALL | re.IGNORECASE) is None:
                             login_field = field
                             break
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.login_field_name = regexp.findall(login_field)[0]
                 if not self.host.post_parameters.has_key(self.host.login_field_name):
                     self.host.post_parameters[self.host.login_field_name] = \
                         { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
                     self.host.store()
             except IndexError, e:
                 self.host.login_field_name = None
                 print 'Error handling login field : %s' % e
         def parse_password_field(self):
             '''Get password field name'''
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 password_field = regexp.findall(self.host.auth_form)[0]
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.password_field_name = regexp.findall(password_field)[0]
                 if not self.host.post_parameters.has_key(self.host.password_field_name):
                     self.host.post_parameters[self.host.password_field_name] = \
                         { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
             except IndexError, e:
                 self.host.password_field_name = None
                 print 'Error handling password field : %s' % e
         def parse_select_fields(self):
             '''Add select fields to host attributes'''
             # First added for Imuse (Rennes)
             regexp = re.compile("""<select.*?</select>""", re.DOTALL | re.IGNORECASE)
             self.host.select_fields = {}
             for field in regexp.findall(self.host.auth_form):
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""<option[^>]*?>.*?</option>""", re.DOTALL | re.IGNORECASE)
                     options = regexp.findall(field)
                     values = []
                     for option in options:
                         regexp = re.compile("""<option[^>]*?>(.*?)</option>""", re.DOTALL | re.IGNORECASE)
                         option_label = regexp.findall(option)
                         regexp = re.compile("""value=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                         option_value = regexp.findall(option)
                         if option_label:
                             if not option_value:
                                 option_value = option_label
                             values.append((option_value[0], option_label[0]))
                         else:
                             print >> sys.stderr, 'W: Could not parse select options'
                     self.host.select_fields[name] = values
                     if not self.host.post_parameters.has_key(name):
                         self.host.post_parameters[name] = \
                             { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
                 except IndexError, e:
                     continue
         def parse_other_fields(self):
             '''Get the default value of all other fields'''
             self.host.other_fields = {}
             # Get hidden fields
             regexp = re.compile("""<input[^>]*?type=["']?hidden["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             other_fields = regexp.findall(self.host.auth_form)
             # Only get first submit field
             regexp = re.compile("""<input[^>]*?type=["']?submit["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             found = regexp.findall(self.host.auth_form)
             if found:
                 if other_fields:
                     other_fields.append(found[0])
                 else:
                     other_fields = found[0]
             for field in other_fields:
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""value=["'](.*?)["'][\s/>]""", re.DOTALL | re.IGNORECASE)
                     value = regexp.findall(field)[0]
                     self.host.other_fields[name] = value
                     if not self.host.post_parameters.has_key(name):
                         self.host.post_parameters[name] = { 'enabled': True, 'value': value, 'immutable': False }
                 except IndexError, e:
                     continue
     class HostPage(Directory):
         _q_exports = ['', 'delete']
         def __init__(self, host_id):
             self.host = Host.get(host_id)
             get_response().breadcrumb.append((host_id + '/', self.host.label))
         def _q_lookup(self, component):
             if component == 'configuration_assistant':
                 return ConfigurationAssistant(self.host)
             elif component == 'forms_prefill':
                 return FormsDirectory(self.host)
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             html_top('hosts', title = self.host.label)
             '<h2>%s</h2>' % _('Configuration assistant')
             '<dl>'
             '<dt><a href="configuration_assistant/start">%s</a></dt> <dd>%s</dd>' % (
                     _('Address of the original site'), _('Configure the root address of the site'))
             '<dt><a href="configuration_assistant/check_new_address">%s</a></dt> <dd>%s</dd>' % (
                     _('New address and name'), _('Configure the new address and name of this site'))
             '<dt><a href="configuration_assistant/authentication_and_logout_adresses">%s</a></dt> <dd>%s</dd>' % (
                     _('Authentication and logout addresses'), _('Configure the authentication and logout addresses of the original site'))
             '<dt><a href="configuration_assistant/check_auto_detected_configuration">%s</a></dt> <dd>%s</dd>' % (
                     _('Check auto detected configuration'), _('Check the automatically detected configuration is right'))
             '<dt><a href="configuration_assistant/credentials">%s</a></dt> <dd>%s</dd>' % (
                     _('Credentials'), _('Configure some valid credentials to authenticate on the original site'))
             '<dt><a href="configuration_assistant/send_authentication_request">%s</a></dt> <dd>%s</dd>' % (
                     _('Retry authentication'), _('Retry sending an authentication request to the site to check if your new parameters work well'))
             '<dt><a href="configuration_assistant/see_authentication_response">%s</a></dt> <dd>%s</dd>' % (
                     _('Check authentication response'), _('Check the response from the latest authentication request'))
             '<dt><a href="configuration_assistant/authentication_success_criteria">%s</a></dt> <dd>%s</dd>' % (
                     _('Configure authentication success criteria'), _('Specify how Larpe knows if the authentication has succeeded or not'))
             '<dt><a href="configuration_assistant/modify_authentication_request">%s</a></dt> <dd>%s</dd>' % (
                     _('Modify authentication request'), _('Modify POST fields or HTTP headers of the authentication request'))
             '<dt><a href="configuration_assistant/sso_init_link">%s</a></dt> <dd>%s</dd>' % (
                     _('Configure how a Single Sign On can be initiated'), _('Configure how a Single Sign On can be initiated'))
             '<dt><a href="configuration_assistant/metadatas">%s</a></dt> <dd>%s</dd>' % (
                     _('Metadatas and key'), _('Download SAML 2.0 or ID-FF metadatas and SSL public key'))
             '<dt><a href="configuration_assistant/advanced_options">%s</a></dt> <dd>%s</dd>' % (
                     _('Adavanced options'), _('Configure advanced options to setup the last details of your site'))
             '</dl>'
             '<h2>%s</h2>' % _('Form prefilling with ID-WSF')
             '<dl>'
             '<dt><a href="forms_prefill/">%s</a></dt> <dd>%s</dd>' % (
                     _('Forms'), _('Configure the forms to prefill'))
             '</dl>'
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this host.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('hosts', title = _('Delete Host'))
                 '<h2>%s : %s</h2>' % (_('Delete Host'), self.host.label)
                 form.render()
             else:
                 self.host.remove_self()
                 write_apache2_vhosts()
                 return redirect('..')
     class HostsDirectory(Directory):
         _q_exports = ['', 'new']
         def _q_index [html] (self):
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             html_top('hosts', title = _('Hosts'))
             """<ul id="nav-hosts-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Host')
             '<ul class="biglist">'
             for host in Host.select(lambda x: x.name != 'larpe', order_by = 'label'):
                 if not host.name:
                     continue
                 if not hasattr(host, str('scheme')):
                     host.scheme = str('http')
                 '<li>'
                 '<strong class="label">%s</strong>' % host.label
                 if hasattr(host, str('new_url')) and host.new_url:
                     url = host.new_url
                 else:
                     # Compat with older Larpe versions
                     url = '%s://%s%s/' % (host.scheme, host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                     if host.reversed_directory is not None:
                         url += '%s/' % host.reversed_directory
                 '<br /><a href="%s">%s</a>' % (url, url)
                 '<p class="commands">'
                 command_icon('%s/' % host.id, 'edit')
                 command_icon('%s/delete' % host.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             if not os.path.isdir(os.path.join(get_publisher().app_dir, str('idp'))):
                 html_top('hosts', title = _('New Host'))
                 html = '<h2>%s</h2>' % _('New Host')
                 html += 'You must <a href="%s/admin/settings/liberty_idp/">' % misc.get_root_url()
                 html += 'configure an Identity Provider</a> first<br /><br />'
                 html += '<a href="."><input type="button" value="%s" /></a>' % _('Back')
                 return html
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             get_response().breadcrumb.append(('new', _('New')) )
             host = Host()
             host.store()
             return redirect('%s/configuration_assistant/start' % host.id)
         def _q_lookup(self, component):
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             return HostPage(component)

     import os
     def set_provider_keys(private_key_path, public_key_path):
         # use system calls for openssl since PyOpenSSL doesn't expose the
         # necessary functions.
         if os.system('openssl version > /dev/null 2>&1') == 0:
             os.system('openssl genrsa -out %s 2048' % private_key_path)
             os.system('openssl rsa -in %s -pubout -out %s' % (private_key_path, public_key_path))
     def get_metadata(cfg):
         prologue = """\
     <?xml version="1.0"?>
     <EntityDescriptor
         providerID="%(provider_id)s"
         xmlns="urn:liberty:metadata:2003-08">""" % cfg
         sp_head = """
       <SPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">"""
         signing_public_key = ''
         if cfg.has_key('signing_public_key') and cfg['signing_public_key']:
             if 'CERTIF' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:X509Data><ds:X509Certificate>%s</ds:X509Certificate></ds:X509Data>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
             elif 'KEY' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:KeyValue>%s</ds:KeyValue>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
         sp_body = """
         <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">%(base_url)s/assertionConsumer</AssertionConsumerServiceURL>
         <SoapEndpoint>%(base_url)s/soapEndpoint</SoapEndpoint>
         <SingleLogoutServiceURL>%(base_url)s/singleLogout</SingleLogoutServiceURL>
         <SingleLogoutServiceReturnURL>%(base_url)s/singleLogoutReturn</SingleLogoutServiceReturnURL>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>
         <FederationTerminationServiceURL>%(base_url)s/federationTermination</FederationTerminationServiceURL>
         <FederationTerminationServiceReturnURL>%(base_url)s/federationTerminationReturn</FederationTerminationServiceReturnURL>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
         <AuthnRequestsSigned>true</AuthnRequestsSigned>
       </SPDescriptor>""" % cfg
         orga = ''
         if cfg.get('organization_name'):
             orga = """
       <Organization>
         <OrganizationName>%s</OrganizationName>
       </Organization>""" % unicode(cfg['organization_name'], 'iso-8859-1').encode('utf-8')
         epilogue = """
     </EntityDescriptor>"""
         return '\n'.join([prologue, sp_head, signing_public_key, sp_body, orga, epilogue])
     def get_saml2_metadata(cfg):
         prologue = """\
     <?xml version="1.0"?>
     <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
         entityID="%(saml2_provider_id)s">""" % cfg
         sp_head = """
       <SPSSODescriptor
           AuthnRequestsSigned="true"
           protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">"""
         signing_public_key = ''
         if cfg.has_key('signing_public_key') and cfg['signing_public_key']:
             if 'CERTIF' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:X509Data><ds:X509Certificate>%s</ds:X509Certificate></ds:X509Data>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
             elif 'KEY' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:KeyValue>%s</ds:KeyValue>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
         sp_body = """
         <AssertionConsumerService isDefault="true" index="0"
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
           Location="%(saml2_base_url)s/singleSignOnArtifact" />
         <SingleLogoutService
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
           Location="%(saml2_base_url)s/singleLogoutSOAP" />
         <SingleLogoutService
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
           Location="%(saml2_base_url)s/singleLogout"
           ResponseLocation="%(saml2_base_url)s/singleLogoutReturn" />
       </SPSSODescriptor>""" % cfg
         orga = ''
         if cfg.get('organization_name'):
             orga = """
       <Organization>
         <OrganizationName>%s</OrganizationName>
       </Organization>""" % unicode(cfg['organization_name'], 'iso-8859-1').encode('utf-8')
         epilogue = """
     </EntityDescriptor>"""
         return '\n'.join([prologue, sp_head, signing_public_key, sp_body, orga, epilogue])

     import os
     import lasso
     from quixote import get_session, get_session_manager, get_publisher, get_request, get_response
     from quixote.directory import Directory, AccessControlled
     from qommon.admin.menu import html_top
     from qommon.admin import logger
     from larpe import errors
     from larpe import misc
     import hosts
     import users
     import settings
     def gpl [html] ():
         """<p>This program is free software; you can redistribute it and/or modify it
         under the terms of the GNU General Public License as published by the Free
         Software Foundation; either version 2 of the License, or (at your option)
         any later version.</p>
         <p>This program is distributed in the hope that it will be useful, but
         WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
         or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
         for more details.</p>
         <p>You should have received a copy of the GNU General Public License along with
         this program; if not, write to the Free Software Foundation, Inc., 59 Temple
         Place - Suite 330, Boston, MA  02111-1307, USA.</p>
         """
     class RootDirectory(AccessControlled, Directory):
         _q_exports = ['', 'hosts', 'users', 'settings', 'logger']
         hosts = hosts.HostsDirectory()
         users = users.UsersDirectory()
         settings = settings.SettingsDirectory()
         logger = logger.LoggerDirectory()
         menu_items = [
             ('hosts/', N_('Hosts')),
             ('users/', N_('Users')),
             ('settings/', N_('Settings')),
             ('logger/', N_('Logs')),
             ('/', N_('Liberty Alliance Reverse Proxy'))]
         def _q_access(self):
             # FIXME : this block should be moved somewhere else
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('proxy_hostname'):
                 get_publisher().cfg['proxy_hostname'] = get_request().get_server().split(':')[0]
             get_publisher().write_cfg()
             response = get_response()
             if not hasattr(response, 'breadcrumb'):
                 response.breadcrumb = [ ('../admin/', _('Administration')) ]
             # Cheater
             if os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')):
                 return
             # No admin user created yet, free access
             user_list = users.User.select(lambda x: x.is_admin)
             if not user_list:
                 return
             host_list = hosts.Host.select(lambda x: x.name == 'larpe')
             if host_list:
                 host = host_list[0]
             else:
                 raise errors.AccessForbiddenError()
             if misc.get_current_protocol() == lasso.PROTOCOL_SAML_2_0:
                 user = get_session().get_user(host.saml2_provider_id)
             else:
                 user = get_session().get_user(host.provider_id)
             if user:
                 if not user.name or not user.is_admin:
                     raise errors.AccessForbiddenError()
             else:
                 raise errors.AccessUnauthorizedError()
         def _q_index [html] (self):
             html_top('')
             gpl()

     import cStringIO
     import cPickle
     import re
     import os
     import lasso
     import glob
     import zipfile
     from quixote import get_publisher, get_request, get_response, redirect
     from quixote.directory import Directory, AccessControlled
     from qommon.form import *
     from qommon.misc import get_abs_path
     from qommon.admin.cfg import cfg_submit
     from qommon.admin.menu import html_top, error_page
     from qommon.admin.emails import EmailsDirectory as QommonEmailsDirectory
     from qommon.admin.settings import SettingsDirectory as QommonSettingsDirectory
     from larpe import misc
     from larpe.hosts import Host
     from larpe.admin.liberty_utils import *
     class LibertyIDPDir(Directory):
         _q_exports = ['', ('metadata.xml', 'metadata')]
         def _q_index [html] (self):
             form = Form(enctype="multipart/form-data")
             form.add(FileWidget, "metadata", title = _("Metadata"), required=True)
             form.add(FileWidget, "publickey", title = _("Public Key"), required=False)
             form.add(FileWidget, "cacertchain", title = _("CA Certificate Chain"), required=False)
             form.add_submit("submit", _("Submit"))
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('New Identity Provider'))
                 "<h2>%s</h2>" % _('New Identity Provider')
                 form.render()
             else:
                 self.submit_new(form)
         def submit_new(self, form, key_provider_id = None):
             metadata, publickey, cacertchain = None, None, None
             if form.get_widget('metadata').parse():
                 metadata = form.get_widget('metadata').parse().fp.read()
             if form.get_widget('publickey').parse():
                 publickey = form.get_widget('publickey').parse().fp.read()
             if form.get_widget('cacertchain').parse():
                 cacertchain = form.get_widget('cacertchain').parse().fp.read()
             if not key_provider_id:
                 try:
                     provider_id = re.findall(r'(provider|entity)ID="(.*?)"', metadata)[0][1]
                 except IndexError:
                     return error_page('settings', _('Bad metadata'))
                 key_provider_id = provider_id.replace(str('://'), str('-')).replace(str('/'), str('-'))
             dir = get_abs_path(os.path.join('idp', key_provider_id))
             if not os.path.isdir(dir):
                 os.makedirs(dir)
             if metadata:
                 metadata_fn = os.path.join(dir, 'metadata.xml')
                 open(metadata_fn, 'w').write(metadata)
             if publickey:
                 publickey_fn = os.path.join(dir, 'public_key')
                 open(publickey_fn, 'w').write(publickey)
             else:
                 publickey_fn = None
             if cacertchain:
                 cacertchain_fn = os.path.join(dir, 'ca_cert_chain.pem')
                 open(cacertchain_fn, 'w').write(cacertchain)
             else:
                 cacertchain_fn = None
             p = lasso.Provider(lasso.PROVIDER_ROLE_IDP, metadata_fn, publickey_fn, None)
             try:
                 misc.get_provider_label(p)
                 get_publisher().cfg['idp'] = key_provider_id
                 get_publisher().write_cfg()
             except TypeError:
                 if metadata:
                     os.unlink(metadata_fn)
                 if publickey:
                     os.unlink(publickey_fn)
                 if cacertchain:
                     os.unlink(cacertchain_fn)
                 return error_page('settings', _('Bad metadata'))
             redirect('..')
         def metadata(self):
             response = get_response()
             response.set_content_type('text/xml', 'utf-8')
             get_publisher().reload_cfg()
             if get_publisher().cfg['idp']:
                 idp_metadata = os.path.join(get_abs_path('idp'), get_publisher().cfg['idp'], 'metadata.xml')
                 return unicode(open(idp_metadata).read(), 'utf-8')
             return 'No IDP is configured'
     class EmailsDirectory(QommonEmailsDirectory):
         def _q_index [html] (self):
             # Don't use custom emails
             html_top('settings', title = _('Emails'))
             '<h2>%s</h2>' % _('Emails')
             '<ul>'
             '<li><a href="options">%s</a></li>' % _('General Options')
             '</ul>'
             '<p>'
             '<a href="..">%s</a>' % _('Back')
             '</p>'
     class SettingsDirectory(QommonSettingsDirectory):
         _q_exports = ['', 'liberty_sp', 'liberty_idp', 'domain_names', 'apache2_configuration_generation',
                       'proxy', 'language', 'emails', 'debug_options' ]
         liberty_idp = LibertyIDPDir()
         emails = EmailsDirectory()
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             html_top('settings', title = _('Settings'))
             if lasso.SAML2_SUPPORT:
                 '<h2>%s</h2>' % _('Liberty Alliance & SAML 2.0 Service Provider')
             else:
                 '<h2>%s</h2>' % _('Liberty Alliance Service Provider')
             '<dl> <dt><a href="liberty_sp">%s</a></dt> <dd>%s</dd>' % (
                     _('Service Provider'), _('Configure Larpe as a Service Provider'))
             hosts = Host.select(lambda x: x.name == 'larpe')
             if hosts:
                 self.host = hosts[0]
                 if lasso.SAML2_SUPPORT and self.host.saml2_metadata is not None:
                     metadata_url = '%s/metadata.xml' % self.host.saml2_base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('SAML 2.0 Metadata'),
                             _('Download SAML 2.0 metadata file for Larpe'))
                 if self.host.metadata is not None:
                     metadata_url = '%s/metadata.xml' % self.host.base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('ID-FF 1.2 Metadata'),
                             _('Download ID-FF 1.2 metadata file for Larpe'))
                 if self.host.public_key is not None:
                     public_key_url = '%s/public_key' % self.host.base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             public_key_url,
                             _('Public key'),
                             _('Download SSL Public Key file'))
             if lasso.SAML2_SUPPORT:
                 '<h2>%s</h2>' % _('Liberty Alliance & SAML 2.0 Identity Provider')
             else:
                 '<h2>%s</h2>' % _('Liberty Alliance Identity Provider')
             '<dl>'
             '<dt><a href="liberty_idp/">%s</a></dt> <dd>%s</dd>' % (
                    _('Identity Provider'), _('Configure an identity provider'))
             if get_publisher().cfg.has_key('idp'):
                 '<dt><a href="liberty_idp/metadata.xml">%s</a></dt> <dd>%s</dd>' % (
                         _('Identity Provider metadatas'), _('See current identity provider metadatas'))
             '</dl>'
             '<h2>%s</h2>' % _('Global parameters for the sites')
             '<dl>'
             '<dt><a href="domain_names">%s</a></dt> <dd>%s</dd>' % (
                     _('Domain name'), _('Configure the base domain name for the sites'))
             '<dt><a href="apache2_configuration_generation">%s</a></dt> <dd>%s</dd>' % (
                     _('Apache 2 configuration generation'), _('Customise Apache 2 configuration generation'))
             '<dt><a href="proxy">%s</a></dt> <dd>%s</dd>' % (
                     _('Proxy'), _('Connect to the sites through a web proxy'))
             '</dl>'
             '<h2>%s</h2>' % _('Customisation')
             '<dl>'
             '<dt><a href="language">%s</a></dt> <dd>%s</dd>' % (
                     _('Language'), _('Configure site language'))
             '<dt><a href="emails/">%s</a></dt> <dd>%s</dd>' % (
                     _('Emails'), _('Configure email settings'))
             '</dl>'
             '<h2>%s</h2>' % _('Misc')
             '<dl>'
             '<dt><a href="debug_options">%s</a></dt> <dd>%s</dd>' % (
                     _('Debug Options'), _('Configure options useful for debugging'))
             '</dl>'
         def liberty_sp [html] (self):
             get_publisher().reload_cfg()
             # Get the host object for the reverse proxy
             hosts = Host.select(lambda x: x.name == 'larpe')
             if hosts:
                 self.host = hosts[0]
             else:
                 self.host = Host()
                 self.host.reversed_hostname = get_publisher().cfg[str('proxy_hostname')]
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'organization_name', title=_('Organisation Name'), size=50,
                     required = True, value = self.host.organization_name)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Service Provider Configuration'))
                 '<h2>%s</h2>' % _('Service Provider Configuration')
                 form.render()
             else:
                 self.liberty_sp_submit(form)
                 redirect('.')
         def liberty_sp_submit(self, form):
             get_publisher().reload_cfg()
             metadata_cfg = {}
             f = 'organization_name'
             if form.get_widget(f):
                 setattr(self.host, f, form.get_widget(f).parse())
             metadata_cfg['organization_name'] = self.host.organization_name
             self.host.name = 'larpe'
             # Liberty Alliance / SAML parameters
             base_url = '%s/liberty/%s/liberty' % (misc.get_root_url(), self.host.name)
             metadata_cfg['base_url'] = base_url
             self.host.base_url = base_url
             if lasso.SAML2_SUPPORT:
                 saml2_base_url = '%s/liberty/%s/saml' % (misc.get_root_url(), self.host.name)
                 metadata_cfg['saml2_base_url'] = saml2_base_url
                 self.host.saml2_base_url = saml2_base_url
             provider_id = '%s/metadata' % base_url
             metadata_cfg['provider_id'] = provider_id
             self.host.provider_id = provider_id
             if lasso.SAML2_SUPPORT:
                 saml2_provider_id = '%s/metadata' % saml2_base_url
                 metadata_cfg['saml2_provider_id'] = saml2_provider_id
                 self.host.saml2_provider_id = saml2_provider_id
             # Storage directories
             site_dir = os.path.join(get_publisher().app_dir, 'sp',
                         self.host.reversed_hostname, self.host.name)
             user_dir = os.path.join(site_dir, 'users')
             token_dir = os.path.join(site_dir, 'tokens')
             for dir in (site_dir, user_dir, token_dir):
                 if not os.path.isdir(dir):
                     os.makedirs(dir)
             metadata_cfg['site_dir'] = site_dir
             self.host.site_dir = site_dir
             # Generate SSL keys
             private_key_path = os.path.join(site_dir, 'private_key.pem')
             public_key_path = os.path.join(site_dir, 'public_key')
             if not os.path.isfile(private_key_path) or not os.path.isfile(public_key_path):
                 set_provider_keys(private_key_path, public_key_path)
             self.host.private_key = private_key_path
             metadata_cfg['signing_public_key'] = open(public_key_path).read()
             self.host.public_key = public_key_path
             # Write metadatas
             metadata_path = os.path.join(site_dir, 'metadata.xml')
             open(metadata_path, 'w').write(get_metadata(metadata_cfg))
             self.host.metadata = metadata_path
             if hasattr(self.host, 'saml2_provider_id'):
                 saml2_metadata_path = os.path.join(site_dir, 'saml2_metadata.xml')
                 open(saml2_metadata_path, 'w').write(get_saml2_metadata(metadata_cfg))
                 self.host.saml2_metadata = saml2_metadata_path
             self.host.root_url = '%s/' % misc.get_root_url()
             self.host.return_url = '%s/admin/' % misc.get_root_url()
             self.host.store()
         def domain_names [html] (self):
             form = self.form_domain_name()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Domain name'))
                 '<h2>%s</h2>' % _('Domain name')
                 form.render()
             else:
                 self.submit_domain_name(form)
                 redirect('.')
         def form_domain_name(self):
             get_publisher().reload_cfg()
             if get_cfg('domain_names'):
                 domain_name = get_cfg('domain_names')[0]
             else:
                 domain_name = None
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'domain_name',
                 title=_('Domain name for the sites'),
                 value = domain_name)
             # TODO: Add the option "Both" and handle it in hosts configuration
             form.add(SingleSelectWidget, 'sites_url_scheme', title = _('Use HTTP or HTTPS'),
                     value = get_cfg('sites_url_scheme'),
                     options = [ (None, _('Same as the site')),
                                 ('http', 'HTTP'),
                                 ('https', 'HTTPS') ] )
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_domain_name(self, form):
             get_publisher().reload_cfg()
             get_publisher().cfg['domain_names'] = [ form.get_widget('domain_name').parse() ]
             get_publisher().cfg['sites_url_scheme'] = form.get_widget('sites_url_scheme').parse()
             get_publisher().write_cfg()
         def apache2_configuration_generation [html] (self):
             get_publisher().reload_cfg()
             form = Form(enctype='multipart/form-data')
             form.add(CheckboxWidget, 'allow_config_generation',
                     title=_('Automatically generate Apache 2 configuration for new hosts and reload Apache 2 after changes'),
                     value = get_publisher().cfg.get(str('allow_config_generation'), True))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Apache 2 configuration generation'))
                 '<h2>%s</h2>' % _('Apache 2 configuration generation')
                 form.render()
             else:
                 self.apache2_configuration_generation_submit(form)
                 redirect('.')
         def apache2_configuration_generation_submit(self, form):
             get_publisher().reload_cfg()
             f = 'allow_config_generation'
             get_publisher().cfg[f] = form.get_widget(f).parse()
             get_publisher().write_cfg()

     import random
     import lasso
     from quixote import get_request, get_session, redirect, get_publisher
     from quixote.directory import Directory
     from qommon.admin.menu import html_top, error_page, command_icon
     from qommon.errors import EmailError
     from qommon.form import *
     from qommon import emails
     from larpe import errors
     from larpe import misc
     from larpe.users import User
     from larpe.hosts import Host
     class UserUI:
         def __init__(self, user):
             self.user = user
         def form_new(self):
             form = Form(enctype="multipart/form-data")
             form.add(StringWidget, "name", title = _('User Name'), required = True, size=30)
             form.add(StringWidget, "email", title = _('Email'), required = False, size=30)
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             return form
         def form_edit(self):
             form = Form(enctype="multipart/form-data")
             form.add(StringWidget, "name", title = _('User Name'), required = True, size=30,
                     value = self.user.name)
             form.add(StringWidget, "email", title = _('Email'), required = False, size=30,
                     value = self.user.email)
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             return form
         def submit_form(self, form):
             if not self.user:
                 self.user = User()
             for f in ('name', 'email'):
                 widget = form.get_widget(f)
                 if widget:
                     setattr(self.user, f, widget.parse())
             self.user.is_admin = True
             self.user.store()
     class UserPage(Directory):
         _q_exports = ['', 'edit', 'delete', 'token']
         def __init__(self, component):
             self.user = User.get(component)
             self.user_ui = UserUI(self.user)
             get_response().breadcrumb.append((component + '/', self.user.name))
         def _q_index [html] (self):
             html_top('users', '%s - %s' % (_('User'), self.user.name))
             '<h2>%s - %s</h2>' % (_('User'), self.user.name)
             '<div class="form">'
             '<div class="title">%s</div>' % _('Name')
             '<div class="StringWidget content">%s</div>' % self.user.name
             if self.user.email:
                 '<div class="title">%s</div>' % _('Email')
                 '<div class="StringWidget content">%s</div>' % self.user.email
     #         if self.user.lasso_dump:
     #             identity = lasso.Identity.newFromDump(self.user.lasso_dump)
     #             server = misc.get_lasso_server()
     #             if len(identity.providerIds) and server:
     #                 '<h3>%s</h3>' % _('Liberty Alliance Details')
     #                 '<div class="StringWidget content"><ul>'
     #                 for pid in identity.providerIds:
     #                     provider = server.getProvider(pid)
     #                     label = misc.get_provider_label(provider)
     #                     if label:
     #                         label = '%s (%s)' % (label, pid)
     #                     else:
     #                         label = pid
     #                     federation = identity.getFederation(pid)
     #                     '<li>'
     #                     _('Account federated with %s') % label
     #                     '<br />'
     #                     if federation.localNameIdentifier:
     #                         _("local: ") + federation.localNameIdentifier.content
     #                     if federation.remoteNameIdentifier:
     #                         _("remote: ") + federation.remoteNameIdentifier.content
     #                     '</li>'
     #                 '</ul></div>'
     #                 # XXX: only display this in debug mode:
     #                 '<h4>%s</h4>' % _('Lasso Identity Dump')
     #                 '<pre>%s</pre>' % self.user.lasso_dump
             '</div>'
         def debug [html] (self):
             get_response().breadcrumb.append( ('debug', _('Debug')) )
             html_top('users', 'Debug')
             "<h2>Debug - %s</h2>" % self.user.name
             "<pre>"
             self.user.lasso_dump
             "</pre>"
         def edit [html] (self):
             form = self.user_ui.form_edit()
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('edit', _('Edit')) )
                 html_top('users', title = _('Edit User'))
                 '<h2>%s</h2>' % _('Edit User')
                 form.render()
             else:
                 self.user_ui.submit_form(form)
                 return redirect('..')
         def delete [html] (self):
             form = Form(enctype="multipart/form-data")
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             "You are about to irrevocably delete this user.")))
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('users', title = _('Delete User'))
                 '<h2>%s %s</h2>' % (_('Deleting User :'), self.user.name)
                 form.render()
             else:
                 self.user.remove_self()
                 return redirect('..')
         def token [html] (self):
             form = Form(enctype="multipart/form-data", use_tokens = False)
             form.add_submit("submit", _("Generate"))
             form.add_submit("cancel", _("Cancel"))
             request = get_request()
             if request.form.has_key('cancel') or request.form.has_key('done'):
                 return redirect('..')
             get_response().breadcrumb.append(('token', _('Identification Token')))
             if not form.is_submitted() or form.has_errors():
                 html_top('users', title = _('Identification Token'))
                 '<h2>%s</h2>' % _('Identification Token')
                 '<p>%s</p>' % _('You are about to generate a token than can be used to federate the account.')
                 '<p>%s</p>' % _('After that, you will have the choice to send it to the user by email so that he can federate his accounts.')
                 if self.user.identification_token:
                     '<p>%s</p>' % _('Note that user has already been issued an identification token : %s') % self.user.identification_token
                 form.render()
             else:
                 if request.form.has_key('submit'):
                     html_top('users', title = _('Identification Token'))
                     token = '-'.join(['%04d' % random.randint(1, 9999) for x in range(4)])
                     self.user.identification_token = str(token)
                     self.user.store()
                     '<p>'
                     _('Identification Token for %s') % self.user.name
                     ' : %s</p>' % self.user.identification_token
                     form = Form(enctype="multipart/form-data", use_tokens = False)
                     form.add_submit('done', _('Done'))
                     if self.user.email:
                         form.add_submit("submit-email", _("Send by email"))
                     form.render()
                 else:
                     site_url = '%s://%s%s/token?token=%s' \
                         % (request.get_scheme(), request.get_server(),
                            get_request().environ['SCRIPT_NAME'], self.user.identification_token)
                     body = _("""You have been given an identification token.
     Your token is %(token)s
     Click on %(url)s to use it.
     """) % {'token': self.user.identification_token, 'url': site_url}
                     try:
                         emails.email(_('Identification Token'), body, self.user.email)
                     except EmailError, e:
                         html_top('users', title = _('Identification Token'))
                         _('Failed sending email. Check your email configuration.')
                         '<div class="buttons"><a href=".."><input type="button" value="%s" /></a></div><br />' % _('Back')
                     else:
                         return redirect('..')
     class UsersDirectory(Directory):
         _q_exports = ['', 'new']
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             get_response().breadcrumb.append( ('users/', _('Users')) )
             html_top('users', title = _('Users'))
             if not list(Host.select(lambda x: x.name == 'larpe')):
                 '<p>%s</p>' % _('Liberty support must be setup before creating users.')
             else:
                 """<ul id="nav-users-admin">
                   <li><a href="new">%s</a></li>
                 </ul>""" % _('New User')
             debug_cfg = get_publisher().cfg.get('debug', {})
             users = User.select(lambda x: x.name is not None, order_by = 'name')
             '<ul class="biglist">'
             for user in users:
                 '<li>'
                 '<strong class="label">%s</strong>' % user.name
                 if user.email:
                     '<p class="details">'
                     user.email
                     '</p>'
                 '<p class="commands">'
                 command_icon('%s/' % user.id, 'view')
                 if not user.name_identifiers:
                     if not user.identification_token:
                         command_icon('%s/token' % user.id, 'token',
                                 label = _('Identification Token'), icon = 'stock_exec_16.png')
                     else:
                         command_icon('%s/token' % user.id, 'token',
                                 label = _('Identification Token (current: %s)') % \
                                     user.identification_token,
                                 icon = 'stock_exec_16.png')
                 command_icon('%s/edit' % user.id, 'edit')
                 command_icon('%s/delete' % user.id, 'remove')
                 if debug_cfg.get('logger', False):
                     command_icon('../logger/by_user/%s/' % user.id, 'logs',
                             label = _('Logs'), icon = 'stock_harddisk_16.png')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append( ('users/', _('Users')) )
             get_response().breadcrumb.append( ('new', _('New')) )
             hosts = list(Host.select(lambda x: x.name == 'larpe'))
             if not hosts:
                 return error_page('users', _('Liberty support must be setup before creating users.'))
             host = hosts[0]
             # XXX: user must be logged in to get here
             user_ui = UserUI(None)
             # FIXME : should be able to use User.count(). Track fake user creations.
             users = User.select(lambda x: x.name is not None)
             first_user = (len(users) == 0)
             form = user_ui.form_new()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('users', title = _('New User'))
                 '<h2>%s</h2>' % _('New User')
                 form.render()
             else:
                 user_ui.submit_form(form)
                 if first_user:
                     session = get_session()
                     if hasattr(session, str('lasso_dump')):
                         user_ui.user.name_identifiers = [ session.name_identifier ]
                         user_ui.user.lasso_dumps = [ session.lasso_anonymous_identity_dump ]
                         user_ui.user.store()
                     if misc.get_current_protocol() == lasso.PROTOCOL_SAML_2_0:
                         get_session().set_user(user_ui.user.id, host.saml2_provider_id)
                     else:
                         get_session().set_user(user_ui.user.id, host.provider_id)
                 return redirect('.')
         def _q_lookup(self, component):
             get_response().breadcrumb.append( ('users/', _('Users')) )
             try:
                 return UserPage(component)
             except KeyError:
                 raise errors.TraversalError()

larpe/branches/idwsf/AUTHORS
1		Damien Laniel <dlaniel@entrouvert.com>
2
3		Artwork and administrave interface design taken from DotClear, version 1.2 and
4		2.0, released under the GNU General Public License; and GTK+, version 2.8,
5		released under the GNU Lesser General Public License.

     		    GNU GENERAL PUBLIC LICENSE
     		       Version 2, June 1991
      Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      Everyone is permitted to copy and distribute verbatim copies
      of this license document, but changing it is not allowed.
     			    Preamble
       The licenses for most software are designed to take away your
     freedom to share and change it.  By contrast, the GNU General Public
     License is intended to guarantee your freedom to share and change free
     software--to make sure the software is free for all its users.  This
     General Public License applies to most of the Free Software
     Foundation's software and to any other program whose authors commit to
     using it.  (Some other Free Software Foundation software is covered by
     the GNU Lesser General Public License instead.)  You can apply it to
     your programs, too.
       When we speak of free software, we are referring to freedom, not
     price.  Our General Public Licenses are designed to make sure that you
     have the freedom to distribute copies of free software (and charge for
     this service if you wish), that you receive source code or can get it
     if you want it, that you can change the software or use pieces of it
     in new free programs; and that you know you can do these things.
       To protect your rights, we need to make restrictions that forbid
     anyone to deny you these rights or to ask you to surrender the rights.
     These restrictions translate to certain responsibilities for you if you
     distribute copies of the software, or if you modify it.
       For example, if you distribute copies of such a program, whether
     gratis or for a fee, you must give the recipients all the rights that
     you have.  You must make sure that they, too, receive or can get the
     source code.  And you must show them these terms so they know their
     rights.
       We protect your rights with two steps: (1) copyright the software, and
     (2) offer you this license which gives you legal permission to copy,
     distribute and/or modify the software.
       Also, for each author's protection and ours, we want to make certain
     that everyone understands that there is no warranty for this free
     software.  If the software is modified by someone else and passed on, we
     want its recipients to know that what they have is not the original, so
     that any problems introduced by others will not reflect on the original
     authors' reputations.
       Finally, any free program is threatened constantly by software
     patents.  We wish to avoid the danger that redistributors of a free
     program will individually obtain patent licenses, in effect making the
     program proprietary.  To prevent this, we have made it clear that any
     patent must be licensed for everyone's free use or not licensed at all.
       The precise terms and conditions for copying, distribution and
     modification follow.
     		    GNU GENERAL PUBLIC LICENSE
        TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 . This License applies to any program or other work which contains
     a notice placed by the copyright holder saying it may be distributed
     under the terms of this General Public License.  The "Program", below,
     refers to any such program or work, and a "work based on the Program"
     means either the Program or any derivative work under copyright law:
     that is to say, a work containing the Program or a portion of it,
     either verbatim or with modifications and/or translated into another
     language.  (Hereinafter, translation is included without limitation in
     the term "modification".)  Each licensee is addressed as "you".
     Activities other than copying, distribution and modification are not
     covered by this License; they are outside its scope.  The act of
     running the Program is not restricted, and the output from the Program
     is covered only if its contents constitute a work based on the
     Program (independent of having been made by running the Program).
     Whether that is true depends on what the Program does.
 . You may copy and distribute verbatim copies of the Program's
     source code as you receive it, in any medium, provided that you
     conspicuously and appropriately publish on each copy an appropriate
     copyright notice and disclaimer of warranty; keep intact all the
     notices that refer to this License and to the absence of any warranty;
     and give any other recipients of the Program a copy of this License
     along with the Program.
     You may charge a fee for the physical act of transferring a copy, and
     you may at your option offer warranty protection in exchange for a fee.
 . You may modify your copy or copies of the Program or any portion
     of it, thus forming a work based on the Program, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:
         a) You must cause the modified files to carry prominent notices
         stating that you changed the files and the date of any change.
         b) You must cause any work that you distribute or publish, that in
         whole or in part contains or is derived from the Program or any
         part thereof, to be licensed as a whole at no charge to all third
         parties under the terms of this License.
         c) If the modified program normally reads commands interactively
         when run, you must cause it, when started running for such
         interactive use in the most ordinary way, to print or display an
         announcement including an appropriate copyright notice and a
         notice that there is no warranty (or else, saying that you provide
         a warranty) and that users may redistribute the program under
         these conditions, and telling the user how to view a copy of this
         License.  (Exception: if the Program itself is interactive but
         does not normally print such an announcement, your work based on
         the Program is not required to print an announcement.)
     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the Program,
     and can be reasonably considered independent and separate works in
     themselves, then this License, and its terms, do not apply to those
     sections when you distribute them as separate works.  But when you
     distribute the same sections as part of a whole which is a work based
     on the Program, the distribution of the whole must be on the terms of
     this License, whose permissions for other licensees extend to the
     entire whole, and thus to each and every part regardless of who wrote it.
     Thus, it is not the intent of this section to claim rights or contest
     your rights to work written entirely by you; rather, the intent is to
     exercise the right to control the distribution of derivative or
     collective works based on the Program.
     In addition, mere aggregation of another work not based on the Program
     with the Program (or with a work based on the Program) on a volume of
     a storage or distribution medium does not bring the other work under
     the scope of this License.
 . You may copy and distribute the Program (or a work based on it,
     under Section 2) in object code or executable form under the terms of
     Sections 1 and 2 above provided that you also do one of the following:
         a) Accompany it with the complete corresponding machine-readable
         source code, which must be distributed under the terms of Sections
 and 2 above on a medium customarily used for software interchange; or,
         b) Accompany it with a written offer, valid for at least three
         years, to give any third party, for a charge no more than your
         cost of physically performing source distribution, a complete
         machine-readable copy of the corresponding source code, to be
         distributed under the terms of Sections 1 and 2 above on a medium
         customarily used for software interchange; or,
         c) Accompany it with the information you received as to the offer
         to distribute corresponding source code.  (This alternative is
         allowed only for noncommercial distribution and only if you
         received the program in object code or executable form with such
         an offer, in accord with Subsection b above.)
     The source code for a work means the preferred form of the work for
     making modifications to it.  For an executable work, complete source
     code means all the source code for all modules it contains, plus any
     associated interface definition files, plus the scripts used to
     control compilation and installation of the executable.  However, as a
     special exception, the source code distributed need not include
     anything that is normally distributed (in either source or binary
     form) with the major components (compiler, kernel, and so on) of the
     operating system on which the executable runs, unless that component
     itself accompanies the executable.
     If distribution of executable or object code is made by offering
     access to copy from a designated place, then offering equivalent
     access to copy the source code from the same place counts as
     distribution of the source code, even though third parties are not
     compelled to copy the source along with the object code.
 . You may not copy, modify, sublicense, or distribute the Program
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense or distribute the Program is
     void, and will automatically terminate your rights under this License.
     However, parties who have received copies, or rights, from you under
     this License will not have their licenses terminated so long as such
     parties remain in full compliance.
 . You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify or
     distribute the Program or its derivative works.  These actions are
     prohibited by law if you do not accept this License.  Therefore, by
     modifying or distributing the Program (or any work based on the
     Program), you indicate your acceptance of this License to do so, and
     all its terms and conditions for copying, distributing or modifying
     the Program or works based on it.
 . Each time you redistribute the Program (or any work based on the
     Program), the recipient automatically receives a license from the
     original licensor to copy, distribute or modify the Program subject to
     these terms and conditions.  You may not impose any further
     restrictions on the recipients' exercise of the rights granted herein.
     You are not responsible for enforcing compliance by third parties to
     this License.
 . If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent issues),
     conditions are imposed on you (whether by court order, agreement or
     otherwise) that contradict the conditions of this License, they do not
     excuse you from the conditions of this License.  If you cannot
     distribute so as to satisfy simultaneously your obligations under this
     License and any other pertinent obligations, then as a consequence you
     may not distribute the Program at all.  For example, if a patent
     license would not permit royalty-free redistribution of the Program by
     all those who receive copies directly or indirectly through you, then
     the only way you could satisfy both it and this License would be to
     refrain entirely from distribution of the Program.
     If any portion of this section is held invalid or unenforceable under
     any particular circumstance, the balance of the section is intended to
     apply and the section as a whole is intended to apply in other
     circumstances.
     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of any
     such claims; this section has the sole purpose of protecting the
     integrity of the free software distribution system, which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is willing
     to distribute software through any other system and a licensee cannot
     impose that choice.
     This section is intended to make thoroughly clear what is believed to
     be a consequence of the rest of this License.
 . If the distribution and/or use of the Program is restricted in
     certain countries either by patents or by copyrighted interfaces, the
     original copyright holder who places the Program under this License
     may add an explicit geographical distribution limitation excluding
     those countries, so that distribution is permitted only in or among
     countries not thus excluded.  In such case, this License incorporates
     the limitation as if written in the body of this License.
 . The Free Software Foundation may publish revised and/or new versions
     of the General Public License from time to time.  Such new versions will
     be similar in spirit to the present version, but may differ in detail to
     address new problems or concerns.
     Each version is given a distinguishing version number.  If the Program
     specifies a version number of this License which applies to it and "any
     later version", you have the option of following the terms and conditions
     either of that version or of any later version published by the Free
     Software Foundation.  If the Program does not specify a version number of
     this License, you may choose any version ever published by the Free Software
     Foundation.
 . If you wish to incorporate parts of the Program into other free
     programs whose distribution conditions are different, write to the author
     to ask for permission.  For software which is copyrighted by the Free
     Software Foundation, write to the Free Software Foundation; we sometimes
     make exceptions for this.  Our decision will be guided by the two goals
     of preserving the free status of all derivatives of our free software and
     of promoting the sharing and reuse of software generally.
     			    NO WARRANTY
 . BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
     FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
     OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
     PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
     OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
     TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
     REPAIR OR CORRECTION.
 . IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
     WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
     REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
     INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
     OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
     TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
     YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
     PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGES.
     		     END OF TERMS AND CONDITIONS
     	    How to Apply These Terms to Your New Programs
       If you develop a new program, and you want it to be of the greatest
     possible use to the public, the best way to achieve this is to make it
     free software which everyone can redistribute and change under these terms.
       To do so, attach the following notices to the program.  It is safest
     to attach them to the start of each source file to most effectively
     convey the exclusion of warranty; and each file should have at least
     the "copyright" line and a pointer to where the full notice is found.
         <one line to give the program's name and a brief idea of what it does.>
         Copyright (C) <year>  <name of author>
         This program is free software; you can redistribute it and/or modify
         it under the terms of the GNU General Public License as published by
         the Free Software Foundation; either version 2 of the License, or
         (at your option) any later version.
         This program is distributed in the hope that it will be useful,
         but WITHOUT ANY WARRANTY; without even the implied warranty of
         MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
         GNU General Public License for more details.
         You should have received a copy of the GNU General Public License along
         with this program; if not, write to the Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
     Also add information on how to contact you by electronic and paper mail.
     If the program is interactive, make it output a short notice like this
     when it starts in an interactive mode:
         Gnomovision version 69, Copyright (C) year name of author
         Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
         This is free software, and you are welcome to redistribute it
         under certain conditions; type `show c' for details.
     The hypothetical commands `show w' and `show c' should show the appropriate
     parts of the General Public License.  Of course, the commands you use may
     be called something other than `show w' and `show c'; they could even be
     mouse-clicks or menu items--whatever suits your program.
     You should also get your employer (if you work as a programmer) or your
     school, if any, to sign a "copyright disclaimer" for the program, if
     necessary.  Here is a sample; alter the names:
       Yoyodyne, Inc., hereby disclaims all copyright interest in the program
       `Gnomovision' (which makes passes at compilers) written by James Hacker.
       <signature of Ty Coon>, 1 April 1989
       Ty Coon, President of Vice
     This General Public License does not permit incorporating your program into
     proprietary programs.  If your program is a subroutine library, you may
     consider it more useful to permit linking proprietary applications with the
     library.  If this is what you want to do, use the GNU Lesser General
     Public License instead of this License.

     include Makefile
     include setup.py
     include larpectl
     include apache2-vhost-larpe
     include apache2.conf
     include larpe-reload-apache2-script
     include larpe-reload-apache2.c
     include README COPYING MANIFEST.in MANIFEST NEWS AUTHORS
     recursive-include larpe *.py *.ptl
     recursive-include data *
     recursive-include root *
     recursive-include po *.po *.pot Makefile
     recursive-include doc *.rst Makefile *.png *.sty custom.tex *.py *.sh *.css

     prefix = /usr
     config_prefix = /var
     config_dir = $(config_prefix)/lib/larpe
     INSTALL = /usr/bin/install -c
     PYTHON = /usr/bin/python
     LARPE_USER = www-data
     LARPE_GROUP = www-data
     APACHE_INIT_SCRIPT = /etc/init.d/apache2
     larpe-reload-apache2: larpe-reload-apache2.c
     install: larpe-reload-apache2
     	rm -rf build
     	$(MAKE) -C po install
     	$(PYTHON) setup.py install --root "$(DESTDIR)/" --prefix "$(prefix)"
     	$(INSTALL) -d $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) larpectl $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) larpe-reload-apache2-script $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) -m 4550 --group $(LARPE_GROUP) larpe-reload-apache2 $(DESTDIR)$(prefix)/sbin/
     	$(INSTALL) -d $(DESTDIR)$(prefix)/share/larpe/
     	$(INSTALL) -m 0644 apache2.conf $(DESTDIR)$(prefix)/share/larpe/
     	chown -R $(LARPE_USER):$(LARPE_GROUP) /usr/share/larpe/
     	$(INSTALL) --owner=$(LARPE_USER) --group=$(LARPE_GROUP) -d $(DESTDIR)$(config_dir)
     	$(INSTALL) --owner=$(LARPE_USER) --group=$(LARPE_GROUP) -d $(DESTDIR)$(config_dir)/vhosts.d
     	$(INSTALL) --owner=$(LARPE_USER) --group=$(LARPE_GROUP) -d $(DESTDIR)$(config_dir)/vhost-locations.d
     	$(INSTALL) --owner=$(LARPE_USER) --group=$(LARPE_GROUP) -d $(DESTDIR)$(config_dir)/vhosts.d.disabled
     	$(INSTALL) --owner=$(LARPE_USER) --group=$(LARPE_GROUP) -d $(DESTDIR)$(config_dir)/vhost-locations.d.disabled
     uninstall:
     	$(MAKE) -C po uninstall
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpe-reload-apache2
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpe-reload-apache2-script
     	-rm -f $(DESTDIR)$(prefix)/sbin/larpectl
     	-rm -rf $(DESTDIR)$(prefix)/share/larpe/
     	@echo
     	@echo "Depending on your Python version, you will have to remove manually the files in /usr/lib/python(your_version)/site-packages/larpe/"
     clean:
     	$(MAKE) -C po clean
     	$(MAKE) -C doc clean
     	-$(PYTHON) setup.py clean
     	-rm larpe-reload-apache2

larpe/branches/idwsf/NEWS
1		NEWS
2		====

     Larpe - Liberty Alliance Reverse Proxy
     ======================================
     Description
     -----------
     Larpe is a Liberty Alliance Reverse Proxy.  It allow any service provider (that
     is a website) to use Liberty Alliance features (Identity federation, Single
     Sign On and Single Sign Logout) without changing the code of the service
     provider itself.  It uses the Lasso library which is certified by the Liberty
     Alliance consortium.
     Documentation
     -------------
     * README, as you are doing;
     * doc/en/ for English documentation, published on the website as
       http://larpe.labs.libre-entreprise.org/doc/en/larpe-admin.html
     Copyright
     ---------
     Larpe is copyrighted by Entr'ouvert and is licensed through the GNU General
     Public Licence.  Artwork and administrative design are from DotClear and
     released under the GNU General Public License by Olivier Meunier and others.
     Some artwork comes from GTK+ (LGPL).
     Read the COPYING file for the complete license text.  Read the AUTHORS file for
     additional credits.

     - Tests
       - egroupware
       - http://labs.libre-entreprise.org/
       - logs.entrouvert.org
     ====== Roadmap de Larpe ======
     ===== 0.2 =====
       * Vérifier la compatibilité avec egroupware
       * Mettre le vhosts générés dans /var/lib/larpe/vhosts.d et mettre un include /var/lib/larpe/vhosts.d/* dans la conf générale
       * Supprimer debconf
       * Vérification des formulaires de configuration d'hôtes
         * Tests de valeurs erronés diverses
         * Erreur si on donne un label qui existe deja
       * Ne plus inclure le binaire larpe-reload-apache2 dans les sources
       * Corriger les avertissements debian
       * Ne pas demander la clé publique de l'idp
       * Compléter les traductions
       * Ajouter la possibilité de changer la langue dans l'interface d'administration
       * Mettre à jour la documentation
         * Ajouter un chapitre sur les sites testés et leurs options de configuration particulières
       * Traduire la documentation en français
     ===== 0.3 =====
       * Implémenter le SLO en SOAP
       * Supprimer un /liberty/ des urls
       * Voir comment activer le SSLProxyEngine quand on utilise un sous répertoire
       * Faire un site web pour présenter Larpe
       * Ajouter la possibilité d'envoyer les exceptions par courriel à l'administrateur
       * Améliorer la journalisation des accès et des erreurs
     ===== 1.0 =====
       * Support de SAML 2.0
       * Implémenter l'accès à un site nécessitant une authentification préalable avant tout accès
         * Choix de cette fonctionnalité par une option de configuration par site
       * Lors de la création d'un site, choix d'un moteur de site connu (mediawiki, squirrelmail, ...) qui pré-remplirait un ensemble d'options nécessaire à ce moteur
       * Documentation technique pour les développeurs ?
     ===== Non classés =====
       * Support des sites qui ont une authentification HTTP (à priori, nécessite de charger toute la configuration de larpe dans le filtre python d'apache)
       * Création de nouveaux comptes pour les sites, avec des jetons (déjà implémenté en partie ; est-ce utile ?)
     Fait
     ====
     - Serveur python principal
       - Fonctionnalités liberty
         - SSO (depuis le sp et depuis l'idp)
         - Fédération
         - SLO (depuis le sp et depuis l'idp)
         - Défédération (depuis l'idp) en SOAP et redirect
       - Support https
       - Possibilité d'utiliser toutes les combinaisons de sous domaines et de sous répertoires
         - RP par vhost (appli1.example.com, rp de appli1.interne)
         - RP par repertoire (www.example.com/appli1, rp de appl1.interne)
       - Récupère la configuration de l'IP des vhosts
     - Administration
       - Authentification liberty sur l'admin
       - Créer de nouveaux sites (+ modifier, supprimer)
       - Écrire les vhosts correspondants
       - Rechargement de la configuration d'apache
         - Script + wrapper en C suid root
       - Gestion d'utilisateurs pour administrer le RP (Authentification http)
       - Gestion des traductions
     - Filtre Python branché en sortie sur Apache à la suite du filtre de réécriture html (proxy_html)
       - Générique
       - Personalisable par site pour une meilleure intégration dans les pages
     - Sites testés
       - Dotclear
       - Linuxfr
       - listes.entrouvert.com
       - https://listes.libre-entreprise.org/
       - all4dev.libre-entreprise.org
       - www.libre-entreprise.org
       - http://www.besancon.com/
       - quintine.entrouvert.org/egroupware/
       - squirrelmail
     - Documentation
     - Paquets Debian
       - Debconf pour demander le nom de domaine et le courriel de l'admin, ainsi que le compte administrateur
     - Installation sur lupin
     - Batterie de tests de non-regression

     <VirtualHost *>
         ServerName localhost
         ServerAdmin root@localhost
         include /usr/share/larpe/apache2.conf
         include /var/lib/larpe/vhost-locations.d
         CustomLog /var/log/apache2/larpe-access.log combined
         ErrorLog /var/log/apache2/larpe-error.log
     </VirtualHost>
     include /var/lib/larpe/vhosts.d

     # Static files
     DocumentRoot /usr/share/larpe/web/
     # Python application
     SCGIMount / 127.0.0.1:3007
     # Don't change static files
     <Location /css/>
         SCGIHandler off
     </Location>
     <Location /images/>
         SCGIHandler off
     </Location>
     <Location /js/>
         SCGIHandler off
     </Location>
     <Location /larpe/>
         ProxyPass   !
         SCGIHandler off
     </Location>
     <Location /liberty/>
         ProxyPass   !
     </Location>
     # No gzip compression
     RequestHeader unset Accept-Encoding
     # HTML url rewriting module and customized Python module
     SetOutputFilter OURFILTER

     larpe (0.2.1-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Wed, 20 Jun 2007 15:43:16 +0200
     larpe (0.2.0-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue, 30 Jan 2007 18:07:04 +0100
     larpe (0.1.1-2) unstable; urgency=low
       * Use python2.4
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue, 19 Dec 2006 17:21:05 +0100
     larpe (0.1.1-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Thu,  5 Oct 2006 11:47:53 +0200
     larpe (0.1.0-1) unstable; urgency=low
       * New release
      -- Damien Laniel <dlaniel@entrouvert.com>  Wed,  4 Oct 2006 10:19:26 +0200
     larpe (0.0.4-1) unstable; urgency=low
       * New version, many improvements, more compatible sites, some bug fixes
      -- Damien Laniel <dlaniel@entrouvert.com>  Tue,  3 Oct 2006 20:44:06 +0200
     larpe (0.0.3-1) unstable; urgency=low
       * New version, many improvements, more compatible sites, some bug fixes
      -- Damien Laniel <dlaniel@entrouvert.com>  Mon, 25 Sep 2006 11:11:36 +0200
     larpe (0.0.2-1) unstable; urgency=low
       * Initial package.
      -- Damien Laniel <dlaniel@entrouvert.com>  Fri, 08 Sep 2006 16:00:00 +0200

larpe/branches/idwsf/debian/compat
1		5

     #!/bin/sh -e
     # Source debconf library.
     . /usr/share/debconf/confmodule
     # Hostname
     #db_input high larpe/hostname || true
     #db_go
     # Administrator email address
     #db_input medium larpe/admin_email || true
     #db_go
     # Enable this vhost
     #db_input high larpe/enable_vhost || true
     #db_go
     # Administrator login
     #db_input high larpe/admin_username || true
     #db_go
     # Administrator password
     #db_input high larpe/admin_password || true
     #db_go

     Source: larpe
     Section: web
     Priority: optional
     Maintainer: Damien Laniel <dlaniel@entrouvert.com>
     Build-Depends: debhelper (>= 5.0.37.2), python, python-central (>= 0.5), gettext
     Standards-Version: 3.7.2.0
     XS-Python-Version: current
     Package: larpe
     Architecture: any
     XB-Python-Version: ${python:Versions}
     Depends: ${python:Depends}, python-quixote | quixote (>= 2.0), python-lasso (>= 0.6.5), python-scgi, python-libxml2, apache2, libapache2-mod-scgi, libapache2-mod-python, libapache2-mod-proxy-html
     Description: Liberty Alliance Reverse Proxy
      Larpe allows any service provider (that is a website) to use Liberty Alliance
      identity management and Single Sign On features without changing the code of
      the service provider itself.
+     .

     This package was debianized by Damien Laniel <dlaniel@entrouvert.com> on
     Fri, 08 Sep 2006 16:00:00 +0200.
     Upstream Author: Damien Laniel <dlaniel@entrouvert.com>
     Copyright (c) 2005 Entr'ouvert;
     copyright (c) 2003-2005 dotclear for some graphics.
     License is GNU GPL v2 or later plus OpenSSL exception clause.
     This program is free software; you can redistribute it and/or
     modify it under the terms of the GNU General Public License
     as published by the Free Software Foundation; either version 2
     of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
     On Debian GNU/Linux systems, the complete text of the GNU General Public
     License can be found in `/usr/share/common-licenses/GPL'.

larpe/branches/idwsf/debian/dirs
1		etc/apache2/sites-available
2		usr/sbin
3		var/lib/larpe

larpe/branches/idwsf/debian/docs
1		README

     #! /bin/sh
     ### BEGIN INIT INFO
     # Provides:          larpe
     # Required-Start:    $local_fs $network
     # Required-Stop:     $local_fs $network
     # Default-Start:     2 3 4 5
     # Default-Stop:      0 1 6
     # Short-Description: Start Larpe Liberty Alliance reverse proxy
     # Description:       Start Larpe Liberty Alliance reverse proxy
     ### END INIT INFO
     set -e
     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
     DESC="larpe"
     NAME=larpe
     DAEMON=/usr/sbin/larpectl
     PIDFILE=/var/run/$NAME.pid
     SCRIPTNAME=/etc/init.d/$NAME
     # Gracefully exit if the package has been removed.
     test -x $DAEMON || exit 0
     . /lib/lsb/init-functions
     # Read config file if it is present.
     if [ -r /etc/default/$NAME ]
     then
         . /etc/default/$NAME
     fi
+    #
     #	Function that starts the daemon/service.
+    #
     d_start() {
         start-stop-daemon --start --quiet --pidfile $PIDFILE --oknodo \
     		--chuid www-data:www-data --make-pidfile --background --exec $DAEMON -- start $OPTIONS
+    }
+    #
     #	Function that stops the daemon/service.
+    #
     d_stop() {
         start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo
         rm -f $PIDFILE
+    }
+    #
     #	Function that sends a SIGHUP to the daemon/service.
+    #
     d_reload() {
         start-stop-daemon --stop --quiet --pidfile $PIDFILE \
     		--make-pidfile --background --signal 1
+    }
     case "$1" in
         start)
             log_begin_msg "Starting $DESC: $NAME"
             d_start
             log_end_msg $?
             ;;
         stop)
             log_begin_msg "Stopping $DESC: $NAME"
             d_stop
             log_end_msg $?
             ;;
         #reload)
+        #
         #	If the daemon can reload its configuration without
         #	restarting (for example, when it is sent a SIGHUP),
         #	then implement that here.
+        #
         #	If the daemon responds to changes in its config file
         #	directly anyway, make this an "exit 0".
+        #
         # echo -n "Reloading $DESC configuration..."
         # d_reload
         # echo "done."
         #;;
         restart|force-reload)
+        #
         #	If the "reload" option is implemented, move the "force-reload"
         #	option to the "reload" entry above. If not, "force-reload" is
         #	just the same as "restart".
+        #
             log_begin_msg "Restarting $DESC: $NAME"
             d_stop
             sleep 1
             d_start
             log_end_msg $?
             ;;
         *)
             # echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
             echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
             exit 1
             ;;
     esac
     exit 0

     #! /bin/sh
     # postinst script for larpe
+    #
     # see: dh_installdeb(1)
     set -e
     # summary of how this script can be called:
     #        * <postinst> `configure' <most-recently-configured-version>
     #        * <old-postinst> `abort-upgrade' <new version>
     #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
     #          <new-version>
     #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
     #          <failed-install-package> <version> `removing'
     #          <conflicting-package> <version>
     # for details, see http://www.debian.org/doc/debian-policy/ or
     # the debian-policy package
+    #
     # quoting from the policy:
     #     Any necessary prompting should almost always be confined to the
     #     post-installation script, and should be protected with a conditional
     #     so that unnecessary prompting doesn't happen if a package's
     #     installation fails and the `postinst' is called with `abort-upgrade',
     #     `abort-remove' or `abort-deconfigure'.
     PACKAGE=larpe
     VERSION=2.4
     LIB="/usr/lib/python$VERSION"
     DIRLIST="/usr/share/pycentral/larpe/site-packages/larpe/"
     case "$1" in
         configure|abort-upgrade|abort-remove|abort-deconfigure)
             for i in $DIRLIST ; do
                 /usr/bin/python$VERSION -O $LIB/compileall.py -q $i
                 /usr/bin/python$VERSION $LIB/compileall.py -q $i
             done
             # Load Apache 2 modules
             for module in "proxy" "rewrite" "headers" "proxy_http"; do
                 a2enmod ${module} > /dev/null || true
             done
             # Restart Apache 2
             set +e
             if [ -x /usr/sbin/invoke-rc.d ]; then
                 invoke-rc.d apache2 restart || true
             else
                 /etc/init.d/apache2 restart || true
             fi
             set -e
         ;;
         *)
             echo "postinst called with unknown argument \`$1'" >&2
             exit 1
         ;;
     esac
     # dh_installdeb will replace this with shell code automatically
     # generated by other debhelper scripts.
     #DEBHELPER#
     exit 0

     #! /bin/sh
     # prerm script for larpe
+    #
     # see: dh_installdeb(1)
     set -e
     # summary of how this script can be called:
     #        * <prerm> `remove'
     #        * <old-prerm> `upgrade' <new-version>
     #        * <new-prerm> `failed-upgrade' <old-version>
     #        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
     #        * <deconfigured's-prerm> `deconfigure' `in-favour'
     #          <package-being-installed> <version> `removing'
     #          <conflicting-package> <version>
     # for details, see http://www.debian.org/doc/debian-policy/ or
     # the debian-policy package
     PACKAGE=larpe
     case "$1" in
         remove|upgrade|deconfigure)
         	dpkg --listfiles $PACKAGE |
                       awk '$0~/\.py$/ {print $0"c\n" $0"o"}' |
                       xargs rm -f >&2
             ;;
         failed-upgrade)
             ;;
         *)
             echo "prerm called with unknown argument \`$1'" >&2
             exit 1
         ;;
     esac
     # dh_installdeb will replace this with shell code automatically
     # generated by other debhelper scripts.
     #DEBHELPER#
     exit 0

larpe/branches/idwsf/debian/pycompat
1		2

     #!/usr/bin/make -f
     # GNU copyright 1997 to 1999 by Joey Hess.
     # Uncomment this to turn on verbose mode.
     #export DH_VERBOSE=1
     PYTHON=/usr/bin/python2.4
     ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
     	CFLAGS += -g
     endif
     ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
     	INSTALL_PROGRAM += -s
     endif
     build: build-stamp
     build-stamp:
     	dh_testdir
     	touch build-stamp
     clean:
     	dh_testdir
     	dh_testroot
     	rm -f build-stamp
     	make clean
     	dh_clean
     install: build
     	dh_testdir
     	dh_testroot
     	dh_clean -k
     	dh_installdirs
     	make install prefix=/usr DESTDIR=$(CURDIR)/debian/larpe/
     	dh_install apache2-vhost-larpe etc/apache2/sites-available
     	find debian/larpe -name "*.pyc" -exec rm -f {} \;
     # Build architecture-independent files here.
     binary-indep: build install
     # We have nothing to do by default.
     # Build architecture-dependent files here.
     binary-arch: build install
     	dh_testdir
     	dh_testroot
     	dh_installdocs
     	dh_installinit
     	dh_installchangelogs
     #	dh_installdebconf
     	dh_link
     	dh_strip
     	dh_compress
     	dh_fixperms -X /var/lib/larpe -X /usr/sbin/larpe-reload-apache2
     	dh_pycentral
     	dh_installdeb
     	dh_gencontrol
     	dh_md5sums
     	dh_builddeb
     binary: binary-indep binary-arch
     .PHONY: build clean binary-indep binary-arch binary install

     Template: larpe/hostname
     Type: string
     Default: localhost
     Description: Hostname :
      This is the name by which this reverse-proxy will be known on the network.
      Your DNS server must have been configured accordingly.
     Template: larpe/enable_vhost
     Type: boolean
     Default: false
     Description: Enable this vhost :
      A new virtual host for Larpe will be created with the hostname you chose. It may break
      your Apache2 configuration.
+     .
      If you didn't tweak your Apache2 configuration a lot
      and you don't have vital websites on the same server, you can safely say "yes" here
      to enable it, and fix it later if needed.
+     .
      If you prefer checking this vhost will fit well with your Apache2 configuration first,
      and enable it by yourself later, say "no".
     Template: larpe/admin_username
     Type: string
     Default: admin
     Description: Administrator login :
      This is the login which will be used to connect to the administrator interface
     Template: larpe/admin_password
     Type: password
     Description: Administrator password :
      This is the password which will be used to connect to the administrator interface
     Template: larpe/admin_email
     Type: string
     Default: root@localhost
     Description: Administrator email address :
      This is the email address to which problem reports will be sent

     all:
     	$(MAKE) -C en
     #	$(MAKE) -C fr
     clean:
     	$(MAKE) -C en clean
     #	$(MAKE) -C fr clean
     .PHONY: clean

     RST2HTML = rst2html
     RST2LATEX = ../scripts/rst2latex.py
     PDFLATEX = pdflatex
     RM = rm -f
     all: larpe-admin.pdf larpe-admin.html
     %.html: %.rst
     	$(RST2HTML) --stylesheet=default.css --link-stylesheet --language=en $? > $@
     figures-no-alpha-stamp:
     	-$(RM) -r figures-no-alpha/
     	mkdir figures-no-alpha/
     	for F in figures/*.png; do \
     		../scripts/removealpha.sh $$F figures-no-alpha/`basename $$F`; \
     	done
     	touch figures-no-alpha-stamp
     %.tex: %.rst #figures-no-alpha-stamp
     	cat $? | sed -e 's/figures\//figures-no-alpha\//' \
     			-e 's/ ::$$/ : ::/g' \
     			-e 's/.. section-numbering:://' | $(RST2LATEX) --language=en > $@
     %.pdf: %.tex custom.tex
     	$(PDFLATEX) $?
     	logfile=`echo "$@" |sed -r "s/(.*)....$$/\\1/"`.log; while [ -f "$$logfile" -a -n "`grep "Rerun to get cross-references right" $$logfile`" ]; do $(PDFLATEX) $< ; done
     clean:
     	-$(RM) *.aux *.toc *.log *.out
     	-$(RM) larpe-admin.pdf
     	-$(RM) larpe-admin.tex
     	-$(RM) larpe-admin.html
     	-$(RM) -r figures-no-alpha figures-no-alpha-stamp
     .PHONY: all clean

     \usepackage{float,fancyhdr,lscape,sectsty,colortbl,color,lastpage,setspace}
     \usepackage[perpage,bottom]{footmisc}
     \usepackage[hang]{caption2}
     \usepackage{marvosym}
     \usepackage{float,url,listings,tocbibind,fancyhdr,calc,placeins}
     \usepackage{palatino}
     \usepackage[Glenn]{fncychap}
     \pagestyle{fancy}
     \fancyhead{}
     \fancyfoot{}
     \fancyhead[L]{Authentic}
     \fancyhead[R]{Administrator Guide}
     \fancyfoot[C]{Page \thepage}
     \addtolength{\headheight}{1.6pt}
     \setlength\parindent{0pt}
     \setlength{\parskip}{1ex plus 0.5ex minus 0.2ex}
     \setlength\abovecaptionskip{0.1ex}
     \makeatletter
     \renewcommand{\maketitle}{\begin{titlepage}%
         \let\footnotesize\small
         \let\footnoterule\relax
         \parindent \z@
         \reset@font
         \null\vfil
         \begin{flushleft}
           \huge \@title
         \end{flushleft}
         \par
         \hrule height 1pt
         \par
         \begin{flushright}
           \LARGE \@author \par
         \end{flushright}
         \vskip 60\p@
         \vfil\null
       \end{titlepage}%
       \setcounter{footnote}{0}%
+    }
     \makeatother

     body {
     	font-family: sans-serif;
+    }
     h1 a, h2 a, h3 a, h4 a {
     	text-decoration: inherit;
     	color: inherit;
+    }
     pre.literal-block {
     	background: #eee;
     	border: 1px inset black;
     	padding: 2px;
     	margin: auto 10px;
     	overflow: auto;
+    }
     h1.title {
     	text-align: center;
     	background: #eef;
     	border: 1px solid #aaf;
     	letter-spacing: 1px;
+    }
     div.section {
     	margin-bottom: 2em;
+    }
     div.section h1 {
     	padding: 0 15px;
     	background: #eef;
     	border: 1px solid #aaf;
+    }
     div.section h2 {
     	padding: 0 15px;
     	background: #eef;
     	border: 1px solid #aaf;
+    }
     div.document {
     	margin-top: 1em;
     	border-top: 1px solid #aaf;
     	border-bottom: 1px solid #aaf;
+    }
     div.section p,
     div.section ul {
     	text-align: justify;
+    }
     div.contents {
     	float: right;
     	border: 1px solid black;
     	margin: 1em;
     	background: #eef;
     	max-width: 33%;
+    }
     div#building-liberty-services-with-lasso div#table-of-contents {
     	max-width: inherit;
     	float: none;
     	background: white url(lasso.png) bottom right no-repeat;
+    }
     div.contents ul {
     	padding-left: 1em;
     	list-style: none;
+    }
     div.contents li {
     	padding-bottom: 2px;
+    }
     div.contents p {
     	background: #ddf;
     	text-align: center;
     	border-bottom: 1px solid black;
     	margin: 0;
+    }
     th.docinfo-name {
     	text-align: right;
     	padding-right: 0.5em;
+    }
     dd {
     	margin-bottom: 1ex;
+    }
     table.table {
     	margin: 1ex 0;
     	border-spacing: 0px;
+    }
     table.table th {
     	padding: 0px 1ex;
     	background: #eef;
     	font-weight: normal;
+    }
     table.table td {
     	padding: 0 0.5ex;
+    }
     div.note, div.warning {
     	padding: 0.3ex;
     	padding-left: 60px;
     	min-height: 50px;
     	margin: 1ex 1em;
+    }
     div.note {
     	background: #ffa url(note.png) top left no-repeat;
     	border: 1px solid #fd8;
+    }
     div.warning {
     	background: #ffd url(warning.png) top left no-repeat;
+    }
     p.admonition-title {
     	font-weight: bold;
     	display: inline;
     	display: none;
     	padding-right: 1em;
+    }
     div.figure {
     	margin: 0 auto;
     	width: 70%;
     	min-width: 800px;
     	text-align: center;
+    }
     div.figure p.caption {
     	font-style: italic;
     	margin: 1ex 0 2em 0;
     	text-align: center;
+    }

     %%% Copyright   Ulf A. Lindgren
     %%%
     %%% Note        Premission is granted to modify this file under
     %%%             the condition that it is saved using another
     %%%             file and package name.
     %%%
     %%% Revision    1.1 (1997)
     %%%
     %%%             Jan. 8th Modified package name base date option
     %%%             Jan. 22th Modified FmN and FmTi for error in book.cls
     %%%                  \MakeUppercase{#}->{\MakeUppercase#}
     %%%             Apr. 6th Modified Lenny option to prevent undesired
     %%%                  skip of line.
     %%%             Nov. 8th Fixed \@chapapp for AMS
     %%%
     %%% Revision    1.2 (1998)
     %%%
     %%%             Feb. 11th Fixed appendix problem related to Bjarne
     %%%             Aug. 11th Fixed problem related to 11pt and 12pt
     %%%                  suggested by Tomas Lundberg. THANKS!
     %%%
     %%% Revision    1.3 (2004)
     %%%             Sep. 20th problem with frontmatter, mainmatter and
     %%%                  backmatter, pointed out by Lapo Mori
     %%%
     %%% Revision    1.31 (2004)
     %%%             Sep. 21th problem with the Rejne definition streched text
     %%%                  caused ugly gaps in the vrule aligned with the title
     %%%                  text. Kindly pointed out to me by Hendri Adriaens
     %%%
     %%% Revision    1.32 (2005)
     %%%             Jun. 23th compatibility problem with the KOMA class 'scrbook.cls'
     %%%                  a remedy is a redefinition of '\@schapter' in
     %%%                  line with that used in KOMA. The problem was pointed
     %%%                  out to me by Mikkel Holm Olsen
     %%%
     %%% Revision    1.33 (2005)
     %%%             Aug. 9th misspelled ``TWELV'' corrected, the error was pointed
     %%%                  out to me by George Pearson
     %%%
     %%% Last modified   Aug. 9th 2005
     \NeedsTeXFormat{LaTeX2e}[1995/12/01]
     \ProvidesPackage{fncychap}
                  [2004/09/21 v1.33
                      LaTeX package (Revised chapters)]
     %%%% DEFINITION OF Chapapp variables
     \newcommand{\CNV}{\huge\bfseries}
     \newcommand{\ChNameVar}[1]{\renewcommand{\CNV}{#1}}
     %%%% DEFINITION OF TheChapter variables
     \newcommand{\CNoV}{\huge\bfseries}
     \newcommand{\ChNumVar}[1]{\renewcommand{\CNoV}{#1}}
     \newif\ifUCN
     \UCNfalse
     \newif\ifLCN
     \LCNfalse
     \def\ChNameLowerCase{\LCNtrue\UCNfalse}
     \def\ChNameUpperCase{\UCNtrue\LCNfalse}
     \def\ChNameAsIs{\UCNfalse\LCNfalse}
     %%%%% Fix for AMSBook 971008
     \@ifundefined{@chapapp}{\let\@chapapp\chaptername}{}
     %%%%% Fix for Bjarne and appendix 980211
     \newif\ifinapp
     \inappfalse
     \renewcommand\appendix{\par
       \setcounter{chapter}{0}%
       \setcounter{section}{0}%
       \inapptrue%
       \renewcommand\@chapapp{\appendixname}%
       \renewcommand\thechapter{\@Alph\c@chapter}}
     %%%%% Fix for frontmatter, mainmatter, and backmatter 040920
     \@ifundefined{@mainmatter}{\newif\if@mainmatter \@mainmattertrue}{}
     %%%%%
     \newcommand{\FmN}[1]{%
     \ifUCN
        {\MakeUppercase#1}\LCNfalse
     \else
        \ifLCN
           {\MakeLowercase#1}\UCNfalse
        \else #1
        \fi
     \fi}
     %%%% DEFINITION OF Title variables
     \newcommand{\CTV}{\Huge\bfseries}
     \newcommand{\ChTitleVar}[1]{\renewcommand{\CTV}{#1}}
     %%%% DEFINITION OF the basic rule width
     \newlength{\RW}
     \setlength{\RW}{1pt}
     \newcommand{\ChRuleWidth}[1]{\setlength{\RW}{#1}}
     \newif\ifUCT
     \UCTfalse
     \newif\ifLCT
     \LCTfalse
     \def\ChTitleLowerCase{\LCTtrue\UCTfalse}
     \def\ChTitleUpperCase{\UCTtrue\LCTfalse}
     \def\ChTitleAsIs{\UCTfalse\LCTfalse}
     \newcommand{\FmTi}[1]{%
     \ifUCT
        {\MakeUppercase#1}\LCTfalse
     \else
        \ifLCT
           {\MakeLowercase#1}\UCTfalse
        \else {#1}
        \fi
     \fi}
     \newlength{\mylen}
     \newlength{\myhi}
     \newlength{\px}
     \newlength{\py}
     \newlength{\pyy}
     \newlength{\pxx}
     \def\mghrulefill#1{\leavevmode\leaders\hrule\@height #1\hfill\kern\z@}
     \newcommand{\DOCH}{%
       \CNV\FmN{\@chapapp}\space \CNoV\thechapter
       \par\nobreak
       \vskip 20\p@
+      }
     \newcommand{\DOTI}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
     \newcommand{\DOTIS}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
     %%%%%% SONNY DEF
     \DeclareOption{Sonny}{%
       \ChNameVar{\Large\sf}
       \ChNumVar{\Huge}
       \ChTitleVar{\Large\sf}
       \ChRuleWidth{0.5pt}
       \ChNameUpperCase
       \renewcommand{\DOCH}{%
         \raggedleft
         \CNV\FmN{\@chapapp}\space \CNoV\thechapter
         \par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTI}[1]{%
         \CTV\raggedleft\mghrulefill{\RW}\par\nobreak
         \vskip 5\p@
         \CTV\FmTi{#1}\par\nobreak
         \mghrulefill{\RW}\par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTIS}[1]{%
         \CTV\raggedleft\mghrulefill{\RW}\par\nobreak
         \vskip 5\p@
         \CTV\FmTi{#1}\par\nobreak
         \mghrulefill{\RW}\par\nobreak
         \vskip 40\p@}
+    }
     %%%%%% LENNY DEF
     \DeclareOption{Lenny}{%
       \ChNameVar{\fontsize{14}{16}\usefont{OT1}{phv}{m}{n}\selectfont}
       \ChNumVar{\fontsize{60}{62}\usefont{OT1}{ptm}{m}{n}\selectfont}
       \ChTitleVar{\Huge\bfseries\rm}
       \ChRuleWidth{1pt}
       \renewcommand{\DOCH}{%
         \settowidth{\px}{\CNV\FmN{\@chapapp}}
         \addtolength{\px}{2pt}
         \settoheight{\py}{\CNV\FmN{\@chapapp}}
         \addtolength{\py}{1pt}
         \settowidth{\mylen}{\CNV\FmN{\@chapapp}\space\CNoV\thechapter}
         \addtolength{\mylen}{1pt}
         \settowidth{\pxx}{\CNoV\thechapter}
         \addtolength{\pxx}{-1pt}
         \settoheight{\pyy}{\CNoV\thechapter}
         \addtolength{\pyy}{-2pt}
         \setlength{\myhi}{\pyy}
         \addtolength{\myhi}{-1\py}
         \par
         \parbox[b]{\textwidth}{%
         \rule[\py]{\RW}{\myhi}%
         \hskip -\RW%
         \rule[\pyy]{\px}{\RW}%
         \hskip -\px%
         \raggedright%
         \CNV\FmN{\@chapapp}\space\CNoV\thechapter%
         \hskip1pt%
         \mghrulefill{\RW}%
         \rule{\RW}{\pyy}\par\nobreak%
         \vskip -\baselineskip%
         \vskip -\pyy%
         \hskip \mylen%
         \mghrulefill{\RW}\par\nobreak%
         \vskip \pyy}%
         \vskip 20\p@}
       \renewcommand{\DOTI}[1]{%
         \raggedright
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
       \renewcommand{\DOTIS}[1]{%
         \raggedright
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
+     }
     %%%%%%% GLENN DEF
     \DeclareOption{Glenn}{%
       \ChNameVar{\bfseries\Large\sf}
       \ChNumVar{\Huge}
       \ChTitleVar{\bfseries\Large\rm}
       \ChRuleWidth{1pt}
       \ChNameUpperCase
       \ChTitleUpperCase
       \renewcommand{\DOCH}{%
         \settoheight{\myhi}{\CTV\FmTi{Test}}
         \setlength{\py}{\baselineskip}
         \addtolength{\py}{\RW}
         \addtolength{\py}{\myhi}
         \setlength{\pyy}{\py}
         \addtolength{\pyy}{-1\RW}
         \raggedright
         \CNV\FmN{\@chapapp}\space\CNoV\thechapter
         \hskip 3pt\mghrulefill{\RW}\rule[-1\pyy]{2\RW}{\py}\par\nobreak}
       \renewcommand{\DOTI}[1]{%
         \addtolength{\pyy}{-4pt}
         \settoheight{\myhi}{\CTV\FmTi{#1}}
         \addtolength{\myhi}{\py}
         \addtolength{\myhi}{-1\RW}
         \vskip -1\pyy
         \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 2pt
         \raggedleft\CTV\FmTi{#1}\par\nobreak
         \vskip 80\p@}
     \newlength{\backskip}
       \renewcommand{\DOTIS}[1]{%
     %    \setlength{\py}{10pt}
     %    \setlength{\pyy}{\py}
     %    \addtolength{\pyy}{\RW}
     %    \setlength{\myhi}{\baselineskip}
     %    \addtolength{\myhi}{\pyy}
     %    \mghrulefill{\RW}\rule[-1\py]{2\RW}{\pyy}\par\nobreak
     %    \addtolength{}{}
     %\vskip -1\baselineskip
     %    \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 2pt
     %    \raggedleft\CTV\FmTi{#1}\par\nobreak
     %    \vskip 60\p@}
     %% Fix suggested by Tomas Lundberg
         \setlength{\py}{25pt}  % eller vad man vill
         \setlength{\pyy}{\py}
         \setlength{\backskip}{\py}
         \addtolength{\backskip}{2pt}
         \addtolength{\pyy}{\RW}
         \setlength{\myhi}{\baselineskip}
         \addtolength{\myhi}{\pyy}
         \mghrulefill{\RW}\rule[-1\py]{2\RW}{\pyy}\par\nobreak
         \vskip -1\backskip
         \rule{2\RW}{\myhi}\mghrulefill{\RW}\hskip 3pt %
         \raggedleft\CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@}
+     }
     %%%%%%% CONNY DEF
     \DeclareOption{Conny}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\centering\Huge\rm\bfseries}
       \ChNumVar{\Huge}
       \ChTitleVar{\centering\Huge\rm}
       \ChRuleWidth{2pt}
       \renewcommand{\DOCH}{%
         \mghrulefill{3\RW}\par\nobreak
         \vskip -0.5\baselineskip
         \mghrulefill{\RW}\par\nobreak
         \CNV\FmN{\@chapapp}\space \CNoV\thechapter
         \par\nobreak
         \vskip -0.5\baselineskip
+       }
       \renewcommand{\DOTI}[1]{%
         \mghrulefill{\RW}\par\nobreak
         \CTV\FmTi{#1}\par\nobreak
         \vskip 60\p@
+        }
       \renewcommand{\DOTIS}[1]{%
         \mghrulefill{\RW}\par\nobreak
         \CTV\FmTi{#1}\par\nobreak
         \vskip 60\p@
+        }
+      }
     %%%%%%% REJNE DEF
     \DeclareOption{Rejne}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\centering\Large\rm}
       \ChNumVar{\Huge}
       \ChTitleVar{\centering\Huge\rm}
       \ChRuleWidth{1pt}
       \renewcommand{\DOCH}{%
         \settoheight{\py}{\CNoV\thechapter}
         \parskip=0pt plus 1pt % Set parskip to default, just in case v1.31
         \addtolength{\py}{-1pt}
         \CNV\FmN{\@chapapp}\par\nobreak
         \vskip 20\p@
         \setlength{\myhi}{2\baselineskip}
         \setlength{\px}{\myhi}
         \addtolength{\px}{-1\RW}
         \rule[-1\px]{\RW}{\myhi}\mghrulefill{\RW}\hskip
 pt\raisebox{-0.5\py}{\CNoV\thechapter}\hskip 10pt\mghrulefill{\RW}\rule[-1\px]{\RW}{\myhi}\par\nobreak
          \vskip -3\p@% Added -2pt vskip to correct for streched text v1.31
+        }
       \renewcommand{\DOTI}[1]{%
         \setlength{\mylen}{\textwidth}
         \parskip=0pt plus 1pt % Set parskip to default, just in case v1.31
         \addtolength{\mylen}{-2\RW}
         {\vrule width\RW}\parbox{\mylen}{\CTV\FmTi{#1}}{\vrule width\RW}\par\nobreak%
         \vskip -3pt\rule{\RW}{2\baselineskip}\mghrulefill{\RW}\rule{\RW}{2\baselineskip}%
         \vskip 60\p@% Added -2pt in vskip to correct for streched text v1.31
+        }
       \renewcommand{\DOTIS}[1]{%
         \setlength{\py}{\fboxrule}
         \setlength{\fboxrule}{\RW}
         \setlength{\mylen}{\textwidth}
         \addtolength{\mylen}{-2\RW}
         \fbox{\parbox{\mylen}{\vskip 2\baselineskip\CTV\FmTi{#1}\par\nobreak\vskip \baselineskip}}
         \setlength{\fboxrule}{\py}
         \vskip 60\p@
+        }
+      }
     %%%%%%% BJARNE DEF
     \DeclareOption{Bjarne}{%
       \ChNameUpperCase
       \ChTitleUpperCase
       \ChNameVar{\raggedleft\normalsize\rm}
       \ChNumVar{\raggedleft \bfseries\Large}
       \ChTitleVar{\raggedleft \Large\rm}
       \ChRuleWidth{1pt}
     %% Note thechapter -> c@chapter fix appendix bug
     %% Fixed misspelled 12
       \newcounter{AlphaCnt}
       \newcounter{AlphaDecCnt}
       \newcommand{\AlphaNo}{%
         \ifcase\number\theAlphaCnt
           \ifnum\c@chapter=0
             ZERO\else{}\fi
         \or ONE\or TWO\or THREE\or FOUR\or FIVE
         \or SIX\or SEVEN\or EIGHT\or NINE\or TEN
         \or ELEVEN\or TWELVE\or THIRTEEN\or FOURTEEN\or FIFTEEN
         \or SIXTEEN\or SEVENTEEN\or EIGHTEEN\or NINETEEN\fi
+    }
       \newcommand{\AlphaDecNo}{%
         \setcounter{AlphaDecCnt}{0}
         \@whilenum\number\theAlphaCnt>0\do
           {\addtocounter{AlphaCnt}{-10}
            \addtocounter{AlphaDecCnt}{1}}
          \ifnum\number\theAlphaCnt=0
          \else
            \addtocounter{AlphaDecCnt}{-1}
            \addtocounter{AlphaCnt}{10}
          \fi
         \ifcase\number\theAlphaDecCnt\or TEN\or TWENTY\or THIRTY\or
         FORTY\or FIFTY\or SIXTY\or SEVENTY\or EIGHTY\or NINETY\fi
+        }
       \newcommand{\TheAlphaChapter}{%
         \ifinapp
           \thechapter
         \else
           \setcounter{AlphaCnt}{\c@chapter}
           \ifnum\c@chapter<20
             \AlphaNo
           \else
             \AlphaDecNo\AlphaNo
           \fi
         \fi
+        }
       \renewcommand{\DOCH}{%
         \mghrulefill{\RW}\par\nobreak
         \CNV\FmN{\@chapapp}\par\nobreak
         \CNoV\TheAlphaChapter\par\nobreak
         \vskip -1\baselineskip\vskip 5pt\mghrulefill{\RW}\par\nobreak
         \vskip 20\p@
+        }
       \renewcommand{\DOTI}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
       \renewcommand{\DOTIS}[1]{%
         \CTV\FmTi{#1}\par\nobreak
         \vskip 40\p@
+        }
+    }
     \DeclareOption*{%
       \PackageWarning{fancychapter}{unknown style option}
+      }
     \ProcessOptions* \relax
     \def\@makechapterhead#1{%
       \vspace*{50\p@}%
       {\parindent \z@ \raggedright \normalfont
         \ifnum \c@secnumdepth >\m@ne
           \if@mainmatter%%%%% Fix for frontmatter, mainmatter, and backmatter 040920
             \DOCH
           \fi
         \fi
         \interlinepenalty\@M
         \DOTI{#1}
       }}
     %%% Begin: To avoid problem with scrbook.cls (fncychap version 1.32)
     %%OUT:
     %\def\@schapter#1{\if@twocolumn
     %                   \@topnewpage[\@makeschapterhead{#1}]%
     %                 \else
     %                   \@makeschapterhead{#1}%
     %                   \@afterheading
     %                 \fi}
     %%IN:
     \def\@schapter#1{%
     \if@twocolumn%
       \@makeschapterhead{#1}%
     \else%
       \@makeschapterhead{#1}%
       \@afterheading%
     \fi}
     %%% End: To avoid problem with scrbook.cls (fncychap version 1.32)
     \def\@makeschapterhead#1{%
       \vspace*{50\p@}%
       {\parindent \z@ \raggedright
         \normalfont
         \interlinepenalty\@M
         \DOTIS{#1}
         \vskip 40\p@
       }}
     \endinput

     =====================================
     Larpe - Administrator Guide
     =====================================
     :author: Damien Laniel
     :contact: dlaniel@entrouvert.com
     :copyright: Copyright © 2006 Entr'ouvert
     .. contents:: Table of contents
     Overview
     ========
     Larpe is a Liberty Alliance Reverse Proxy. It allows any service provider
     (that is a website) to use Liberty Alliance features (Identity federation,
     Single Sign On and Single Logout) without changing the code of
     the service provider itself. It uses the Lasso_ library
     which is certified by the `Liberty Alliance`_ consortium. Lasso_ and Larpe
     are released under the terms of the `GNU GPL license`_.
     How to get and install Larpe
     ============================
     Installation under Debian_ Sarge
     ++++++++++++++++++++++++++++++++
     To work correctly Larpe relies on :
     * Apache2_ ;
     * Lasso_ (0.6.3) ;
     * Quixote_ (2.0) ;
     * SCGI_ ;
     * mod_python_ ;
     * libxml2 ;
     * mod_proxy_html.
     You will also need a Liberty Alliance Identity Provider, be it on the same server or not.
     We recommend Authentic_ for that need.
     Package Installation
     --------------------
     You need to add the following line to your /etc/apt/sources.list; this will
     give you access to the repository where Larpe is stored::
      deb http://deb.entrouvert.org/ sarge main
     As root type::
      apt-get update
      apt-get install larpe
     And follow the debconf wizard to set it up.
     All the required packages are now installed and configured.
     You might need to change the "<VirtualHost \*>" in your apache2 configuration
     (/etc/apache2/sites-available/apache2-vhost-larpe) depending on how you
     previously configured apache.
     Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
     administration interface is reachable at http://your_domain_name/admin. The username
     and password are the ones you entered during the installation wizard.
     If you don't want to modify your sources.list file, you can manually dowload and
     install the required packages with the dpkg -i command :
     * Larpe, Authentic and Lasso on http://deb.entrouvert.org/ ;
     * Quixote 2.0 on http://authentic.labs.libre-entreprise.org/.
     Installation with another Linux distribution
     ++++++++++++++++++++++++++++++++++++++++++++
     We suppose Apache2_, SCGI_, mod_python_, libxml2 and mod_proxy_html are already installed. You need then to
     download and install the following sources :
     * Lasso http://lasso.entrouvert.org ;
     * Quixote http://www.mems-exchange.org/software/Quixote/ ;
     * Authentic http://authentic.labs.libre-entreprise.org/ ;
     * Larpe http://labs.libre-entreprise.org/frs/?group_id=108.
     To install Larpe, uncompress the sources you have downloaded and launch the
     setup.py script ::
      tar xzf larpe*.tar.gz
      cd larpe*
      python setup.py install
     You need then to configure Apache2_ correctly. You should use the provided apache2-vhost-larpe template and adapt to your configuration.
     Don't forget to modify your /etc/hosts file if necessary. Larpe now works, the
     administration interface is reachable at http://your_domain_name/admin.
     Basic Larpe configuration
     =========================
     Identity Provider configuration
     +++++++++++++++++++++++++++++++
     If you don't have a configured Identity Provider yet, please read Authentic
     manual to set it up. Then you must have the metadata and public key of the Identity
     Provider to begin with Larpe.
     Then in Larpe administration interface, click on "Settings", then "Identity Provider".
     Fill in the metadata and public key that you've got from your Identity Provider then
     click Submit.
     Your Identity Provider is now configured in Larpe, you can then configure as many Service
     Providers as you want.
     Service Provider Configuration
     ++++++++++++++++++++++++++++++
     Service Provider configuration
     ------------------------------
     Click on "Hosts" then "New Host".
     Fill in the following parameters :
     * Label : the name you want to give to your Service Provider ;
     * Original Site Address : the root URL of your Service Provider ;
     * Authentication Page : if the page which contains the authentication form for
       your Service Provider is on a separate page, fill the url of this page here ;
     * Authentication Form Page : if you didn't fill the previous field and if the
       authentication form if not on the first page of your Service Provider either,
       fill the url of the page which contains the authentication form here ;
     * Logout Address : when you want Single Sign On and Identity Federation, you probably
       want Single Logout too. If so, fill the logout url of your original site here ;
     * Reversed Host Name : the domain name where you want to access your Service Provider
       through the reverse proxy. It can be the domain name of Larpe or not ;
     Then click "Submit". Wait a few seconds then go to http://reversed_host_name/reverse_directory/
     to check if it works. If not, wait a bit more and try again. If it really doesn't work,
     please submit a bug report at http://labs.libre-entreprise.org/tracker/?func=add&group_id=108&atid=512
     Service Provider Example: Linuxfr
     ---------------------------------
     To help you setup your own Service Provider, we provide an example of a working Service Provider
     to guide you.
     To setup Linuxfr, fill in the following parameters :
     * Label : Linuxfr ;
     * Original Site Address : http://linuxfr.org/ ;
     * Authentication Page : Nothing here ;
     * Authentication Form Page : http://linuxfr.org/pub/ ;
     * Logout Address : http://linuxfr.org/close_session.html ;
     * Reversed Host Name : linuxfr.reverse-proxy.example.com.
     With "reverse-proxy.example.com" being the hostname you've set up before for your reverse-proxy
     Don't forget to add this new hostname to your /etc/hosts as well.
     You can then go to the reversed Linuxfr at http://linuxfr.reverse-proxy.example.com/
     Service Provider Liberty Alliance final setup
     ---------------------------------------------
     Now that you can access your Service Provider, you need a final step to use Liberty Alliance
     features. Click on "Hosts", the click on the "Edit" icon of the Service Provider you've
     just configured. Save the Service Provider Metadata (for ID-FF 1.2) and the Public Key
     (right click then "Save as"). Configure this Service Provider on your Identity Provider
     with these two files.
     Licenses
     ========
     Larpe, Authentic_, Candle_ and Lasso_ are released under the terms of the
     `GNU GPL license`_.
     .. _Lasso: http://lasso.entrouvert.org/
     .. _`Liberty Alliance`: http://projectliberty.org/
     .. _`GNU GPL License`: http://www.gnu.org/copyleft/gpl.html
     .. _Debian: http://www.debian.org/
     .. _Apache2: http://httpd.apache.org/
     .. _Quixote: http://www.mems-exchange.org/software/Quixote
     .. _mod_python: http://www.modpython.org/
     .. _SCGI: http://www.mems-exchange.org/software/scgi/
     .. _Candle: http://candle.labs.libre-entreprise.org/
     .. _Authentic: http://www.entrouvert.com/fr/authentic/

larpe/branches/idwsf/doc/scripts/removealpha.sh
1		#! /bin/sh
2
3		size=$(identify $1 \| cut -d ' ' -f 3)
4		composite $1 -size $(identify $1 \| cut -d ' ' -f3) xc:white $2
5

     #! /usr/bin/python
     """A minimal reST frontend, to create appropriate LaTeX files."""
     try:
         import locale
         locale.setlocale(locale.LC_ALL, '')
     except:
         pass
     from docutils.core import publish_cmdline, Publisher
     def set_io(self, source_path=None, destination_path=None):
         Publisher.set_io_orig(self, source_path, destination_path='/dev/null')
     Publisher.set_io_orig, Publisher.set_io = Publisher.set_io, set_io
     output = publish_cmdline(writer_name='latex',
         settings_overrides = {
             'documentclass': 'report',
             'documentoptions': '11pt,a4paper,titlepage',
             'use_latex_toc': True,
             'use_latex_docinfo': True,
             'stylesheet': 'custom.tex'})
     output = output.replace('\\includegraphics',
         '\\includegraphics[width=.9\\textwidth,height=15cm,clip,keepaspectratio]')
     output = output.replace('\\begin{figure}[htbp]', '\\begin{figure}[H]')
     print output

larpe/branches/idwsf/larpe-reload-apache2-script
1		#!/bin/sh
2
3		/etc/init.d/apache2 reload

     /*
       Template for a setuid program that calls a script.
       The script should be in an unwritable directory and should itself
       be unwritable.  In fact all parent directories up to the root
       should be unwritable.  The script must not be setuid, that's what
       this program is for.
       This is a template program.  You need to fill in the name of the
       script that must be executed.  This is done by changing the
       definition of FULL_PATH below.
       There are also some rules that should be adhered to when writing
       the script itself.
       The first and most important rule is to never, ever trust that the
       user of the program will behave properly.  Program defensively.
       Check your arguments for reasonableness.  If the user is allowed to
       create files, check the names of the files.  If the program depends
       on argv[0] for the action it should perform, check it.
       Assuming the script is a Bourne shell script, the first line of the
       script should be
       #!/bin/sh -
       The - is important, don't omit it.  If you're using esh, the first
       line should be
       #!/usr/local/bin/esh -f
       and for ksh, the first line should be
       #!/usr/local/bin/ksh -p
       The script should then set the variable IFS to the string
       consisting of <space>, <tab>, and <newline>.  After this (*not*
       before!), the PATH variable should be set to a reasonable value and
       exported.  Do not expect the PATH to have a reasonable value, so do
       not trust the old value of PATH.  You should then set the umask of
       the program by calling
       umask 077 # or 022 if you want the files to be readable
       If you plan to change directories, you should either unset CDPATH
       or set it to a good value.  Setting CDPATH to just ``.'' (dot) is a
       good idea.
       If, for some reason, you want to use csh, the first line should be
       #!/bin/csh -fb
       You should then set the path variable to something reasonable,
       without trusting the inherited path.  Here too, you should set the
       umask using the command
       umask 077 # or 022 if you want the files to be readable
     */
     #include <unistd.h>
     #include <stdlib.h>
     #include <stdio.h>
     #include <sys/types.h>
     #include <sys/stat.h>
     #include <string.h>
     /* CONFIGURATION SECTION */
     #ifndef FULL_PATH/* so that this can be specified from the Makefile */
       #define FULL_PATH	"/usr/sbin/larpe-reload-apache2-script"
     #endif
     #ifndef UMASK
       #define UMASK		077
     #endif
     /* END OF CONFIGURATION SECTION */
     #if defined(__STDC__) && defined(__sgi)
     #define environ _environ
     #endif
     /* don't change def_IFS */
     char def_IFS[] = "IFS= \t\n";
     /* you may want to change def_PATH, but you should really change it in */
     /* your script */
     #ifdef __sgi
     char def_PATH[] = "PATH=/usr/bsd:/usr/bin:/bin:/usr/local/bin:/usr/sbin";
     #else
     char def_PATH[] = "PATH=/usr/ucb:/usr/bin:/bin:/usr/local/bin";
     #endif
     /* don't change def_CDPATH */
     char def_CDPATH[] = "CDPATH=.";
     /* don't change def_ENV */
     char def_ENV[] = "ENV=:";
     /*
       This function changes all environment variables that start with LD_
       into variables that start with XD_.  This is important since we
       don't want the script that is executed to use any funny shared
       libraries.
       The other changes to the environment are, strictly speaking, not
       needed here.  They can safely be done in the script.  They are done
       here because we don't trust the script writer (just like the script
       writer shouldn't trust the user of the script).
       If IFS is set in the environment, set it to space,tab,newline.
       If CDPATH is set in the environment, set it to ``.''.
       Set PATH to a reasonable default.
     */
     void
     clean_environ(void)
+    {
         char **p;
         extern char **environ;
         for (p = environ; *p; p++) {
     	if (strncmp(*p, "LD_", 3) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "_RLD", 4) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "PYTHON", 6) == 0)
     	    **p = 'X';
     	else if (strncmp(*p, "IFS=", 4) == 0)
     	    *p = def_IFS;
     	else if (strncmp(*p, "CDPATH=", 7) == 0)
     	    *p = def_CDPATH;
     	else if (strncmp(*p, "ENV=", 4) == 0)
     	    *p = def_ENV;
+        }
         putenv(def_PATH);
+    }
     int
     main(int argc, char **argv)
+    {
         struct stat statb;
         gid_t egid = getegid();
         uid_t euid = geteuid();
         /*
           Sanity check #1.
           This check should be made compile-time, but that's not possible.
           If you're sure that you specified a full path name for FULL_PATH,
           you can omit this check.
         */
         if (FULL_PATH[0] != '/') {
     	fprintf(stderr, "%s: %s is not a full path name\n", argv[0],
     		FULL_PATH);
     	fprintf(stderr, "You can only use this wrapper if you\n");
     	fprintf(stderr, "compile it with an absolute path.\n");
     	exit(1);
+        }
         /*
           Sanity check #2.
           Check that the owner of the script is equal to either the
           effective uid or the super user.
         */
         if (stat(FULL_PATH, &statb) < 0) {
     	perror("stat");
     	exit(1);
+        }
         if (statb.st_uid != 0 && statb.st_uid != euid) {
     	fprintf(stderr, "%s: %s has the wrong owner\n", argv[0],
     		FULL_PATH);
     	fprintf(stderr, "The script should be owned by root,\n");
     	fprintf(stderr, "and shouldn't be writeable by anyone.\n");
     	exit(1);
+        }
         if (setregid(egid, egid) < 0)
     	perror("setregid");
         if (setreuid(euid, euid) < 0)
     	perror("setreuid");
         clean_environ();
         umask(UMASK);
         while (**argv == '-')/* don't let argv[0] start with '-' */
     	(*argv)++;
         execv(FULL_PATH, argv);
         fprintf(stderr, "%s: could not execute the script\n", argv[0]);
         exit(1);
+    }

larpe/branches/idwsf/larpe/Defaults.py
1		APP_DIR = "/var/lib/larpe"
2		DATA_DIR = "/usr/share/larpe"
3		ERROR_LOG = None #"/var/log/larpe.log"
4		WEB_ROOT = '/larpe'

     import sys
     import os
     sys.path.insert(0, os.path.dirname(__file__))
     import qommon
     try:
         import lasso
     except ImportError:
         lasso = None
     if lasso and not hasattr(lasso, 'SAML2_SUPPORT'):
         lasso.SAML2_SUPPORT = False

larpe/branches/idwsf/larpe/admin/__init__.py
1		from root import RootDirectory

     import os
     import re
     import urllib
     import base64
     from quixote import get_publisher, get_request
     from larpe.hosts import Host
     from Defaults import APP_DIR
     def write_apache2_vhosts():
         hosts = Host.select(lambda x: x.name != 'larpe')
         hosts.sort()
         vhosts_dir = os.path.join(APP_DIR, 'vhosts.d')
         vhost_locations_dir = os.path.join(APP_DIR, 'vhost-locations.d')
         vhosts_dir_disabled = os.path.join(APP_DIR, 'vhosts.d.disabled')
         vhost_locations_dir_disabled = os.path.join(APP_DIR, 'vhost-locations.d.disabled')
         vhost_file_name = get_request().get_server().split(':')[0]
         vhost_file = None
         reversed_hostname = ''
         other_locations_hosts = []
         vhost = None
         if get_publisher().cfg.get(str('allow_config_generation'), True):
             vhost_file = open(os.path.join(vhosts_dir, vhost_file_name), 'w')
             locations_file = open(os.path.join(vhost_locations_dir, vhost_file_name), 'w')
         else:
             vhost_file = open(os.path.join(vhosts_dir_disabled, vhost_file_name), 'w')
             locations_file = open(os.path.join(vhost_locations_dir_disabled, vhost_file_name), 'w')
         try:
             main_vhost = open('/etc/apache2/sites-available/apache2-vhost-larpe', 'r')
             file_content = main_vhost.read()
             regexp = re.compile('<VirtualHost (.*?)>')
             vhost_ip = regexp.findall(file_content)[0]
         except:
             vhost_ip = '*'
         for host in hosts:
             if host.orig_site is None:
                 # This site hasn't been fully configured
                 continue
             if host.reversed_hostname != reversed_hostname and host.reversed_hostname != get_publisher().cfg['proxy_hostname']:
                 if vhost is not None:
                     vhost.close()
                 vhost = Vhost(host, vhost_ip)
                 vhost.write(vhost_file)
                 reversed_hostname = host.reversed_hostname
             if host.reversed_hostname == get_publisher().cfg['proxy_hostname']:
                 conf_file = locations_file
             else:
                 conf_file = vhost_file
             Location(host).write(conf_file)
         if vhost_file is not None:
             if vhost is not None:
                 vhost.close()
             vhost_file.close()
         if locations_file is not None:
             locations_file.close()
         if get_publisher().cfg.get(str('allow_config_generation'), True):
             os.system('/usr/sbin/larpe-reload-apache2')
     class Vhost:
         def __init__(self, host, main_ip_port):
             self.host = host
             self.main_ip_port = main_ip_port
             self.conf_file = None
         def get_ip_port(self):
             if self.host.scheme == 'https':
                 return self.main_ip_port.replace(':80', ':443')
             else:
                 return self.main_ip_port.replace(':443', ':80')
         ip_port = property(get_ip_port)
         def get_proxy_url(self):
             if get_publisher().cfg.get('use_proxy', False) and self.host.use_proxy == True:
                 return 'http://%(proxy_ip)s:%(proxy_port)s' % get_publisher().cfg
             return None
         proxy_url = property(get_proxy_url)
         def get_proxy_auth(self):
             if self.get_proxy_url() and get_publisher().cfg.get('proxy_user'):
                 credentials = base64.encodestring(
                     '%(proxy_user)s:%(proxy_password)s' % get_publisher().cfg)[:-1]
                 return '"Basic %s"' % credentials
             return None
         proxy_auth = property(get_proxy_auth)
         def get_cfg(self):
             return { 'ip_port': self.ip_port,
                      'reversed_hostname': self.host.reversed_hostname,
                      'proxy_url': self.proxy_url,
                      'proxy_auth': self.proxy_auth }
         cfg = property(get_cfg)
         def write(self, conf_file):
             self.conf_file = conf_file
             conf_lines = []
             # Start Virtual Host
             conf_lines.append('<VirtualHost %(ip_port)s>' % self.cfg)
             # Server name and administrator
             conf_lines.append('ServerName %(reversed_hostname)s' % self.cfg)
             conf_lines.append('# ServerAdmin root@localhost\n')
             # Include common vhost configuration
             conf_lines.append('include /usr/share/larpe/apache2.conf\n')
             # SSL
             if self.host.scheme == 'https':
                 conf_lines.append('SSLEngine On\n')
             if self.host.orig_site.startswith('https'):
                 conf_lines.append('SSLProxyEngine On\n')
             # Remote proxy configuration
             if self.proxy_url is not None:
                 conf_lines.append('ProxyRemote * %(proxy_url)s' % self.cfg)
                 if self.proxy_auth is not None:
                     conf_lines.append('RequestHeader set Proxy-Authorization %(proxy_auth)s\n' % self.cfg)
             # Write it all
             conf_file.write('\n\t'.join(conf_lines))
         def close(self):
             if self.conf_file:
                 self.conf_file.write('</VirtualHost>\n\n')
     def apache_escape_chars(url):
         special_characters = ('\\', '.', '?', '*', '+', '^', '$', '|', '(', ')', '[', ']')
         for char in special_characters:
             url = url.replace(char, '\%s' % char)
         return url
     class Location:
         def __init__(self, host):
             self.host = host
         def get_reversed_directory(self):
             if not self.host.reversed_directory:
                 return '%s/' % get_request().environ['SCRIPT_NAME']
             else:
                 return '%s/%s/' % (get_request().environ['SCRIPT_NAME'], self.host.reversed_directory)
         reversed_directory = property(get_reversed_directory)
         def get_python_path(self):
             if hasattr(self.host, 'apache_output_python_filters') and \
                     hasattr(self.host, 'apache_python_paths') and self.host.apache_python_paths:
                 python_path = 'PythonPath "sys.path'
                 for path in self.host.apache_python_paths:
                     python_path += "+['%s']" % path
                 python_path += '"'
                 return python_path
             else:
                 return None
         python_path = property(get_python_path)
         def get_output_filters(self):
             python_filters = ''
             output_filters = []
             if hasattr(self.host, 'apache_output_python_filters'):
                 i = 0
                 for filter_file in self.host.apache_output_python_filters:
                     filter_name = 'filter%d' % i
                     python_filters += 'PythonOutputFilter %s %s\n\t\t' % (filter_file, filter_name)
                     output_filters.append(filter_name)
                     i += 1
             if hasattr(self.host, 'apache_output_filters'):
                 for filter in self.host.apache_output_filters:
                     output_filters.append(filter)
             if output_filters:
                 return python_filters + 'SetOutputFilter ' + ';'.join(output_filters)
             else:
                 return None
         output_filters = property(get_output_filters)
         def get_old_auth_url(self):
             old_auth_url = None
             if self.host.initiate_sso_url:
                 old_auth_url = self.host.initiate_sso_url
             elif self.host.auth_url is not None:
                 if self.host.auth_url.startswith('http://'):
                     chars_to_skip = 5
                 else:
                     chars_to_skip = 6
                 regexp = re.compile(self.host.orig_site[chars_to_skip:])
                 old_auth_url_short = regexp.sub('', self.host.auth_url[chars_to_skip:])
                 if old_auth_url_short.startswith('/'):
                     old_auth_url = old_auth_url_short
                 else:
                     old_auth_url = '/' + old_auth_url_short
             if old_auth_url:
                 old_auth_url = apache_escape_chars(old_auth_url)
             return old_auth_url
         old_auth_url = property(get_old_auth_url)
         def get_new_auth_url(self):
             if not hasattr(self.host, 'base_url'):
                 return None
             base_url_tokens = self.host.base_url.split('/')
             base_url_tokens[-1] = 'login'
             return '/'.join(base_url_tokens)
         new_auth_url = property(get_new_auth_url)
         def get_old_logout_url(self):
             old_logout_url = None
             if self.host.logout_url is not None:
                 if self.host.logout_url.startswith('http://'):
                     chars_to_skip = 5
                 else:
                     chars_to_skip = 6
                 regexp = re.compile(self.host.orig_site[chars_to_skip:])
                 old_logout_url_short = regexp.sub('', self.host.logout_url[chars_to_skip:])
                 if old_logout_url_short.startswith('/'):
                     old_logout_url = old_logout_url_short
                 else:
                     old_logout_url = '/' + old_logout_url_short
                 old_logout_url = apache_escape_chars(old_logout_url)
             return old_logout_url
         old_logout_url = property(get_old_logout_url)
         def get_new_logout_url(self):
             if not hasattr(self.host, 'base_url'):
                 return None
             base_url_tokens = self.host.base_url.split('/')
             base_url_tokens[-1] = 'logout'
             return '/'.join(base_url_tokens)
         new_logout_url = property(get_new_logout_url)
         def get_orig_site_url_and_dir(self):
             # Split url
             if self.host.orig_site.startswith('http://'):
                 orig_host, orig_query = urllib.splithost(self.host.orig_site[5:])
             else:
                 orig_host, orig_query = urllib.splithost(self.host.orig_site[6:])
             # Add a trailing slash if necessary
             if self.host.orig_site.endswith('/'):
                 orig_url = self.host.orig_site
                 orig_dir = orig_query
             else:
                 orig_url = self.host.orig_site + '/'
                 orig_dir = orig_query + '/'
             return orig_url, orig_dir
         def get_orig_url(self):
             orig_url, orig_dir = self.get_orig_site_url_and_dir()
             return orig_url
         orig_url = property(get_orig_url)
         def get_orig_dir(self):
             orig_url, orig_dir = self.get_orig_site_url_and_dir()
             return orig_dir
         orig_dir = property(get_orig_dir)
         def get_cfg(self):
             return { 'reversed_directory': self.reversed_directory,
                      'old_auth_url': self.old_auth_url,
                      'new_auth_url': self.new_auth_url,
                      'old_logout_url': self.old_logout_url,
                      'new_logout_url': self.new_logout_url,
                      'orig_url': self.orig_url,
                      'orig_dir': self.orig_dir }
         cfg = property(get_cfg)
         def write(self, conf_file):
             conf_lines = []
             # Start Location
             conf_lines.append('\n\t<Location %(reversed_directory)s>' % self.cfg)
             # No user restriction
             conf_lines.append('Allow from all')
             # Apache output filters
             if self.python_path:
                 conf_lines.append(self.python_path)
             if self.output_filters:
                 conf_lines.append(self.output_filters)
             # Enable rewrite module
             if self.old_auth_url is not None or self.old_logout_url is not None:
                 conf_lines.append('RewriteEngine On')
             # Redirect old authentication url to the new one
             if self.old_auth_url is not None and self.host.auth_form_places == 'form_once':
                 conf_lines.append(
                     'RewriteRule         %(old_auth_url)s    %(new_auth_url)s  [R]' % self.cfg)
             # Redirect old logout url to the new one
             if self.old_logout_url is not None:
                 conf_lines.append(
                     'RewriteRule         %(old_logout_url)s    %(new_logout_url)s  [R]' % self.cfg)
             # Redirect the home page to the login page
             if self.host.redirect_root_to_login is True:
                 conf_lines.append('RewriteRule         /$        %(new_auth_url)s  [R]' % self.cfg)
             # Convert urls in http headers to/from the new domain
             conf_lines.append('ProxyPass           %(orig_url)s' % self.cfg)
             conf_lines.append('ProxyPassReverse    %(orig_url)s' % self.cfg)
             # Convert urls in html pages to/from the new domain
             conf_lines.append('ProxyHTMLURLMap     %(orig_dir)s     %(reversed_directory)s' % self.cfg)
             conf_lines.append('ProxyHTMLURLMap     %(orig_url)s    %(reversed_directory)s' % self.cfg)
             # Write it all and close the Location
             conf_file.write('\n\t\t'.join(conf_lines))
             conf_file.write('\n\t</Location>\n')

     from quixote import get_response, redirect
     from quixote.directory import Directory
     from qommon.form import *
     from field_prefill import FieldPrefill
     from menu import html_top, command_icon
     class FieldUI:
         def __init__(self, field_prefill):
             self.field_prefill = field_prefill
         def form_edit(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'name', title = _('Field name'), required = True,
                 size = 50, value = self.field_prefill.name)
             form.add(StringWidget, 'xpath', title = _('Xpath of the attribute'), required = True,
                 size = 50, value = self.field_prefill.xpath, hint=_('Example: /pp:PP/pp:InformalName'))
             form.add(IntWidget, 'number', title = _('Number of the field in the data'), required = True,
                 size = 3, value = self.field_prefill.number,
                 hint=_('Change it if there are multiple fields corresponding to the same Xpath and you want to get another than the first one'))
             form.add(CheckboxWidget, 'raw_xml', title=_('Get raw XML value'),
                 value = self.field_prefill.raw_xml)
             form.add(StringWidget, 'regexp_match', title = _('Python regexp of a string to match'),
                 size = 50, value = self.field_prefill.regexp_match)
             form.add(StringWidget, 'regexp_replacing', title = _('Python regexp of the replacing string'),
                 size = 50, value = self.field_prefill.regexp_replacing)
             form.add(WidgetDict, 'select_options', title = _('Options mapping for a select field'),
                     value = self.field_prefill.select_options, add_element_label = _('Add item'))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_edit(self, form):
             for f in ('name', 'xpath', 'number', 'raw_xml',  'regexp_match', 'regexp_replacing', 'select_options'):
                 widget = form.get_widget(f)
                 setattr(self.field_prefill, f, widget.parse())
             self.field_prefill.store()
     class FieldPage(Directory):
         _q_exports = ['', 'delete']
         def __init__(self, field_id):
             self.field_prefill = FieldPrefill.get(field_id)
             self.field_ui = FieldUI(self.field_prefill)
             get_response().breadcrumb.append((field_id + '/', field_id))
         def _q_index [html] (self):
             form = self.field_ui.form_edit()
             redo = False
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if form.get_widget('select_options') and form.get_widget('select_options').get_widget('add_element').parse():
                 form.clear_errors()
                 redo = True
             if redo is False and form.is_submitted() and not form.has_errors():
                 self.field_ui.submit_edit(form)
                 return redirect('..')
             get_response().breadcrumb.append( ('edit', _('Edit')) )
             html_top('edit', title = _('Edit'))
             '<h2>%s</h2>' % _('Edit')
             form.render()
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this field.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('delete_form', title = _('Delete Field'))
                 '<h2>%s : %s</h2>' % (_('Delete Field'), self.field_prefill.id)
                 form.render()
             else:
                 self.field_prefill.remove_self()
                 return redirect('..')
     class FieldsDirectory(Directory):
         _q_exports = ['', 'new']
         def __init__(self, form_prefill):
             get_response().breadcrumb.append(('fields/', _('Fields')))
             self.form_prefill = form_prefill
         def _q_lookup(self, component):
             return FieldPage(component)
         def _q_index [html] (self):
             html_top('fields', title = _('Fields'))
             """<ul id="nav-fields-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Field')
             '<ul class="biglist">'
             for field_prefill in FieldPrefill.select(lambda x: x.form_id == self.form_prefill.id):
                 if not field_prefill.name:
                     continue
                 # Split too long xpath
                 xpath = field_prefill.xpath
                 xpath_tokens = xpath.split(str('/'))
                 if len(xpath_tokens) > 3:
                     xpath = str('.../') + str('/').join(xpath_tokens[-3:])
                 '<li>'
                 '<strong class="label">%s</strong>' % field_prefill.name
                 '<br />%s' % xpath
                 '<p class="commands">'
                 command_icon('%s/' % field_prefill.id, 'edit')
                 command_icon('%s/delete' % field_prefill.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append(('new', _('New')) )
             field_prefill = FieldPrefill()
             field_prefill.form_id = self.form_prefill.id
             field_prefill.store()
             return redirect('%s/' % field_prefill.id)

     from quixote import get_response, redirect
     from quixote.directory import Directory
     from qommon.form import *
     from form_prefill import FormPrefill
     from fields_prefill import FieldsDirectory
     from menu import html_top, command_icon
     class FormUI:
         def __init__(self, form_prefill):
             self.form_prefill = form_prefill
         def form_edit(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'name', title = _('Form name'), required = True,
                 size = 50, value = self.form_prefill.name, hint=_('Only used for display'))
             form.add(UrlWidget, 'url', title = _('Form address'), required = True,
                 size = 50, value = self.form_prefill.url)
             form.add(StringWidget, 'profile', title = _('ID-WSF data profile'), required = True,
                 size = 50, value = self.form_prefill.profile, hint=_('Example: urn:liberty:id-sis-pp:2005-05'))
             form.add(StringWidget, 'prefix', title = _('ID-WSF data XML prefix'), required = True,
                 size = 50, value = self.form_prefill.prefix, hint=_('Example: pp'))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_edit(self, form):
             for f in ('name', 'url', 'profile', 'prefix'):
                 widget = form.get_widget(f)
                 setattr(self.form_prefill, f, widget.parse())
             self.form_prefill.store()
     class FormPage(Directory):
         _q_exports = ['', 'edit', 'delete']
         def __init__(self, form_id):
             self.form_prefill = FormPrefill.get(form_id)
             self.form_ui = FormUI(self.form_prefill)
             get_response().breadcrumb.append((form_id + '/', form_id))
         def _q_index [html] (self):
             html_top('forms_prefill', title = 'Form prefilling')
             '<h2>%s</h2>' % _('Form prefilling configuration')
             '<dl>'
             '<dt><a href="edit">%s</a></dt> <dd>%s</dd>' % (
                     _('Edit'), _('Configure this form'))
             '<dt><a href="fields/">%s</a></dt> <dd>%s</dd>' % (
                     _('Fields'), _('Configure the fields of this form'))
             '</dl>'
         def _q_lookup(self, component):
             if component == 'fields':
                 return FieldsDirectory(self.form_prefill)
         def edit [html] (self):
             form = self.form_ui.form_edit()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if form.is_submitted() and not form.has_errors():
                 self.form_ui.submit_edit(form)
                 return redirect('.')
             get_response().breadcrumb.append( ('edit', _('Edit')) )
             html_top('edit', title = _('Edit'))
             '<h2>%s</h2>' % _('Edit')
             form.render()
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this form.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('delete_form', title = _('Delete Form'))
                 '<h2>%s : %s</h2>' % (_('Delete Form'), self.form_prefill.id)
                 form.render()
             else:
                 self.form_prefill.remove_self()
                 return redirect('..')
     class FormsDirectory(Directory):
         _q_exports = ['', 'new']
         def __init__(self, host):
             get_response().breadcrumb.append(('forms_prefill/', _('Forms')))
             self.host = host
         def _q_lookup(self, component):
             return FormPage(component)
         def _q_index [html] (self):
             html_top('forms', title = _('Forms'))
             """<ul id="nav-forms-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Form')
             '<ul class="biglist">'
             for form_prefill in FormPrefill.select(lambda x: x.host_id == self.host.id):
                 if not form_prefill.name:
                     continue
                 '<li>'
                 '<strong class="label">%s</strong>' % form_prefill.name
                 url = form_prefill.url
                 '<br /><a href="%s">%s</a>' % (url, url)
                 '<p class="commands">'
                 command_icon('%s/' % form_prefill.id, 'edit')
                 command_icon('%s/delete' % form_prefill.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append(('new', _('New')) )
             form_prefill = FormPrefill()
             form_prefill.host_id = self.host.id
             form_prefill.store()
             return redirect('%s/edit' % form_prefill.id)

     import os
     import urllib
     import urlparse
     from quixote import redirect, get_request, get_response, get_publisher
     from quixote.directory import Directory
     import lasso
     from larpe.qommon import get_cfg
     from larpe.qommon.form import *
     from larpe.qommon.misc import http_get_page, get_abs_path
     import site_authentication
     from larpe import errors
     from larpe import misc
     from larpe.hosts import Host
     from larpe.admin.liberty_utils import *
     #from larpe.filter import filter_misc
     from larpe.admin.apache import write_apache2_vhosts
     from larpe.admin.forms_prefill import FormsDirectory
     from menu import *
     def check_basic_configuration(form):
         get_publisher().reload_cfg()
         # Check reversed_hostname and reversed_directory
         reversed_hostname = form.get_widget('reversed_hostname').parse()
         reversed_directory = form.get_widget('reversed_directory').parse()
         if reversed_hostname == get_publisher().cfg['proxy_hostname'] and not reversed_directory:
             form.set_error('reversed_hostname',
                 _('You must either choose a different hostname from Larpe or specify a reversed directory'))
     def check_minimal_configuration(form):
         # Check auth_url and auth_form_page_url
         auth_url = form.get_widget('auth_url').parse()
         auth_form_page_url = form.get_widget('auth_form_page_url').parse()
         if auth_url and auth_form_page_url:
             form.set_error('auth_form_page_url',
                 _('"Authentication page" and "Authentication form page" are incompatible. Only fill one of them.'))
     def convert_label_to_name(label):
         '''Build host name from host label'''
         name = label.lower()
         invalid_characters = [' ', "'"]
         for char in invalid_characters:
             name = name.replace(char, '_')
         return name
     class DictWidget(Widget):
         def render_content [html] (self):
             self.render_br = False
             if self.value['enabled'] is True:
                 htmltag('input', xml_end=True, type='checkbox', name=self.name + '_enabled', checked='checked')
             else:
                 htmltag('input', xml_end=True, type='checkbox', name=self.name + '_enabled')
             ' ' + self.name + ' &nbsp;'
             htmltag('input', xml_end=True, type='text', name=self.name, value=self.value['value'], size='35', **self.attrs)
         def _parse(self, request):
             enabled = request.form.get(self.name + '_enabled')
             value = request.form.get(self.name)
             self.value = { 'enabled': enabled, 'value': value }
     class ConfigurationAssistant(Directory):
         _q_exports = ['start', 'check_new_address', 'modify_site_address_and_name', 'authentication_and_logout_adresses',
                       'check_auto_detected_configuration', 'credentials', 'check_authentication', 'send_authentication_request',
                       'see_authentication_response', 'see_response_html_page', 'authentication_success_criteria',
                       'modify_authentication_request', 'auth_request_post_parameters', 'auth_request_http_headers',
                       'sso_init_link', 'metadatas', 'check_full_configuration', 'advanced_options']
         def __init__(self, host):
             self.host = host
         def start [html] (self):
             # Check the global domain name has been previously set
             get_publisher().reload_cfg()
             if not get_cfg('domain_names') or not get_cfg('domain_names')[0]:
                 html_top('preamble', title=_('Need domain name configuration'))
                 return htmltext(_('Before configuring hosts, you must <a href="../../../settings/domain_names">setup a global domain name</a> in %(settings)s menu.') % { 'settings': _('Settings') })
             form = self.form_start()
             if form.get_widget('cancel').parse():
                 return redirect('../..')
             connection_failure = None
             if form.is_submitted() and not form.has_errors():
                 try:
                     self.submit_start_form(form)
                 except Exception, e:
                     connection_failure = e
                 else:
                     return redirect('check_new_address')
             html_top('step1', title=_('Step 1 - Basic configuration'))
             '<h2>%s</h2>' % _('Step 1 - Basic configuration')
             if connection_failure:
                 '<div class="errornotice">%s</div>' % connection_failure
             form.render()
         def form_start(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlWidget, 'orig_site', title = _('Original site root address'), required = True,
                     size = 50, value = self.host.orig_site,
                     hint = _('If your site address is http://test.org/index.php, put http://test.org/ here'))
             get_publisher().reload_cfg()
             if get_cfg('use_proxy'):
                 form.add(CheckboxWidget, 'use_proxy', title = _('Use a proxy'),
                         hint = _("Uncheck it if Larpe doesn't need to use the proxy to connect to this site"),
                         value = self.host.use_proxy)
             else:
                 form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                     _('If Larpe needs to use a proxy to connect to this site, you must first configure it in <a href="../../../settings/proxy">global proxy parameters</a>.')))
             form.add_submit('cancel', _('Cancel'))
             form.add_submit('submit', _('Next'))
             return form
         def submit_start_form(self, form):
             fields = ['orig_site']
             if get_cfg('use_proxy'):
                 fields += ['use_proxy']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             # If no proxy is setup yet, set use_proxy to False for new hosts in case a proxy is later configured
             if not get_cfg('use_proxy'):
                 self.host.use_proxy = False
             # Remove what is after the last '/'
             #self.host.orig_site = '/'.join(self.host.orig_site.split('/')[:-1])
             html_page = self.get_data_after_redirects(self.host.orig_site)
             if not self.host.label:
                 # Look for html title in original site index page
                 regexp = re.compile("""<title.*?>(.*?)</title>""", re.DOTALL | re.IGNORECASE)
                 title = regexp.findall(html_page)
                 if title:
                     self.host.label = title[0]
                 else:
                     self.host.label = 'Untitled'
                 # If another site already uses this site title, add trailings "_" until we find an available name
                 existing_label = True
                 while existing_label is True:
                     for any_host in Host.select():
                         if any_host.id != self.host.id and self.host.label == any_host.label:
                             self.host.label += '_'
                             break
                     else:
                         existing_label = False
                 # Fill host.name attribute
                 self.host.name = convert_label_to_name(self.host.label)
             if not self.host.scheme:
                 # Get tokens from orig site url
                 orig_scheme, rest = urllib.splittype(self.host.orig_site)
                 orig_host, rest = urllib.splithost(rest)
                 get_publisher().reload_cfg()
                 # Set url scheme (HTTP or HTTPS)
                 # TODO: Handle the option "Both"
                 if get_cfg('sites_url_scheme'):
                     self.host.scheme = get_cfg('sites_url_scheme')
                 else:
                     self.host.scheme = orig_scheme
             if not self.host.reversed_hostname:
                 # Build a new domain name
                 short_name = orig_host.split('.')[0]
                 if short_name == 'www':
                     short_name = orig_host.split('.')[1]
                 self.host.reversed_hostname = '%s.%s' % (short_name, get_cfg('domain_names')[0])
                 # If another site already uses this domain name, add some trailing "_" until we find an available name
                 existing_domain = True
                 while existing_domain is True:
                     for any_host in Host.select():
                         if any_host.id != self.host.id and self.host.reversed_hostname == any_host.reversed_hostname:
                             self.host.reversed_hostname += '-'
                             break
                     else:
                         existing_domain = False
                 self.host.reversed_directory = None
             if not self.host.new_url:
                 # New url for this host
                 self.host.new_url = '%s://%s%s/' % (self.host.scheme, self.host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                 # FIXME: Check if the new domain name already exists
                 # New url for this host
                 #        self.host.new_url = '%s://%s%s/' % (self.host.scheme, self.host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                 #        if self.host.reversed_directory is not None:
                 #            self.host.new_url += '%s/' % self.host.reversed_directory
             self.host.store()
             write_apache2_vhosts()
         # XXX: Should use the FancyURLopener class instead when it supports proxies
         def get_data_after_redirects(self, start_url):
             if not start_url:
                 return ''
             status = 302
             location = None
             while status // 100 == 3:
                 if location is None:
                     url = start_url
                 elif location.startswith('http'):
                     # Location is an absolute path
                     url = location
                 else:
                     # Location is a relative path
                     url = urlparse.urljoin(start_url, location)
                 response, status, data, auth_headers = http_get_page(url, use_proxy=self.host.use_proxy)
                 location = response.getheader('Location', None)
             return data
         def create_dirs(self):
             # Hack : sites must use the configuration which is stored in main Larpe directory,
             # but they need to have a directory named with their hostname, which will contain the
             # main domain name for Larpe so they know where is the main configuration
             hostname_dir = get_abs_path(os.path.join('..', self.host.reversed_hostname))
             if not os.path.exists(hostname_dir):
                 os.mkdir(hostname_dir)
             # Load the configuration from the main directory
             get_publisher().reload_cfg()
             # Write it in the site directory
             get_publisher().write_cfg(hostname_dir)
             # Storage directories
             if not self.host.reversed_directory:
                 reversed_dir = 'default'
             else:
                 reversed_dir = self.host.reversed_directory
             self.host.site_dir = \
                 os.path.join(get_publisher().app_dir, 'sp', self.host.reversed_hostname, reversed_dir)
             user_dir = os.path.join(self.host.site_dir, 'users')
             token_dir = os.path.join(self.host.site_dir, 'tokens')
             filter_dir = os.path.join(self.host.site_dir, 'filters')
             for dir in (self.host.site_dir, user_dir, token_dir, filter_dir):
                 if not os.path.isdir(dir):
                     os.makedirs(dir)
         def generate_ssl_keys(self):
             # Generate SSL keys
             private_key_path = os.path.join(self.host.site_dir, 'private_key.pem')
             public_key_path = os.path.join(self.host.site_dir, 'public_key.pem')
             if not os.path.isfile(private_key_path) or not os.path.isfile(public_key_path):
                 set_provider_keys(private_key_path, public_key_path)
             self.host.private_key = private_key_path
             self.host.public_key = public_key_path
         def generate_metadatas(self):
             metadata_cfg = {}
             # Organization name
             self.host.organization_name = self.host.label
             metadata_cfg['organization_name'] = self.host.organization_name
             # Base URL
             base_url = '%s://%s%s/liberty/%s/liberty' % (self.host.scheme,
                                                          self.host.reversed_hostname,
                                                          get_request().environ['SCRIPT_NAME'],
                                                          self.host.name)
             metadata_cfg['base_url'] = base_url
             self.host.base_url = base_url
             if lasso.SAML2_SUPPORT:
                 saml2_base_url = '%s://%s%s/liberty/%s/saml' % (self.host.scheme,
                                                              self.host.reversed_hostname,
                                                              get_request().environ['SCRIPT_NAME'],
                                                              self.host.name)
                 metadata_cfg['saml2_base_url'] = saml2_base_url
                 self.host.saml2_base_url = saml2_base_url
             # Provider Id
             provider_id = '%s/metadata' % base_url
             metadata_cfg['provider_id'] = provider_id
             self.host.provider_id = provider_id
             if lasso.SAML2_SUPPORT:
                 saml2_provider_id = '%s/metadata' % saml2_base_url
                 metadata_cfg['saml2_provider_id'] = saml2_provider_id
                 self.host.saml2_provider_id = saml2_provider_id
             # Read public key
             public_key = ''
             if self.host.public_key is not None and os.path.exists(self.host.public_key):
                 metadata_cfg['signing_public_key'] = open(self.host.public_key).read()
             # Write metadatas
             metadata_path = os.path.join(self.host.site_dir, 'metadata.xml')
             open(metadata_path, 'w').write(get_metadata(metadata_cfg))
             self.host.metadata = metadata_path
             if lasso.SAML2_SUPPORT:
                 saml2_metadata_path = os.path.join(self.host.site_dir, 'saml2_metadata.xml')
                 open(saml2_metadata_path, 'w').write(get_saml2_metadata(metadata_cfg))
                 self.host.saml2_metadata = saml2_metadata_path
         def check_new_address [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             if form.get_widget('cancel').parse():
                 return redirect('start')
             if form.is_submitted():
                 self.create_dirs()
                 if self.host.private_key is None:
                     self.generate_ssl_keys()
                 self.generate_metadatas()
                 self.host.store()
                 return redirect('authentication_and_logout_adresses')
             html_top('step2', title=_('Step 2 - Check the new site address works'))
             '<h2>%s</h2>' % _('Step 2 - Check the new site address works')
             htmltext(_('''\
     <p>Before opening the following link, ensure you have configured your DNS for this address. If you don't
     have a DNS server and you just want to test Larpe, add this domain name in the file "/etc/hosts".</p>
     <p>Then you can open this link in a new window or tab and see if your site is displayed. If it's ok,
     you can click the "%(next)s" button. Otherwise, click the "%(previous)s" button and check your settings.</p>
     ''') % {'next': _('Next'), 'previous': _('Previous')})
             '<p>'
             htmltext(_('The new address of this site is '))
             '<a href="%s">%s</a><br/>' % (self.host.new_url, self.host.new_url)
             htmltext(_('The name of this site is "%s".') % self.host.label)
             '</p><p>'
             htmltext(_('You can also <a href="modify_site_address_and_name">modify the address or the name of this site</a>'))
             '</p>'
             form.render()
         def modify_site_address_and_name [html] (self):
             form = self.form_modify_site_address_and_name()
             if form.get_widget('cancel').parse():
                 return redirect('check_new_address')
             if form.is_submitted() and not form.has_errors():
                 label = form.get_widget('label').parse()
                 name = convert_label_to_name(label)
                 for any_host in Host.select():
                     if any_host.id != self.host.id and name == any_host.name:
                         form.set_error('label', _('An host with the same name already exists'))
                         break
             if form.is_submitted() and not form.has_errors():
                 self.submit_modify_site_address_and_name_form(form)
                 return redirect('check_new_address')
             html_top('modify_site_address_and_name', title=_('Modify site address and name'))
             '<h2>%s</h2>' % _('Modify site address and name')
             form.render()
         def form_modify_site_address_and_name(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlWidget, 'new_url', title = _('Address'), required = True,
                     size = 50, value = self.host.new_url)
             form.add(StringWidget, 'label', title = _('Name'), required = True,
                     size = 50, value = self.host.label)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_modify_site_address_and_name_form(self, form):
             fields = ['new_url', 'label']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             # Split url to retrieve components
             tokens = urlparse.urlparse(self.host.new_url)
             self.host.scheme = tokens[0]
             self.host.reversed_hostname = tokens[1]
             self.host.reversed_directory = tokens[2]
             if self.host.reversed_directory.startswith('/'):
                 self.host.reversed_directory = self.host.reversed_directory[1:]
             # Fill host.name attribute
             self.host.name = convert_label_to_name(self.host.label)
             self.host.store()
             write_apache2_vhosts()
         def authentication_and_logout_adresses [html] (self):
             form = self.form_authentication_and_logout_adresses()
             if form.get_widget('cancel').parse():
                 return redirect('check_new_address')
             if form.is_submitted() and not form.has_errors():
                 self.submit_authentication_and_logout_adresses_form(form)
                 return redirect('check_auto_detected_configuration')
             html_top('step3', title=_('Step 3 - Configure authentication and logout pages'))
             '<h2>%s</h2>' % _('Step 3 - Configure authentication and logout pages')
             form.render()
         def form_authentication_and_logout_adresses(self):
             form = Form(enctype='multipart/form-data')
             form.add(ValidUrlWidget, 'auth_url', title = _('Authentication form page address'),
                     hint = _('Address of a page on the site which contains the authentication form'),
                     required = True, size = 50, value = self.host.auth_url)
             form.add(ValidUrlWidget, 'logout_url', title = _('Logout address'), required = False,
                     hint = _('Address of the logout link on the site'),
                     size = 50, value = self.host.logout_url)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             return form
         def submit_authentication_and_logout_adresses_form(self, form):
             fields = ['auth_url', 'logout_url']
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             self.host.auth_form_url = self.host.auth_url
             if not self.host.http_headers:
                 self.host.http_headers = {
                     'Content-Type': { 'enabled': True, 'value': 'application/x-www-form-urlencoded', 'immutable': False },
                     'X-Forwarded-For': { 'enabled': True, 'value': _('(computed automatically)'), 'immutable': True },
                     'X-Forwarded-Host': { 'enabled': True, 'value': self.host.reversed_hostname, 'immutable': False },
+                }
             self.auto_detect_configuration()
             self.host.store()
             write_apache2_vhosts()
         def check_auto_detected_configuration [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             if form.get_widget('cancel').parse():
                 return redirect('authentication_and_logout_adresses')
             if form.is_submitted():
                 return redirect('credentials')
             html_top('step4', title=_('Step 4 - Check automatically detected configuration for the authentication form'))
             '<h2>%s</h2>' % _('Step 4 - Check automatically detected configuration for the authentication form')
             host_attrs = (
                 ('auth_check_url', _('Address where the authentication form must be sent')),
                 ('login_field_name', _('Name of the login field')),
                 ('password_field_name', _('Name of the password field')),
+            )
             html_fields = ''
             success = True
             for attr, name in host_attrs:
                 color = 'black'
                 if attr in ('auth_check_url', 'login_field_name', 'password_field_name') and \
                         not getattr(self.host, str(attr)):
                     color = 'red'
                     success = False
                 html_fields += '<div style="margin-bottom: 0.1em; font-weight: bold; color: %s;">%s</div>' % (color, name)
                 html_fields += '<div style="margin-left: 1em; margin-bottom: 0.3em; color: %s;">%s</div>' % \
                     (color, getattr(self.host, str(attr)))
                 if getattr(self.host, str(attr)) == '':
                     html_fields += '<br />'
             '<p>'
             if success:
                 htmltext(_('''\
     The following authentication form parameters have been detected. If they look right, you can go to the next step.
     If you think they are wrong, go back and check your settings then try again.
     '''))
             else:
                 htmltext(_('''\
     The following authentication form parameters in red haven't been correctly detected. Go back and check
     your settings then try again.
     '''))
             '</p>'
             html_fields
             form.render()
         def credentials [html] (self):
             form = self.form_credentials()
             if form.get_widget('cancel').parse():
                 return redirect('check_auto_detected_configuration')
             if form.is_submitted() and not form.has_errors():
                 self.submit_credentials_form(form)
                 return redirect('send_authentication_request')
             html_top('step5', title=_('Step 5 - Fill in a valid username/password for this site'))
             '<h2>%s</h2>' % _('Step 5 - Fill in a valid username/password for this site')
             form.render()
         def form_credentials(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'username', title = _('Username'), required = True,
                     size = 30, value = self.host.valid_username)
             form.add(PasswordWidget, 'password', title = _('Password'), required = True,
                     size = 30, value = self.host.valid_password)
             for name, values in self.host.select_fields.iteritems():
                 options = []
                 if values:
                     for value in values:
                         options.append(value)
                     form.add(SingleSelectWidget, name, title = name.capitalize(),
                         value = values[0], options = options)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             return form
         def submit_credentials_form(self, form):
             self.host.valid_username = form.get_widget('username').parse()
             self.host.valid_password = form.get_widget('password').parse()
             self.host.valid_select = {}
             for name, values in self.host.select_fields.iteritems():
                 if form.get_widget(name):
                     self.host.valid_select[name] = form.get_widget(name).parse()
             self.host.store()
         def send_authentication_request(self):
             site_auth = site_authentication.get_site_authentication(self.host)
             self.host.auth_request_status, self.host.auth_request_data = site_auth.local_auth_check_dispatch(
                 self.host.valid_username, self.host.valid_password, self.host.valid_select)
             self.host.auth_request_success, self.host.auth_request_return_content = \
                 site_auth.check_auth(self.host.auth_request_status, self.host.auth_request_data)
             self.host.store()
             return redirect('check_authentication')
         def check_authentication [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             if form.get_widget('cancel').parse():
                 return redirect('credentials')
             if form.is_submitted():
                 return redirect('sso_init_link')
             html_top('step6', title=_('Step 6 - Check the authentication process'))
             '<h2>%s</h2>' % _('Step 6 - Check the authentication process')
             if self.host.auth_request_success:
                 htmltext(_('''<p>Authentication succeeded ! You can go to the next step.</p>'''))
             else:
                 htmltext(_('''\
     <p>Authentication has failed. To resolve this problem, you can :</p>
     <ul>
     <li><a href="send_authentication_request">Try authentication again</a></li>
     <li><a href="see_authentication_response">See the response of the authentication request from the site</a></li>
     <li><a href="modify_authentication_request">Modify the parameters of the authentication request</a></li>
     <li><a href="authentication_success_criteria">Change the way Larpe detects the authentication is successful or not</a></li>
     <li>Go back and change your username and/or password</li>
     </ul>
     '''))
             form.render()
         def see_authentication_response [html] (self):
             html_top('see_authentication_response', title=_('Authentication response'))
             '<h2>%s</h2>' % _('Authentication response')
             color = str('black')
             name = str(_('HTTP status code'))
             '<div style="margin-bottom: 0.1em; font-weight: bold; color: %s;">%s</div>' % (color, name)
             '<div style="margin-left: 1em; margin-bottom: 0.3em; color: %s;">%s (%s)</div>' % \
                         (color, self.host.auth_request_status, status_reasons[self.host.auth_request_status])
             '<dl>'
             '<dt><a href="see_response_html_page">%s</a></dt>' % _('See HTML page')
             '</dl>'
             '<div class="buttons"><a href="check_authentication"><input type="button" value="%s" /></a></div><br />' % _('Back')
         def see_response_html_page (self):
             return self.host.auth_request_data
         def authentication_success_criteria [html] (self):
             form = self.form_authentication_success_criteria()
             if form.get_widget('cancel').parse():
                 return redirect('check_authentication')
             if form.is_submitted() and not form.has_errors():
                 self.submit_authentication_success_criteria_form(form)
                 return redirect('check_authentication')
             html_top('authentication_success_criteria', title=_('Criteria of authentication success'))
             '<h2>%s</h2>' % _('Criteria of authentication success')
             form.render()
         def form_authentication_success_criteria(self):
             form = Form(enctype='multipart/form-data')
             form.add(RadiobuttonsWidget, 'auth_system', title = _('Authentication system of the original site'),
                     options=[
                         ('password', _('Check the existence of a password field'), 'password'),
                         ('match_text', _('Match some text to detect an authentication failure'), 'match_text'),
                     ],
                     sort=False,
                     delim=htmltext('<br />'),
                     value = self.host.auth_system)
             form.add(RegexStringWidget, 'auth_match_text', title = _('Text to match in case of authentication failure'),
                     required = False, size = 50, value = self.host.auth_match_text)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_authentication_success_criteria_form(self, form):
             for f in ('auth_system', 'auth_match_text'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             self.host.store()
         def modify_authentication_request [html] (self):
             html_top('modify_authentication_request', title=_('Modify the parameters of the authentication request'))
             '<h2>%s</h2>' % _('Modify the parameters of the authentication request')
             '<dl>'
             '<dt><a href="auth_request_post_parameters">%s</a></dt> <dd>%s</dd>' % (
                     _('Modify POST parameters'), _('Configure the form attributes that will be sent within the authentication POST requests'))
             '<dt><a href="auth_request_http_headers">%s</a></dt> <dd>%s</dd>' % (
                     _('Modify HTTP headers'), _('Configure the HTTP headers of the authentication requests made by Larpe'))
             '</dl>'
             '<div class="buttons"><a href="check_authentication"><input type="button" value="%s" /></a></div><br />' % _('Back')
         def auth_request_post_parameters [html] (self):
             form = self.form_auth_request_post_parameters()
             if form.get_widget('cancel').parse():
                 return redirect('modify_authentication_request')
             if form.is_submitted() and not form.has_errors():
                 self.submit_auth_request_post_parameters_form(form)
                 return redirect('modify_authentication_request')
             html_top('auth_request_post_parameters', title=_('Configure POST parameters'))
             '<h2>%s</h2>' % _('Configure POST parameters')
             '<p>'
             htmltext(_('''Here are the detected form fields that will be sent as parameters of the authentication POST
      request. You can desactivate some or all of them, or change their value.'''))
             '</p>'
             form.render()
         def form_auth_request_post_parameters(self):
             form = Form(enctype='multipart/form-data')
             for name, value in self.host.post_parameters.iteritems():
                 if value['immutable']:
                     form.add(DictWidget, name, value, disabled = 'disabled')
                 else:
                     form.add(DictWidget, name, value)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_auth_request_post_parameters_form(self, form):
             for name, old_value in self.host.post_parameters.iteritems():
                 value = form.get_widget(name).parse()
                 if value['enabled'] == 'on':
                     old_value['enabled'] = True
                 else:
                     old_value['enabled'] = False
                 if old_value['immutable'] is False:
                     old_value['value'] = value['value']
                 self.host.post_parameters[name] = old_value
             self.host.store()
         def auth_request_http_headers [html] (self):
             form = self.form_auth_request_http_headers()
             if form.get_widget('cancel').parse():
                 return redirect('modify_authentication_request')
             if form.is_submitted() and not form.has_errors():
                 self.submit_auth_request_http_headers_form(form)
                 return redirect('modify_authentication_request')
             html_top('auth_request_http_headers', title=_('Configure HTTP headers'))
             '<h2>%s</h2>' % _('Configure HTTP headers')
             '<p>'
             htmltext(_('''Here are the HTTP headers that will be sent within the authentication POST
      request. You can desactivate some or all of them, or change their value.'''))
             '</p>'
             form.render()
         def form_auth_request_http_headers(self):
             form = Form(enctype='multipart/form-data')
             for name, value in self.host.http_headers.iteritems():
                 if value['immutable']:
                     form.add(DictWidget, name, value, disabled = 'disabled')
                 else:
                     form.add(DictWidget, name, value)
             form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                 _('The headers "Host", "Accept-Encoding" and "Content-Length" will also automatically be sent.')))
             if get_cfg('use_proxy') and self.host.use_proxy:
                 form.add(HtmlWidget, htmltext('<p>%s</p>' % \
                     _('As Larpe uses a proxy for this site, the headers "Proxy-Authorization", "Proxy-Connection" and "Keep-Alive" will be sent as well.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_auth_request_http_headers_form(self, form):
             for name, old_value in self.host.http_headers.iteritems():
                 value = form.get_widget(name).parse()
                 if value['enabled'] == 'on':
                     old_value['enabled'] = True
                 else:
                     old_value['enabled'] = False
                 if old_value['immutable'] is False:
                     old_value['value'] = value['value']
                 self.host.http_headers[name] = old_value
             self.host.store()
         def generate_apache_filter (self):
             # Set Python filter path for Apache configuration
             if not hasattr(self.host, 'apache_python_paths'):
                 self.host.apache_python_paths = []
             python_path = os.path.join(self.host.site_dir, 'filters')
             if python_path not in self.host.apache_python_paths:
                 self.host.apache_python_paths.append(python_path)
             # Write Python filter
             python_file = open(os.path.join(self.host.site_dir, 'filters', 'output_replace_form.py'), 'w')
             python_file.write(open(os.path.join(get_publisher().data_dir, 'output_filter_base.py'), 'r').read())
             python_file.write('''\
     def filter_page(filter, page):
         current_form = re.compile('<form .*?action="%(auth_form_action)s".*?>.*?</form>', re.DOTALL)
         return current_form.sub('<form method="post" action="/liberty/%(name)s/login"><input type="submit" value="Connexion" /></form>', page)
     ''' % { 'auth_form_action': self.host.auth_form_action, 'name': self.host.name })
             python_file.close()
             # Set Python filter for Apache configuration
             if not hasattr(self.host, 'apache_output_python_filters'):
                 self.host.apache_output_python_filters = []
             if not 'output_replace_form' in self.host.apache_output_python_filters:
                 self.host.apache_output_python_filters.append('output_replace_form')
         def sso_init_link [html] (self):
             form = self.form_sso_init_link()
             if form.get_widget('cancel').parse():
                 return redirect('check_authentication')
             if form.is_submitted() and not form.has_errors():
                 self.submit_sso_init_link_form(form)
                 return redirect('metadatas')
             html_top('step7', title=_('Step 7 - Configure how a Single Sign On can be initiated'))
             '<h2>%s</h2>' % _('Step 7 - Configure how a Single Sign On can be initiated')
             '<p>'
             htmltext(_('''\
     Most sites use one of the following 2 ways to allow users to initialise an authentication :
     <ol>
     <li>The site has a single authentication page. It redirects users to this page when they click a "Login" button or try to access a page which require users to be authenticated.</li>
     <li>The site includes an authentication form in most or all of his pages. Users can authenticate on any of these pages, and don't need to be redirected to a separate authentication page.</li>
     </ol>'''))
             '</p>'
             '<p>'
             htmltext(_('''\
     Larpe needs to change this part of the site in a different way depending on the usual way the site works. It can either :
     <ol>
     <li>Redirect the user to the Single Sign On url instead of the previous authentication page.</li>
     <li>Replace the form included in pages with a simple button. When users press this button, they will be redirected to the Single Sign On url.</li>
     </ol>'''))
             '</p>'
             form.render()
         def form_sso_init_link(self):
             form = Form(enctype='multipart/form-data')
             form.add(RadiobuttonsWidget, 'auth_form_places', title = _('Authentication page or form'),
                     options=[
                         ('form_once', _('The site has a single authentication page'), 'form_once'),
                         ('form_everywhere', _('The site includes an authentication form in most or all pages'), 'form_everywhere'),
                     ],
                     sort=False, required = True, delim=htmltext('<br />'), value = self.host.auth_form_places)
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             return form
         def submit_sso_init_link_form(self, form):
             fields = [ 'auth_form_places', ]
             for f in fields:
                 setattr(self.host, f, form.get_widget(f).parse())
             self.host.auth_form_url = self.host.auth_url
             if self.host.auth_form_places == 'form_everywhere' and self.host.auth_form_action:
                 self.generate_apache_filter()
             else:
                 if hasattr(self.host, 'apache_output_python_filters'):
                     del self.host.apache_output_python_filters
             # Add mod proxy html
             # TODO: add an option somewhere to disable it
             if not hasattr(self.host, 'apache_output_filters'):
                 self.host.apache_output_filters = []
             if 'proxy-html' not in self.host.apache_output_filters:
                 self.host.apache_output_filters.append('proxy-html')
             self.host.store()
             write_apache2_vhosts()
         def metadatas [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Next'))
             if form.get_widget('cancel').parse():
                 return redirect('sso_init_link')
             if form.is_submitted():
                 return redirect('check_full_configuration')
             html_top('step8', title=_('Step 8 - Configure the site metadatas on your identity provider'))
             '<h2>%s</h2>' % _('Step 8 - Configure the site metadatas on your identity provider')
             '<p>'
             htmltext(_('''Download the metadatas and the public key for this site and
     upload them on your identity provider in order to use Liberty Alliance features'''))
             '</p>'
             '<dl>'
             if hasattr(self.host, str('base_url')):
                 if lasso.SAML2_SUPPORT:
                     saml2_metadata_url = '%s/metadata.xml' % self.host.saml2_base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                                 saml2_metadata_url,
                                 _('Service Provider SAML 2.0 Metadata'),
                                 _('Download Service Provider SAML 2.0 Metadata file'))
                 metadata_url = '%s/metadata.xml' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('Service Provider Metadata'),
                             _('Download Service Provider ID-FF 1.2 Metadata file'))
             else:
                 '<p>%s</p>' % _('No metadata has been generated for this host.')
             if hasattr(self.host, str('base_url')) and self.host.public_key and os.path.exists(self.host.public_key):
                 public_key_url = '%s/public_key' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             public_key_url,
                             _('Public key'),
                             _('Download Service Provider SSL Public Key file'))
             else:
                 '<p>%s</p>' % _('No public key has been generated for this host.')
             '</dl>'
             form.render()
         def check_full_configuration [html] (self):
             form = Form(enctype='multipart/form-data')
             form.add_submit('cancel', _('Previous'))
             form.add_submit('submit', _('Finish'))
             if form.get_widget('cancel').parse():
                 return redirect('metadatas')
             if form.is_submitted():
                 return redirect('../..')
             html_top('step9', title=_('Step 9 - Check everything works'))
             '<h2>%s</h2>' % _('Step 9 - Check everything works')
             '<p>'
             htmltext(_('''Now you can fully test your site, start from the home page, initiate a Single Sign On,
     federate your identities and do a Single Logout.'''))
             '</p>'
             '<p>'
             htmltext(_('The address of your site is : '))
             '<a href="%s">%s</a>' % (self.host.new_url, self.host.new_url)
             '</p>'
             '<p>'
             htmltext(_('''If everything works, click the "%(finish)s" button, otherwise you can go back and
     check your settings or <a href=advanced_options>configure some advanced options</a>.''')) % { 'finish': _('Finish') }
             '</p>'
             form.render()
         def advanced_options [html] (self):
             form = self.form_advanced_options()
             if form.get_widget('cancel').parse():
                 return redirect('check_full_configuration')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('advanced_options', _('Advanced options')) )
                 html_top('hosts', title = _('Advanced options'))
                 '<h2>%s</h2>' % _('Advanced options')
                 form.render()
             else:
                 self.submit_advanced_options_form(form)
                 return redirect('check_full_configuration')
         def form_advanced_options(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlOrAbsPathWidget, 'initiate_sso_url', title = _('URL which must initiate the SSO'),
                     hint = _('''Address which must initiate the SSO. If empty, defaults to the previously
     specified "%s"''') % _('Authentication form page address'),
                     required = False, size = 50, value = self.host.initiate_sso_url)
             form.add(CheckboxWidget, 'redirect_root_to_login',
                     title=_('Redirect the root URL of the site to the login page.'),
                     value = self.host.redirect_root_to_login)
             form.add(UrlOrAbsPathWidget, 'return_url', title = _('Return address'),
                     hint = _('Where the user will be redirected after a successful authentication'),
                     required = False, size = 50, value = self.host.return_url)
             form.add(UrlOrAbsPathWidget, 'root_url', title = _('Error address'),
                     hint = _('Where the user will be redirected after a disconnection or an error'),
                     required = False, size = 50, value = self.host.root_url)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_advanced_options_form(self, form):
             old_redirect_root_to_login = self.host.redirect_root_to_login
             for f in ('initiate_sso_url', 'redirect_root_to_login', 'return_url', 'root_url'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             self.host.store()
             if self.host.initiate_sso_url or self.host.redirect_root_to_login is not old_redirect_root_to_login:
                 write_apache2_vhosts()
         def auto_detect_configuration(self):
     #        """Guess other SP parameters"""
     #        if self.host.auth_url is not None:
     #            # Separate auth page
     #            self.host.auth_form_url = self.host.auth_url
     #        else:
     #            if self.host.auth_form_page_url is not None:
     #                # Auth form is not on index page
     #                self.host.auth_form_url = self.host.auth_form_page_url
     #            else:
     #                # Auth form is on index page
     #                self.host.auth_form_url = self.host.orig_site
             # Reset previous detected values
             self.host.auth_form = None
             self.host.auth_check_url = None
             self.host.login_field_name = None
             self.host.password_field_name = None
             if not self.host.post_parameters:
                 self.host.post_parameters = {}
             self.parse_page(self.host.auth_form_url)
         def parse_page(self, page_url):
             # Get the authentication page
             try:
                 response, status, page, auth_header = http_get_page(page_url, use_proxy=self.host.use_proxy)
             except Exception, msg:
                 print msg
                 return
             # Check if this site uses HTTP authentication
     #        if status == 401:
     #            if auth_header.startswith('Basic'):
     #                self.host.auth_mode = 'http_basic'
     #            else:
     #                self.host.auth_mode = 'unsupported'
     #            self.host.store()
     #            return
             if page is None:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to get page'), self.host.auth_form_url))
             # Default authentication mode
             self.host.auth_mode = 'form'
             self.host.site_authentication_plugin = site_authentication.guess_site_authentication_class(page)
             self.parse_frames(page)
             self.parse_forms(page)
             if self.host.auth_form is not None:
                 self.parse_form_action()
                 input_fields = self.parse_input_fields()
                 self.parse_login_field(input_fields)
                 self.parse_password_field(input_fields)
                 self.parse_select_fields(input_fields)
                 self.parse_other_fields(input_fields)
         def parse_frames(self, page):
             '''If there are frames, parse them recursively'''
             regexp = re.compile("""<frame.*?src=["'](.*?)["'][^>]*?>""", re.DOTALL | re.IGNORECASE)
             found_frames = regexp.findall(page)
             if found_frames:
                 for frame_url in found_frames:
                     if frame_url.startswith('http'):
                         frame_full_url = frame_url
                     else:
                         page_url_tokens = page_url.split('/')
                         page_url_tokens[-1] = frame_url
                         frame_full_url = '/'.join(page_url_tokens)
                     self.parse_page(frame_full_url)
         def parse_forms(self, page):
             '''Search for an authentication form'''
             # Get all forms
             regexp = re.compile("""<form.*?</form>""", re.DOTALL | re.IGNORECASE)
             found_forms = regexp.findall(page)
             if not found_forms:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to find any form'), self.host.auth_form_url))
             # Get the first form with a password field
             for found_form in found_forms:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 if regexp.search(found_form) is not None:
                     self.host.auth_form = found_form
                     break
         def parse_form_action(self):
             '''Get the action url of the form'''
             regexp = re.compile("""<form.*?action=["']?(.*?)["']?[\s>].*?>""", re.DOTALL | re.IGNORECASE)
             self.host.auth_form_action = regexp.findall(self.host.auth_form)[0]
             # FIXME: Find a Python module which unescapes html entities
             self.host.auth_check_url = self.host.auth_form_action.replace('&amp;', '&')
             if not self.host.auth_check_url.startswith('http'):
                 if self.host.auth_check_url.startswith('/'):
                     if self.host.orig_site.startswith('https'):
                         orig_site_root = 'https://%s' % urllib.splithost(self.host.orig_site[6:])[0]
                     else:
                         orig_site_root = 'http://%s' % urllib.splithost(self.host.orig_site[5:])[0]
                     self.host.auth_check_url = orig_site_root + self.host.auth_check_url
                 else:
                     auth_form_url_tokens = self.host.auth_form_url.split('/')
                     auth_form_url_tokens[-1] = self.host.auth_check_url
                     self.host.auth_check_url = '/'.join(auth_form_url_tokens)
         def parse_input_fields(self):
             '''Get all input fields'''
             regexp = re.compile("""<input[^>]*?>""", re.DOTALL | re.IGNORECASE)
             return regexp.findall(self.host.auth_form)
         def parse_login_field(self, input_fields):
             '''Get login field name'''
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?text["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 text_fields = regexp.findall(self.host.auth_form)
                 login_field = ''
                 if text_fields:
                     login_field = text_fields[0]
                 else:
                     for field in input_fields:
                         if re.search("""type=["']?""", field, re.DOTALL | re.IGNORECASE) is None:
                             login_field = field
                             break
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.login_field_name = regexp.findall(login_field)[0]
                 if not self.host.post_parameters.has_key(self.host.login_field_name):
                     self.host.post_parameters[self.host.login_field_name] = \
                         { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
                     self.host.store()
             except IndexError, e:
                 self.host.login_field_name = None
                 print 'Error handling login field : %s' % e
         def parse_password_field(self, input_fields):
             '''Get password field name'''
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 password_field = regexp.findall(self.host.auth_form)[0]
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.password_field_name = regexp.findall(password_field)[0]
                 if not self.host.post_parameters.has_key(self.host.password_field_name):
                     self.host.post_parameters[self.host.password_field_name] = \
                         { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
             except IndexError, e:
                 self.host.password_field_name = None
                 print 'Error handling password field : %s' % e
         def parse_select_fields(self, input_fields):
             '''Add select fields to host attributes'''
             # First added for Imuse (Rennes)
             regexp = re.compile("""<select.*?</select>""", re.DOTALL | re.IGNORECASE)
             self.host.select_fields = {}
             for field in regexp.findall(self.host.auth_form):
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""<option[^>]*?>.*?</option>""", re.DOTALL | re.IGNORECASE)
                     options = regexp.findall(field)
                     values = []
                     for option in options:
                         regexp = re.compile("""<option[^>]*?>(.*?)</option>""", re.DOTALL | re.IGNORECASE)
                         option_label = regexp.findall(option)
                         regexp = re.compile("""value=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                         option_value = regexp.findall(option)
                         if option_label:
                             if not option_value:
                                 option_value = option_label
                             values.append((option_value[0], option_label[0]))
                         else:
                             print >> sys.stderr, 'W: Could not parse select options'
                     self.host.select_fields[name] = values
                     if not self.host.post_parameters.has_key(name):
                         self.host.post_parameters[name] = \
                             { 'enabled': True, 'value': _('(filled by users)'), 'immutable': True }
                 except IndexError, e:
                     continue
         def parse_other_fields(self, input_fields):
             '''Get the default value of all other fields'''
             self.host.other_fields = {}
             # Get hidden fields
             regexp = re.compile("""<input[^>]*?type=["']?hidden["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             other_fields = regexp.findall(self.host.auth_form)
             # Only get first submit field
             regexp = re.compile("""<input[^>]*?type=["']?submit["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             found = regexp.findall(self.host.auth_form)
             if found:
                 if other_fields:
                     other_fields.append(found[0])
                 else:
                     other_fields = found[0]
             for field in other_fields:
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""value=["'](.*?)["'][\s/>]""", re.DOTALL | re.IGNORECASE)
                     value = regexp.findall(field)[0]
                     self.host.other_fields[name] = value
                     if not self.host.post_parameters.has_key(name):
                         self.host.post_parameters[name] = { 'enabled': True, 'value': value, 'immutable': False }
                 except IndexError, e:
                     continue
     class HostUI:
         def __init__(self, host):
             self.host = host
         def form_edit(self):
             # FIXME : homogeneise the size of the fields
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'label', title = _('Site name'), required = True,
                     size = 30, value = self.host.label)
             form.add(UrlWidget, 'orig_site', title = _('Original site root address'), required = True,
                     size = 50, value = self.host.orig_site)
             form.add(ValidUrlWidget, 'auth_url', title = _('Authentication page'),
                     hint = _('If there is a separate authentication page'),
                     required = False, size = 70, value = self.host.auth_url)
             form.add(ValidUrlWidget, 'auth_form_page_url',
                     title = _('Authentication form page'),
                     hint = _('If the authentication form is not in a separate page and not in the index page either'),
                     required = False, size = 70, value = self.host.auth_form_page_url)
             form.add(ValidUrlWidget, 'logout_url', title = _('Logout address'), required = False,
                     size = 70, value = self.host.logout_url)
             form.add(StringWidget, 'reversed_hostname', title = _('Reversed host name'),
                     size = 30, required = True, value = self.host.reversed_hostname)
             form.add(StringWidget, 'reversed_directory', title = _('Reversed directory'),
                     size = 30, required = False, value = self.host.reversed_directory)
             form.add(CheckboxWidget, 'use_ssl', title = _('Use SSL'),
                     hint = _('This only affects the connection between the browser and Larpe'),
                     value = self.host.use_ssl)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_edit_form(self, form):
             metadata_cfg = {}
             for f in ('label', 'orig_site', 'auth_url', 'auth_form_page_url', 'logout_url', 'reversed_hostname',
                         'reversed_directory', 'use_ssl'):
                 widget = form.get_widget(f)
                 setattr(self.host, f, widget.parse())
                 # Get the special use_proxy attribute if it exists
                 if hasattr(widget, 'use_proxy'):
                     self.host.use_proxy = widget.use_proxy
             self.host.organization_name = self.host.label
             metadata_cfg['organization_name'] = self.host.organization_name
             # Build host name from host label
             self.host.name = self.host.label.lower()
             invalid_characters = [' ', "'"]
             for char in invalid_characters:
                 self.host.name = self.host.name.replace(char, '_')
             # Set url scheme (ie protocol) according to SSL usage
             if self.host.use_ssl:
                 self.host.scheme = 'https'
             else:
                 self.host.scheme = 'http'
             # Liberty Alliance / SAML parameters
             base_url = '%s://%s%s/liberty/%s/liberty' % (self.host.scheme,
                                                          self.host.reversed_hostname,
                                                          get_request().environ['SCRIPT_NAME'],
                                                          self.host.name)
             metadata_cfg['base_url'] = base_url
             self.host.base_url = base_url
             if lasso.SAML2_SUPPORT:
                 saml2_base_url = '%s://%s%s/liberty/%s/saml' % (self.host.scheme,
                                                              self.host.reversed_hostname,
                                                              get_request().environ['SCRIPT_NAME'],
                                                              self.host.name)
                 metadata_cfg['saml2_base_url'] = saml2_base_url
                 self.host.saml2_base_url = saml2_base_url
             provider_id = '%s/metadata' % base_url
             metadata_cfg['provider_id'] = provider_id
             self.host.provider_id = provider_id
             if lasso.SAML2_SUPPORT:
                 saml2_provider_id = '%s/metadata' % saml2_base_url
                 metadata_cfg['saml2_provider_id'] = saml2_provider_id
                 self.host.saml2_provider_id = saml2_provider_id
             # Storage directories
             if self.host.reversed_directory is None:
                 reversed_dir = 'default'
             else:
                 reversed_dir = self.host.reversed_directory
             site_dir = os.path.join(get_publisher().app_dir, 'sp',
                         self.host.reversed_hostname, reversed_dir)
             user_dir = os.path.join(site_dir, 'users')
             token_dir = os.path.join(site_dir, 'tokens')
             for dir in (site_dir, user_dir, token_dir):
                 if not os.path.isdir(dir):
                     os.makedirs(dir)
             metadata_cfg['site_dir'] = site_dir
             self.host.site_dir = site_dir
             # Tweaking for larpe vhosts
             hostname_dir = get_abs_path(os.path.join('..', self.host.reversed_hostname))
             if not os.path.exists(hostname_dir):
                 os.mkdir(hostname_dir)
             # Load the configuration from the main directory
             get_publisher().reload_cfg()
             get_publisher().write_cfg(hostname_dir)
             # Generate SSL keys
             private_key_path = os.path.join(site_dir, 'private_key.pem')
             public_key_path = os.path.join(site_dir, 'public_key.pem')
             if not os.path.isfile(private_key_path) or not os.path.isfile(public_key_path):
                 set_provider_keys(private_key_path, public_key_path)
                 self.host.private_key = private_key_path
                 self.host.public_key = public_key_path
             # Read public key
             public_key = ''
             if self.host.public_key is not None and os.path.exists(self.host.public_key):
                 metadata_cfg['signing_public_key'] = open(self.host.public_key).read()
             # Write metadatas
             metadata_path = os.path.join(site_dir, 'metadata.xml')
             open(metadata_path, 'w').write(get_metadata(metadata_cfg))
             self.host.metadata = metadata_path
             if lasso.SAML2_SUPPORT:
                 saml2_metadata_path = os.path.join(site_dir, 'saml2_metadata.xml')
                 open(saml2_metadata_path, 'w').write(get_saml2_metadata(metadata_cfg))
                 self.host.saml2_metadata = saml2_metadata_path
             # Use default idps
     #        idp_dir = os.path.join(get_publisher().app_dir, 'idp')
     #        self.host.idps = os.listdir(idp_dir)
             self.host.store()
             for attr in ('auth_check_url', 'login_field_name', 'password_field_name'):
                 if not hasattr(self.host, attr) or not getattr(self.host, attr):
                     self.auto_detect_configuration()
                     break
             write_apache2_vhosts()
         def auto_detect_configuration(self):
             """Guess other SP parameters"""
             if self.host.auth_url is not None:
                 # Separate auth page
                 self.host.auth_form_url = self.host.auth_url
             else:
                 if self.host.auth_form_page_url is not None:
                     # Auth form is not on index page
                     self.host.auth_form_url = self.host.auth_form_page_url
                 else:
                     # Auth form is on index page
                     self.host.auth_form_url = self.host.orig_site
             # Reset previous detected values
             self.host.auth_form = None
             self.host.auth_check_url = None
             self.host.login_field_name = None
             self.host.password_field_name = None
             self.host.store()
             self.parse_page(self.host.auth_form_url)
         def parse_page(self, page_url):
             # Get the authentication page
             try:
                 response, status, page, auth_header = http_get_page(page_url, use_proxy=self.host.use_proxy)
             except Exception, msg:
                 print msg
                 return
             # Check if this site uses HTTP authentication
             if status == 401:
                 if auth_header.startswith('Basic'):
                     self.host.auth_mode = 'http_basic'
                 else:
                     self.host.auth_mode = 'unsupported'
                 self.host.store()
                 return
             if page is None:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to get page'), self.host.auth_form_url))
             self.host.site_authentication_plugin = site_authentication.guess_site_authentication_class(page)
             # If there are frames, parse them recursively
             regexp = re.compile("""<frame.*?src=["'](.*?)["'][^>]*?>""", re.DOTALL | re.IGNORECASE)
             found_frames = regexp.findall(page)
             if found_frames:
                 for frame_url in found_frames:
                     if frame_url.startswith('http'):
                         frame_full_url = frame_url
                     else:
                         page_url_tokens = page_url.split('/')
                         page_url_tokens[-1] = frame_url
                         frame_full_url = '/'.join(page_url_tokens)
                     self.parse_page(frame_full_url)
             # Default authentication mode
             self.host.auth_mode = 'form'
             # Get all forms
             regexp = re.compile("""<form.*?</form>""", re.DOTALL | re.IGNORECASE)
             found_forms = regexp.findall(page)
             if not found_forms:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to find any form'), self.host.auth_form_url))
             # Get the first form with a password field
             found = False
             for found_form in found_forms:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 if regexp.search(found_form) is not None:
                     self.host.auth_form = found_form
                     found = True
                     break
             if not found:
                 return
                 #raise FormError, ('auth_check_url', _('Failed to find the authentication form'))
             # If we found a form, search for all needed information
             # Get the action url of the form
             regexp = re.compile("""<form.*?action=["']?(.*?)["']?[\s>].*?>""", re.DOTALL | re.IGNORECASE)
             self.host.auth_check_url = regexp.findall(self.host.auth_form)[0]
             # FIXME : Find a module which unescapes html entities
             self.host.auth_check_url = self.host.auth_check_url.replace('&amp;', '&')
             if not self.host.auth_check_url.startswith('http'):
                 if self.host.auth_check_url.startswith('/'):
                     if self.host.orig_site.startswith('https'):
                         orig_site_root = 'https://%s' % urllib.splithost(self.host.orig_site[6:])[0]
                     else:
                         orig_site_root = 'http://%s' % urllib.splithost(self.host.orig_site[5:])[0]
                     self.host.auth_check_url = orig_site_root + self.host.auth_check_url
                 else:
                     auth_form_url_tokens = self.host.auth_form_url.split('/')
                     auth_form_url_tokens[-1] = self.host.auth_check_url
                     self.host.auth_check_url = '/'.join(auth_form_url_tokens)
             # Get all inputs
             regexp = re.compile("""<input[^>]*?>""", re.DOTALL | re.IGNORECASE)
             inputs = regexp.findall(self.host.auth_form)
             # Get login field name
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?text["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 text_fields = regexp.findall(self.host.auth_form)
                 login_field = ''
                 if text_fields:
                     login_field = text_fields[0]
                 else:
                     for field in inputs:
                         if re.search("""type=["']?""", field, re.DOTALL | re.IGNORECASE) is None:
                             login_field = field
                             break
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.login_field_name = regexp.findall(login_field)[0]
             except IndexError, e:
                 self.host.login_field_name = None
                 print 'Error handling login field : %s' % e
             # Get password field name
             try:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 password_field = regexp.findall(self.host.auth_form)[0]
                 regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                 self.host.password_field_name = regexp.findall(password_field)[0]
             except IndexError, e:
                 self.host.password_field_name = None
                 print 'Error handling password field : %s' % e
             # Get the default value of all other fields
             self.host.other_fields = {}
             # Get hidden and submit fields
             regexp = re.compile("""<input[^>]*?type=["']?(?:hidden|submit)["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             other_fields = regexp.findall(self.host.auth_form)
             for field in other_fields:
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""value=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     value = regexp.findall(field)[0]
                     self.host.other_fields[name] = value
                 except IndexError, e:
                     continue
             # Add select fields to host attributes
             # First added for Imuse (Rennes)
             regexp = re.compile("""<select.*?</select>""", re.DOTALL | re.IGNORECASE)
             self.host.select_fields = {}
             for field in regexp.findall(page):
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""<option[^>]*?>.*?</option>""", re.DOTALL | re.IGNORECASE)
                     options = regexp.findall(field)
                     values = []
                     for option in options:
                         regexp = re.compile("""value=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                         option_value = regexp.findall(option)
                         regexp = re.compile("""<option[^>]*?>(.*?)</option>""", re.DOTALL | re.IGNORECASE)
                         option_label = regexp.findall(option)
                         if option_value and option_label:
                             values.append((option_value[0], option_label[0]))
                     self.host.select_fields[name] = values
                 except IndexError, e:
                     continue
     #            print 'action : %s' % self.host.auth_check_url
     #            print 'login field : %s' % self.host.login_field_name
     #            print 'password field : %s' % self.host.password_field_name
     #            print 'other fields : %s' % self.host.other_fields
             self.host.store()
         def form_auto_detected_configuration(self):
             form = Form(enctype='multipart/form-data')
             form.add(RadiobuttonsWidget, 'auth_mode', title = _('Authentication mode'),
                     options=[
                         ('form', _('Form'), 'form'),
                         ('http_basic', _('HTTP Basic'), 'http_basic'),
                     ],
                     sort=False,
                     required = True,
                     value = self.host.auth_mode)
             form.add(ValidUrlWidget, 'auth_check_url', title = _('Address where the authentication form must be sent'),
                     required = False, size = 70, value = self.host.auth_check_url)
             form.add(StringWidget, 'login_field_name', title = _('Name of the login field'),
                     required = False, size = 30, value = self.host.login_field_name)
             form.add(StringWidget, 'password_field_name', title = _('Name of the password field'),
                     required = False, size = 30, value = self.host.password_field_name)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_auto_detected_configuration_form(self, form):
             for f in ('auth_mode', 'auth_check_url', 'login_field_name', 'password_field_name'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             # Ensure auth_check_url is a full url
             if 'auth_mode' == 'form':
                 if not self.host.auth_check_url.startswith('http'):
                     if self.host.auth_check_url.startswith('/'):
                         if self.host.orig_site.endswith('/'):
                             self.host.auth_check_url = self.host.orig_site + self.host.auth_check_url[1:]
                         else:
                             self.host.auth_check_url = self.host.orig_site + self.host.auth_check_url
                     else:
                         auth_form_url_tokens = self.host.auth_form_url.split('/')
                         auth_form_url_tokens[-1] = self.host.auth_check_url
                         self.host.auth_check_url = '/'.join(auth_form_url_tokens)
             self.host.store()
         def form_advanced_configuration(self):
             form = Form(enctype='multipart/form-data')
             form.add(UrlOrAbsPathWidget, 'return_url', title = _('Return address'),
                     hint = _('Where the user will be redirected after a successful authentication'),
                     required = False, size = 50, value = self.host.return_url)
             form.add(UrlOrAbsPathWidget, 'root_url', title = _('Error address'),
                     hint = _('Where the user will be redirected after a disconnection or an error'),
                     required = False, size = 50, value = self.host.root_url)
             form.add(CheckboxWidget, 'redirect_root_to_login',
                     title=_('Redirect the root url of the site to the login page.'),
                     value = self.host.redirect_root_to_login)
             form.add(CheckboxWidget, 'send_hidden_fields', title=_('Send authentication form hidden fields'),
                     value = self.host.send_hidden_fields)
             form.add(RadiobuttonsWidget, 'auth_system', title = _('Authentication system of the original site'),
                     options=[
                         ('password', _('Check the existence of a password field'), 'password'),
                         ('match_text', _('Match some text to detect an authentication failure'), 'match_text'),
                     ],
                     sort=False,
                     delim=htmltext('<br />'),
                     value = self.host.auth_system)
             form.add(RegexStringWidget, 'auth_match_text', title = _('Text to match in case of authentication failure'),
                     required = False, size = 50, value = self.host.auth_match_text)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_advanced_configuration_form(self, form):
             old_redirect_root_to_login = self.host.redirect_root_to_login
             for f in ('return_url', 'root_url', 'redirect_root_to_login', 'send_hidden_fields', 'auth_system', 'auth_match_text'):
                 value = form.get_widget(f).parse()
                 setattr(self.host, f, value)
             self.host.store()
             if self.host.redirect_root_to_login is not old_redirect_root_to_login:
                 write_apache2_vhosts()
         def form_apache_filters(self):
             form = Form(enctype='multipart/form-data')
             if not hasattr(self.host, 'apache_output_filters'):
                 self.host.apache_output_filters = [ 'proxy-html' ]
                 self.host.store()
             form.add(CheckboxWidget, 'proxy-html', title = _('HTML proxy'),
                     hint = _('Converts urls in the html pages according to the host new domain name'),
                     value = 'proxy-html' in self.host.apache_output_filters)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_apache_filters_form(self, form):
             f = 'proxy-html'
             value = form.get_widget(f).parse()
             if value is True and f not in self.host.apache_output_filters:
                 self.host.apache_output_filters.append(f)
             if value is False and f in self.host.apache_output_filters:
                 self.host.apache_output_filters.remove(f)
             self.host.store()
             write_apache2_vhosts()
     class HostPage(Directory):
         _q_exports = ['', 'minimal_configuration', 'auto_detect_configuration', 'auto_detected_configuration', 'advanced_configuration', 'apache_filters', 'see_current_configuration', 'delete']
         def __init__(self, host_id):
             self.host = Host.get(host_id)
             self.host_ui = HostUI(self.host)
             get_response().breadcrumb.append((host_id + '/', self.host.label))
         def _q_lookup(self, component):
             if component == 'configuration_assistant':
                 return ConfigurationAssistant(self.host)
             elif component == 'forms_prefill':
                 return FormsDirectory(self.host)
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             html_top('hosts', title = self.host.label)
             '<h2>%s</h2>' % _('Reverse Proxy')
             '<dl>'
             '<dt><a href="minimal_configuration">%s</a></dt> <dd>%s</dd>' % (
                     _('Minimal Configuration'), _('Configure the minimum parameters to set up a reverse proxy for this site'))
             '<dt><a href="auto_detected_configuration">%s</a></dt> <dd>%s</dd>' % (
                     _('Auto Detected Configuration'), _('Check the auto detected parameters and change them if necessary'))
             '<dt><a href="advanced_configuration">%s</a></dt> <dd>%s</dd>' % (
                     _('Advanced Configuration'), _("Configure advanced parameters if it doesn't work with minimal configuration"))
             '<dt><a href="apache_filters">%s</a></dt> <dd>%s</dd>' % (
                     _('Apache filters'), _('Select what apache filters to use'))
             '<dt><a href="see_current_configuration">%s</a></dt> <dd>%s</dd>' % (
                     _('See Current Configuration'), _('See the current configuration of this host'))
             '</dl>'
             if lasso.SAML2_SUPPORT:
                 '<h2>Liberty Alliance & SAML 2.0</h2>'
             else:
                 '<h2>Liberty Alliance</h2>'
             '<dl>'
             if hasattr(self.host, str('base_url')):
                 if lasso.SAML2_SUPPORT:
                     saml2_metadata_url = '%s/metadata.xml' % self.host.saml2_base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                                 saml2_metadata_url,
                                 _('Service Provider SAML 2.0 Metadata'),
                                 _('Download Service Provider SAML 2.0 Metadata file'))
                 metadata_url = '%s/metadata.xml' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('Service Provider ID-FF 1.2 Metadata'),
                             _('Download Service Provider ID-FF 1.2 Metadata file'))
             else:
                 '<p>%s</p>' % _('No metadata has been generated for this host.')
             if hasattr(self.host, str('base_url')) and self.host.public_key and os.path.exists(self.host.public_key):
                 public_key_url = '%s/public_key' % self.host.base_url
                 '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             public_key_url,
                             _('Public key'),
                             _('Download Service Provider SSL Public Key file'))
             else:
                 '<p>%s</p>' % _('No public key has been generated for this host.')
             '</dl>'
             '<h2>%s</h2>' % _('Form prefilling with ID-WSF')
             '<dl>'
             '<dt><a href="forms_prefill/">%s</a></dt> <dd>%s</dd>' % (
                     _('Forms'), _('Configure the forms to prefill'))
             '</dl>'
         def minimal_configuration [html] (self):
             form = self.host_ui.form_edit()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if form.is_submitted() and not form.has_errors():
                 check_minimal_configuration(form)
             if form.is_submitted() and not form.has_errors():
                 self.host_ui.submit_edit_form(form)
                 return redirect('see_current_configuration')
             get_response().breadcrumb.append( ('minimal_configuration', _('Edit')) )
             html_top('hosts', title = _('Edit Host'))
             '<h2>%s</h2>' % _('Edit Host')
             form.render()
         def auto_detect_configuration (self):
             self.host_ui.auto_detect_configuration()
             return redirect('auto_detected_configuration')
         def auto_detected_configuration [html] (self, detect=False):
             form = self.host_ui.form_auto_detected_configuration()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('auto_detected_configuration', _('Auto Detected Configuration')) )
                 html_top('hosts', title = _('Auto Detected Configuration'))
                 '<h2>%s</h2>' % _('Auto Detected Configuration')
                 '<div><a href="auto_detect_configuration"><input type="button" value="%s" /></a> %s </div><br />' \
                     % (_('Auto detect'), _('Warning, this will erase your custom modifications !'))
                 form.render()
             else:
                 self.host_ui.submit_auto_detected_configuration_form(form)
                 return redirect('see_current_configuration')
         def advanced_configuration [html] (self):
             form = self.host_ui.form_advanced_configuration()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('advanced_configuration', _('Advanced Configuration')) )
                 html_top('hosts', title = _('Advanced Configuration'))
                 '<h2>%s</h2>' % _('Advanced Configuration')
                 form.render()
             else:
                 self.host_ui.submit_advanced_configuration_form(form)
                 return redirect('see_current_configuration')
         def apache_filters [html] (self):
             form = self.host_ui.form_apache_filters()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('apache_filters', _('Apache filters')) )
                 html_top('hosts', title = _('Apache filters'))
                 '<h2>%s</h2>' % _('Apache filters')
                 form.render()
             else:
                 self.host_ui.submit_apache_filters_form(form)
                 return redirect('see_current_configuration')
         def see_current_configuration [html] (self):
             get_response().breadcrumb.append( ('see_current_configuration', _('See Current Configuration')) )
             html_top('hosts', title = _('Current Host Configuration'))
             '<h2>%s</h2>' % _('Current Host Configuration')
             for attr in ('auth_check_url', 'login_field_name', 'password_field_name'):
                 if not getattr(self.host, str(attr)):
                     '<div class="errornotice">%s</div>' % _("This site is not fully configured yet. \
     The following red fields don't have a correct value.")
                     break
             # New url for this host
             url = '%s://%s%s/' % (self.host.scheme, self.host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
             if self.host.reversed_directory is not None:
                 url += '%s/' % self.host.reversed_directory
             '<div style="margin-bottom: 0.1em; font-weight: bold;">%s</div>' % _('New url for this host')
             '<div style="margin-left: 1em; margin-bottom: 0.3em;"><a href="%s">%s</a></div>' % (url, url)
             get_publisher().reload_cfg()
             if get_cfg('use_proxy'):
                 '<div style="margin-bottom: 0.1em; font-weight: bold;">%s</div>' % _('Use proxy')
                 '<div style="margin-left: 1em; margin-bottom: 0.3em;">%s</div>' % self.host.use_proxy
             host_attrs_minimal = (
                 ('label', _('Site name')),
                 ('orig_site', _('Original site root address')),
                 ('auth_url', _('Authentication page')),
                 ('auth_form_page_url', _('Authentication form page')),
                 ('logout_url', _('Logout address')),
                 ('reversed_hostname', _('Reversed host name')),
                 ('reversed_directory', _('Reversed directory')),
                 ('use_ssl', _('Use SSL'))
+            )
             host_attrs_auto = (
                 ('auth_mode', _('Authentication mode')),
                 ('auth_check_url', _('Address where the authentication form must be sent')),
                 ('login_field_name', _('Name of the login field')),
                 ('password_field_name', _('Name of the password field')),
                 ('site_authentication_plugin', _('Plugin used for site specific authentication behaviour'))
+            )
             host_attrs_advanced = (
                 ('return_url', _('Return address')),
                 ('root_url', _('Root address')),
                 ('redirect_root_to_login', _('Redirect the root url of the site to the login page.')),
                 ('auth_system', _('Authentication system of the original site')),
                 ('auth_match_text', _('Text to match in case of authentication failure')),
                 ('send_hidden_fields', _('Send authentication form hidden fields'))
+            )
             host_menus = (
                 (host_attrs_minimal, '<a href="minimal_configuration">%s</a>' % _('Minimal Configuration')),
                 (host_attrs_auto, '<a href="auto_detected_configuration">%s</a>' % _('Auto Detected Configuration')),
                 (host_attrs_advanced, '<a href="advanced_configuration">%s</a>' % _('Advanced Configuration')),
+            )
             for host_attrs, category in host_menus:
                 '<h3>%s</h3>' % category
                 for attr, name in host_attrs:
                     color = 'black'
                     if attr in ('auth_check_url', 'login_field_name', 'password_field_name') and \
                             not getattr(self.host, str(attr)):
                         color = 'red'
                     '<div style="margin-bottom: 0.1em; font-weight: bold; color: %s;">%s</div>' % (color, name)
                     '<div style="margin-left: 1em; margin-bottom: 0.3em; color: %s;">%s</div>' % \
                         (color, getattr(self.host, str(attr)))
                     if getattr(self.host, str(attr)) == '':
                         '<br />'
             '<div class="buttons"><a href="."><input type="button" value="%s" /></a></div><br />' % _('Back')
         def delete [html] (self):
             form = Form(enctype='multipart/form-data')
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             'You are about to irrevocably delete this host.')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('hosts', title = _('Delete Host'))
                 '<h2>%s : %s</h2>' % (_('Delete Host'), self.host.label)
                 form.render()
             else:
                 self.host.remove_self()
                 write_apache2_vhosts()
                 return redirect('..')
     class HostsDirectory(Directory):
         _q_exports = ['', 'new']
         def _q_index [html] (self):
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             html_top('hosts', title = _('Hosts'))
             """<ul id="nav-hosts-admin">
               <li><a href="new">%s</a></li>
             </ul>""" % _('New Host')
             '<ul class="biglist">'
             for host in Host.select(lambda x: x.name != 'larpe', order_by = 'label'):
                 if not host.name:
                     continue
                 if not hasattr(host, str('scheme')):
                     host.scheme = str('http')
                 '<li>'
                 '<strong class="label">%s</strong>' % host.label
                 if hasattr(host, str('new_url')) and host.new_url:
                     url = host.new_url
                 else:
                     # Compat with older Larpe versions
                     url = '%s://%s%s/' % (host.scheme, host.reversed_hostname, get_request().environ['SCRIPT_NAME'])
                     if host.reversed_directory is not None:
                         url += '%s/' % host.reversed_directory
                 '<br /><a href="%s">%s</a>' % (url, url)
                 '<p class="commands">'
                 command_icon('%s/' % host.id, 'edit')
                 command_icon('%s/delete' % host.id, 'remove')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             if not os.path.isdir(os.path.join(get_publisher().app_dir, str('idp'))):
                 html_top('hosts', title = _('New Host'))
                 html = '<h2>%s</h2>' % _('New Host')
                 html += 'You must <a href="%s/admin/settings/liberty_idp/">' % misc.get_root_url()
                 html += 'configure an Identity Provider</a> first<br /><br />'
                 html += '<a href="."><input type="button" value="%s" /></a>' % _('Back')
                 return html
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             get_response().breadcrumb.append(('new', _('New')) )
             host = Host()
             host.store()
     #        configuration_assistant = ConfigurationAssistant(host)
             return redirect('%s/configuration_assistant/start' % host.id)
         def _q_lookup(self, component):
             get_response().breadcrumb.append(('hosts/', _('Hosts')))
             return HostPage(component)

     import os
     def set_provider_keys(private_key_path, public_key_path):
         # use system calls for openssl since PyOpenSSL doesn't expose the
         # necessary functions.
         if os.system('openssl version > /dev/null 2>&1') == 0:
             os.system('openssl genrsa -out %s 2048' % private_key_path)
             os.system('openssl rsa -in %s -pubout -out %s' % (private_key_path, public_key_path))
     def get_metadata(cfg):
         prologue = """\
     <?xml version="1.0"?>
     <EntityDescriptor
         providerID="%(provider_id)s"
         xmlns="urn:liberty:metadata:2003-08">""" % cfg
         sp_head = """
       <SPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">"""
         signing_public_key = ''
         if cfg.has_key('signing_public_key') and cfg['signing_public_key']:
             if 'CERTIF' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:X509Data><ds:X509Certificate>%s</ds:X509Certificate></ds:X509Data>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
             elif 'KEY' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:KeyValue>%s</ds:KeyValue>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
         sp_body = """
         <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">%(base_url)s/assertionConsumer</AssertionConsumerServiceURL>
         <SoapEndpoint>%(base_url)s/soapEndpoint</SoapEndpoint>
         <SingleLogoutServiceURL>%(base_url)s/singleLogout</SingleLogoutServiceURL>
         <SingleLogoutServiceReturnURL>%(base_url)s/singleLogoutReturn</SingleLogoutServiceReturnURL>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>
         <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>
         <FederationTerminationServiceURL>%(base_url)s/federationTermination</FederationTerminationServiceURL>
         <FederationTerminationServiceReturnURL>%(base_url)s/federationTerminationReturn</FederationTerminationServiceReturnURL>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>
         <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
         <AuthnRequestsSigned>true</AuthnRequestsSigned>
       </SPDescriptor>""" % cfg
         orga = ''
         if cfg.get('organization_name'):
             orga = """
       <Organization>
         <OrganizationName>%s</OrganizationName>
       </Organization>""" % unicode(cfg['organization_name'], 'iso-8859-1').encode('utf-8')
         epilogue = """
     </EntityDescriptor>"""
         return '\n'.join([prologue, sp_head, signing_public_key, sp_body, orga, epilogue])
     def get_saml2_metadata(cfg):
         prologue = """\
     <?xml version="1.0"?>
     <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
         entityID="%(saml2_provider_id)s">""" % cfg
         sp_head = """
       <SPSSODescriptor
           AuthnRequestsSigned="true"
           protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">"""
         signing_public_key = ''
         if cfg.has_key('signing_public_key') and cfg['signing_public_key']:
             if 'CERTIF' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:X509Data><ds:X509Certificate>%s</ds:X509Certificate></ds:X509Data>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
             elif 'KEY' in cfg['signing_public_key']:
                 signing_public_key = """
             <KeyDescriptor use="signing">
               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 <ds:KeyValue>%s</ds:KeyValue>
               </ds:KeyInfo>
             </KeyDescriptor>""" % cfg['signing_public_key']
         sp_body = """
         <AssertionConsumerService isDefault="true" index="0"
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
           Location="%(saml2_base_url)s/singleSignOnArtifact" />
         <SingleLogoutService
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
           Location="%(saml2_base_url)s/singleLogoutSOAP" />
         <SingleLogoutService
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
           Location="%(saml2_base_url)s/singleLogout"
           ResponseLocation="%(saml2_base_url)s/singleLogoutReturn" />
       </SPSSODescriptor>""" % cfg
         orga = ''
         if cfg.get('organization_name'):
             orga = """
       <Organization>
         <OrganizationName>%s</OrganizationName>
       </Organization>""" % unicode(cfg['organization_name'], 'iso-8859-1').encode('utf-8')
         epilogue = """
     </EntityDescriptor>"""
         return '\n'.join([prologue, sp_head, signing_public_key, sp_body, orga, epilogue])

     import random
     from quixote import get_publisher, get_request, get_response, redirect
     from quixote.directory import Directory
     from larpe.qommon.form import *
     from larpe.qommon import template
     from qommon import logger
     from larpe import misc
     from larpe.users import User
     from menu import *
     class ByUserDirectory(Directory):
         def _q_lookup(self, component):
             return ByUserPages(component)
     class LoggerDirectory(Directory):
         _q_exports = ['', 'download', 'by_user']
         by_user = ByUserDirectory()
         def _q_index [html] (self):
             get_response().breadcrumb.append( ('logger/', _('Logs')) )
             html_top('logger', title = _('Logs'))
             request = get_request()
             logfile = request.get_field('logfile', 'larpe.log')
             if not logfile.startswith(str('larpe.log')) or str('/') in str(logfile):
                 return template.error_page(_('Bad log file: %s') % logfile)
             logfilename = str(os.path.join(get_publisher().app_dir, logfile))
             if not os.path.exists(logfilename):
                 _('Nothing to show')
             else:
                 if logfile:
                     '<a href="download?logfile=%s">%s</a>' % (logfile, _('Download Raw Log File'))
                 else:
                     '<a href="download">%s</a>' % _('Download Raw Log File')
                 user_color_keys = {}
                 last_date = None
                 '<table id="logs">\n'
                 '<thead> <tr>'
                 ' <th>%s</th>' % _('Time')
                 ' <th>%s</th>' % _('User')
                 ' <th>%s</th>' % _('Message')
                 '<tr></thead>\n'
                 '<tbody>\n'
                 for line in open(logfilename):
                     d = logger.readline(line)
                     user_color_key = d['user_id']
                     if user_color_key == 'anonymous':
                         user_color_key += d['ip']
                     if not user_color_keys.has_key(user_color_key):
                         user_color_keys[user_color_key] = ''.join(
                             ['%x' % random.randint(0xc, 0xf) for x in range(3)])
                     '<tr class="level-%s" style="background: #%s;">' % (
                             d['level'].lower(), user_color_keys[user_color_key])
                     if (last_date != d['date']):
                         ' <td class="time">%s&nbsp;%s</td>' % (d['date'], d['hour'][:-4])
                         last_date = d['date']
                     else:
                         ' <td class="time">%s</td>' % (d['hour'][:-4])
                     if d['user_id'] ==  'anonymous':
                         userlabel = _('Anonymous')
                         ip = d['ip']
                         ' <td class="userlabel"><span title="%s">%s</span></td>' % (ip, userlabel)
                     else:
                         try:
                             user = User.get(d['user_id'])
                         except KeyError:
                             userlabel = _('Unknown')
                         else:
                             if user.name is not None:
                                 userlabel = htmltext(user.name.replace(str(' '), str('&nbsp;')))
                             else:
                                 userlabel = _('Unknown')
                         ' <td class="userlabel">%s</td>' % userlabel
                     ' <td class="message">%s</td>' % d['message']
                     '</tr>\n'
                 '</tbody>\n'
                 '</table>\n'
             logfiles = [x for x in os.listdir(get_publisher().app_dir) if x.startswith(str('larpe.log'))]
             if len(logfiles) > 1:
                 options = []
                 for lfile in logfiles:
                     firstline = open(os.path.join(get_publisher().app_dir, lfile)).readline()
                     d = logger.readline(firstline)
                     if not d:
                         continue
                     if logfile == lfile:
                         selected = 'selected="selected" '
                     else:
                         selected = ''
                     options.append({'selected': selected, 'lfile': lfile,
                             'date': '%s %s' % (d['date'], d['hour'])})
                 '<form id="other-log-select">'
                 _('Select another logfile:')
                 '<select name="logfile">'
                 options.sort(lambda x,y: cmp(x['date'], y['date']))
                 options.reverse()
                 for option in options:
                     option['since'] = str(_('Since: %s') % option['date'])[:-4]
                     '<option value="%(lfile)s"%(selected)s>%(since)s</option>' % option
                 '</select>'
                 '<input type="submit" value="%s" />' % _('Submit')
         def download(self):
             request = get_request()
             logfile = request.get_field('logfile', 'larpe.log')
             if not logfile.startswith(str('larpe.log')) or str('/') in logfile:
                 return template.error_page(_('Bad log file: %s') % logfile)
             logfilename = os.path.join(get_publisher().app_dir, logfile)
             response = get_response()
             response.set_content_type('text/x-log', 'iso-8859-1')
             response.set_header('content-disposition', 'attachment; filename=%s' % logfile)
             return open(logfilename).read()
     class ByUserPages(Directory):
         _q_exports = ['']
         def __init__(self, component):
             try:
                 self.user = User.get(component)
             except KeyError:
                 raise TraversalError()
         def _q_index [html] (self):
             html_top('logger', title = _('Logs'))
             '<h2>%s - %s</h2>' % (_('User'), self.user.name)
             last_date = None
             '<table id="logs">'
             '<thead> <tr>'
             ' <th>%s</th>' % _('Time')
             ' <th>%s</th>' % _('Message')
             '<tr></thead>'
             '<tbody>'
             logfile = get_publisher().get_app_logger_filename()
             if os.path.exists(logfile):
                 for line in open(logfile):
                     d = logger.readline(line)
                     if d['user_id'] != str(self.user.id):
                         continue
                     '<tr>'
                     if (last_date != d['date']):
                         ' <td class="time">%s&nbsp;%s</td>' % (d['date'], d['hour'][:-4])
                         last_date = d['date']
                     else:
                         ' <td class="time">%s</td>' % (d['hour'][:-4])
                     ' <td><a href="%s">%s</a></td>' % (d['url'], d['message'])
                     '</tr>'
             '</tbody>'
             '</table>'

     from quixote import get_request, get_response, get_session, get_publisher
     from larpe import storage
     from larpe import misc
     from larpe.users import User
     from larpe.hosts import Host
     items = [
         ('hosts', N_('Hosts')),
         ('users', N_('Users')),
         ('settings', N_('Settings')),
         ('logger', N_('Logs')),
         # FIXME : use get_request().environ['SCRIPT_NAME']) ?
         ('/', N_('Liberty Alliance Reverse Proxy'))]
     def generate_header_menu [html] (selected = None):
         s = ["""<ul id="menu">\n"""]
         base_url = get_request().environ['SCRIPT_NAME'] + '/admin'
         features = get_publisher().cfg.get('misc', {}).get('features', 'both')
         show_logger = get_publisher().cfg.get('debug', {}).get('logger', False)
         for k, v in items:
             if k == '/':
                 continue # skip root
             if k == 'logger' and not show_logger:
                 continue
             if k == selected:
                 s.append('<li class="active">')
             else:
                 s.append('<li>')
             s.append('<a href="%s/%s/">%s</a></li>\n' % (base_url, k, _(v)))
         s.append('</ul>\n')
         return ''.join(s)
     def generate_user_info [html] ():
         hosts = Host.select(lambda x: x.name == 'larpe')
         if not hosts:
             return
         host = hosts[0]
         user = get_session().get_user(host.provider_id)
         if user and user.name:
             logout_url = '%s/liberty/%s/logout' % (get_request().environ['SCRIPT_NAME'], host.name)
             """<ul class="user-info">
       <li class="ui-name">%s</li>
       <li class="ui-logout"><a href="%s">%s</a></li>
     </ul>""" % (user.name, logout_url, _('logout'))
     def html_top [html] (section, title = None, scripts = None):
         header_menu = generate_header_menu(section)
         user_info = generate_user_info()
         subtitle = ''
         for s in items:
             if s[0] == section:
                 subtitle = _(s[1])
         if not title:
             title = ''
         else:
             title = ' - ' + title
         if not scripts:
             scripts = ''
         else:
             scripts = '\n'.join(['<script src="%s" type="text/javascript"></script>' % x for x in scripts])
         sitetitle = _('Larpe Administration')
     #    if title:
     #        sitetitle += ' - '
         admin_ezt = True
         get_response().filter.update(locals())
     def error_page [html] (section, error):
         html_top(section, title = _('Error'))
         '<div id="error-page">'
         '<h2>%s</h2>' % _('Error')
         '<p>%s</p>' % error
         '</div>'
     def command_icon [html] (url, type, label = None, icon = None):
         script_name = get_request().environ['SCRIPT_NAME']
         icons = {
             'edit': 'stock_edit_16.png',
             'add': 'stock_add_16.png',
             'remove': 'stock_remove_16.png',
             'duplicate': 'stock_copy_16.png',
             'view': 'view_16.png',
+        }
         labels = {
             'add': N_('Add'),
             'edit': N_('Edit'),
             'remove': N_('Remove'),
             'duplicate': N_('Duplicate'),
             'view': N_('View'),
+            }
         if not label:
             label = _(labels[str(type)])
         if not icon:
             icon = icons[str(type)]
         if url:
             '''<span class="%(type)s">
       <a href="%(url)s"><img src="%(script_name)s/larpe/images/%(icon)s" alt="%(label)s" title="%(label)s" /></a>
     </span>''' % locals()
         else:
             # no url -> image button
             '''<span class="%(type)s">
       <input type="image" src="%(script_name)s/larpe/images/%(icon)s" alt="%(label)s" title="%(label)s" />
     </span>''' % locals()

     import os
     from quixote import get_session, get_session_manager, get_publisher, get_request, get_response
     from quixote.directory import Directory, AccessControlled
     import hosts
     import users
     import settings
     import logger
     from larpe.admin.menu import html_top
     from larpe import errors
     from larpe import misc
     def gpl [html] ():
         """<p>This program is free software; you can redistribute it and/or modify it
         under the terms of the GNU General Public License as published by the Free
         Software Foundation; either version 2 of the License, or (at your option)
         any later version.</p>
         <p>This program is distributed in the hope that it will be useful, but
         WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
         or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
         for more details.</p>
         <p>You should have received a copy of the GNU General Public License along with
         this program; if not, write to the Free Software Foundation, Inc., 59 Temple
         Place - Suite 330, Boston, MA  02111-1307, USA.</p>
         """
     class RootDirectory(AccessControlled, Directory):
         _q_exports = ['', 'hosts', 'users', 'settings', 'logger']
         hosts = hosts.HostsDirectory()
         users = users.UsersDirectory()
         settings = settings.SettingsDirectory()
         logger = logger.LoggerDirectory()
         def _q_access(self):
             # FIXME : this block should be moved somewhere else
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('proxy_hostname'):
                 get_publisher().cfg['proxy_hostname'] = get_request().get_server().split(':')[0]
             get_publisher().write_cfg()
             response = get_response()
             if not hasattr(response, 'breadcrumb'):
                 response.breadcrumb = [ ('../admin/', _('Administration')) ]
             # Cheater
             if os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')):
                 return
             # No admin user created yet, free access
             user_list = users.User.select(lambda x: x.is_admin)
             if not user_list:
                 return
             host_list = hosts.Host.select(lambda x: x.name == 'larpe')
             if host_list:
                 host = host_list[0]
             else:
                 raise errors.AccessForbiddenError()
             user = get_session().get_user(host.provider_id)
             if user:
                 if not user.name or not user.is_admin:
                     raise errors.AccessForbiddenError()
             else:
                 raise errors.AccessUnauthorizedError()
         def _q_index [html] (self):
             html_top('/')
             gpl()

     import cStringIO
     import cPickle
     import re
     import os
     import lasso
     import glob
     import zipfile
     from quixote import get_publisher, get_request, get_response, redirect
     from quixote.directory import Directory, AccessControlled
     from menu import *
     from larpe.qommon.form import *
     from larpe.qommon.misc import get_abs_path
     from larpe.qommon.admin.emails import EmailsDirectory
     from larpe import misc
     from larpe.hosts import Host
     from larpe.admin.liberty_utils import *
     class LibertyIDPDir(Directory):
         _q_exports = ['', ('metadata.xml', 'metadata')]
         def _q_index [html] (self):
             form = Form(enctype="multipart/form-data")
             form.add(FileWidget, "metadata", title = _("Metadata"), required=True)
             form.add(FileWidget, "publickey", title = _("Public Key"), required=False)
             form.add(FileWidget, "cacertchain", title = _("CA Certificate Chain"), required=False)
             form.add_submit("submit", _("Submit"))
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('New Identity Provider'))
                 "<h2>%s</h2>" % _('New Identity Provider')
                 form.render()
             else:
                 self.submit_new(form)
         def submit_new(self, form, key_provider_id = None):
             metadata, publickey, cacertchain = None, None, None
             if form.get_widget('metadata').parse():
                 metadata = form.get_widget('metadata').parse().fp.read()
             if form.get_widget('publickey').parse():
                 publickey = form.get_widget('publickey').parse().fp.read()
             if form.get_widget('cacertchain').parse():
                 cacertchain = form.get_widget('cacertchain').parse().fp.read()
             if not key_provider_id:
                 try:
                     provider_id = re.findall(r'(provider|entity)ID="(.*?)"', metadata)[0][1]
                 except IndexError:
                     return error_page(_('Bad metadata'))
                 key_provider_id = provider_id.replace(str('://'), str('-')).replace(str('/'), str('-'))
             dir = get_abs_path(os.path.join('idp', key_provider_id))
             if not os.path.isdir(dir):
                 os.makedirs(dir)
             if metadata:
                 metadata_fn = os.path.join(dir, 'metadata.xml')
                 open(metadata_fn, 'w').write(metadata)
             if publickey:
                 publickey_fn = os.path.join(dir, 'public_key')
                 open(publickey_fn, 'w').write(publickey)
             else:
                 publickey_fn = None
             if cacertchain:
                 cacertchain_fn = os.path.join(dir, 'ca_cert_chain.pem')
                 open(cacertchain_fn, 'w').write(cacertchain)
             else:
                 cacertchain_fn = None
             p = lasso.Provider(lasso.PROVIDER_ROLE_IDP, metadata_fn, publickey_fn, None)
             try:
                 misc.get_provider_label(p)
                 get_publisher().cfg['idp'] = key_provider_id
                 get_publisher().write_cfg()
             except TypeError:
                 if metadata:
                     os.unlink(metadata_fn)
                 if publickey:
                     os.unlink(publickey_fn)
                 if cacertchain:
                     os.unlink(cacertchain_fn)
                 return error_page(_('Bad metadata'))
             redirect('..')
         def metadata(self):
             response = get_response()
             response.set_content_type('text/xml', 'utf-8')
             get_publisher().reload_cfg()
             if get_publisher().cfg['idp']:
                 idp_metadata = os.path.join(get_abs_path('idp'), get_publisher().cfg['idp'], 'metadata.xml')
                 return unicode(open(idp_metadata).read(), 'utf-8')
             return 'No IDP is configured'
     class EmailsDirectory(Directory):
         emails = []
         def __init__(self):
             self._q_exports = ['', 'options'] + [x[0] for x in self.emails]
         def options [html] (self):
             form = Form(enctype="multipart/form-data")
             emails = get_publisher().cfg.get('emails', {})
             form.add(StringWidget, 'smtp_server', title = _('SMTP Server'),
                     required = False, value = emails.get('smtp_server', ''))
             form.add(StringWidget, 'from', title = _('Email Sender'),
                     required = True, value = emails.get('from', 'larpe@localhost'))
             form.add(StringWidget, 'reply_to', title = _('Reply-To Address'),
                     required = False, value = emails.get('reply_to'))
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Emails'))
                 "<h2>%s</h2>" % _('General Options')
                 form.render()
             else:
                 self.options_submit(form)
                 redirect('.')
         def options_submit(self, form):
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('emails'):
                 get_publisher().cfg['emails'] = {}
             for k in ('smtp_server', 'from', 'reply_to'):
                 get_publisher().cfg['emails'][k] = form.get_widget(k).parse()
             get_publisher().write_cfg()
         def _q_index [html] (self):
             html_top('settings', title = _('Emails'))
             '<h2>%s</h2>' % _('Emails')
             '<ul>'
             '<li><a href="options">%s</a></li>' % _('General Options')
             for email_key, email_label in self.emails:
                 '<li><a href="%s">%s %s</a></li>' % (email_key,
                         _('Custom Email:'), _(email_label))
             '</ul>'
             '<p>'
             '<a href="..">%s</a>' % _('Back')
             '</p>'
         def email [html] (self, email_key, email_label, hint = None, check_template = None,
                     enabled = True):
             emails_cfg = get_publisher().cfg.get('emails', {})
             cfg_key = 'email-%s' % email_key
             form = Form(enctype='multipart/form-data')
             form.add(CheckboxWidget, cfg_key + '_enabled', title = _('Enabled Email'),
                     value = emails_cfg.get(cfg_key + '_enabled', True), default = enabled)
             form.add(StringWidget, cfg_key + '_subject', title = _('Subject'),
                     value = emails_cfg.get(cfg_key + '_subject', ''))
             form.add(TextWidget, cfg_key, title = email_label, value = emails_cfg.get(cfg_key),
                     cols = 80, rows = 10, hint = hint)
             form.add_submit('submit', _('Submit'))
             form.add_submit('restore-default', _('Restore default email'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_submit() == 'cancel':
                 return redirect('.')
             if form.get_submit() == 'restore-default':
                 self.email_submit(None, cfg_key)
                 return redirect('.')
             if form.is_submitted() and not form.has_errors():
                 if self.email_submit(form, cfg_key, check_template):
                     return redirect('.')
                 form.set_error(cfg_key, _('Invalid template'))
             html_top('settings', title = _('Emails'))
             '<h2>%s - %s</h2>' % (_('Email'), email_label)
             form.render()
         def email_submit(self, form, cfg_key, check_template = None):
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('emails'):
                 get_publisher().cfg['emails'] = {}
             if form:
                 template = form.get_widget(cfg_key).parse()
                 if check_template and not check_template(template):
                     return False
                 get_publisher().cfg['emails'][str(cfg_key)] = template
                 get_publisher().cfg['emails'][str(cfg_key + '_enabled')] = form.get_widget(
                         cfg_key + '_enabled').parse()
                 get_publisher().cfg['emails'][str(cfg_key + '_subject')] = form.get_widget(
                         cfg_key + '_subject').parse()
             else:
                 get_publisher().cfg['emails'][str(cfg_key)] = None
             get_publisher().write_cfg()
             return True
     class SettingsDirectory(AccessControlled, Directory):
         _q_exports = ['', 'liberty_sp', 'liberty_idp', 'domain_names', 'apache2_configuration_generation',
                       'language', 'emails', 'proxy' ]
         liberty_idp = LibertyIDPDir()
         emails = EmailsDirectory()
         def _q_access(self):
             get_response().breadcrumb.append( ('settings/', _('Settings')) )
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             html_top('settings', title = _('Settings'))
             if lasso.SAML2_SUPPORT:
                 '<h2>%s</h2>' % _('Liberty Alliance & SAML 2.0 Service Provider')
             else:
                 '<h2>%s</h2>' % _('Liberty Alliance Service Provider')
             '<dl> <dt><a href="liberty_sp">%s</a></dt> <dd>%s</dd>' % (
                     _('Service Provider'), _('Configure Larpe as a Service Provider'))
             hosts = Host.select(lambda x: x.name == 'larpe')
             if hosts:
                 self.host = hosts[0]
                 if lasso.SAML2_SUPPORT and self.host.saml2_metadata is not None:
                     metadata_url = '%s/metadata.xml' % self.host.saml2_base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('Service Provider Metadata'),
                             _('Download Service Provider SAML 2.0 Metadata file'))
                 if self.host.metadata is not None:
                     metadata_url = '%s/metadata.xml' % self.host.base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             metadata_url,
                             _('Service Provider Metadata'),
                             _('Download Service Provider ID-FF 1.2 Metadata file'))
                 if self.host.public_key is not None:
                     public_key_url = '%s/public_key' % self.host.base_url
                     '<dt><a href="%s">%s</a></dt> <dd>%s</dd>' % (
                             public_key_url,
                             _('Public key'),
                             _('Download Service Provider SSL Public Key file'))
             if lasso.SAML2_SUPPORT:
                 '<h2>%s</h2>' % _('Liberty Alliance & SAML 2.0 Identity Provider')
             else:
                 '<h2>%s</h2>' % _('Liberty Alliance Identity Provider')
             '<dl>'
             '<dt><a href="liberty_idp/">%s</a></dt> <dd>%s</dd>' % (
                    _('Identity Provider'), _('Configure an identity provider'))
             if get_publisher().cfg.has_key('idp'):
                 '<dt><a href="liberty_idp/metadata.xml">%s</a></dt> <dd>%s</dd>' % (
                         _('Identity Provider metadatas'), _('See current identity provider metadatas'))
             '</dl>'
             '<h2>%s</h2>' % _('Global parameters for the sites')
             '<dl>'
             '<dt><a href="domain_names">%s</a></dt> <dd>%s</dd>' % (
                     _('Domain name'), _('Configure the base domain name for the sites'))
             '<dt><a href="apache2_configuration_generation">%s</a></dt> <dd>%s</dd>' % (
                     _('Apache 2 configuration generation'), _('Customise Apache 2 configuration generation'))
             '<dt><a href="proxy">%s</a></dt> <dd>%s</dd>' % (
                     _('Proxy'), _('Connect to the sites through a web proxy'))
             '</dl>'
             '<h2>%s</h2>' % _('Customisation')
             '<dl>'
             '<dt><a href="language">%s</a></dt> <dd>%s</dd>' % (
                     _('Language'), _('Configure site language'))
             '<dt><a href="emails/">%s</a></dt> <dd>%s</dd>' % (
                     _('Emails'), _('Configure email settings'))
             '</dl>'
     #        '<h2>%s</h2>' % _('Misc')
     #        '<dl>'
     #        '<dt><a href="misc">%s</a></dt> <dd>%s</dd>' % (
     #                _('Misc'), _('Configure misc options'))
     #        '<dt><a href="debug_options">%s</a></dt> <dd>%s</dd>' % (
     #                _('Debug Options'), _('Configure options useful for debugging'))
     #        '</dl>'
         def liberty_sp [html] (self):
             get_publisher().reload_cfg()
             # Get the host object for the reverse proxy
             hosts = Host.select(lambda x: x.name == 'larpe')
             if hosts:
                 self.host = hosts[0]
             else:
                 self.host = Host()
                 self.host.reversed_hostname = get_publisher().cfg[str('proxy_hostname')]
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'organization_name', title=_('Organisation Name'), size=50,
                     required = True, value = self.host.organization_name)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Service Provider Configuration'))
                 '<h2>%s</h2>' % _('Service Provider Configuration')
                 form.render()
             else:
                 self.liberty_sp_submit(form)
                 redirect('.')
         def liberty_sp_submit(self, form):
             get_publisher().reload_cfg()
             metadata_cfg = {}
             f = 'organization_name'
             if form.get_widget(f):
                 setattr(self.host, f, form.get_widget(f).parse())
             metadata_cfg['organization_name'] = self.host.organization_name
             self.host.name = 'larpe'
             # Liberty Alliance / SAML parameters
             base_url = '%s/liberty/%s/liberty' % (misc.get_root_url(), self.host.name)
             metadata_cfg['base_url'] = base_url
             self.host.base_url = base_url
             if lasso.SAML2_SUPPORT:
                 saml2_base_url = '%s/liberty/%s/saml' % (misc.get_root_url(), self.host.name)
                 metadata_cfg['saml2_base_url'] = saml2_base_url
                 self.host.saml2_base_url = saml2_base_url
             provider_id = '%s/metadata' % base_url
             metadata_cfg['provider_id'] = provider_id
             self.host.provider_id = provider_id
             if lasso.SAML2_SUPPORT:
                 saml2_provider_id = '%s/metadata' % saml2_base_url
                 metadata_cfg['saml2_provider_id'] = saml2_provider_id
                 self.host.saml2_provider_id = saml2_provider_id
             # Storage directories
             site_dir = os.path.join(get_publisher().app_dir, 'sp',
                         self.host.reversed_hostname, self.host.name)
             user_dir = os.path.join(site_dir, 'users')
             token_dir = os.path.join(site_dir, 'tokens')
             for dir in (site_dir, user_dir, token_dir):
                 if not os.path.isdir(dir):
                     os.makedirs(dir)
             metadata_cfg['site_dir'] = site_dir
             self.host.site_dir = site_dir
             # Generate SSL keys
             private_key_path = os.path.join(site_dir, 'private_key.pem')
             public_key_path = os.path.join(site_dir, 'public_key')
             if not os.path.isfile(private_key_path) or not os.path.isfile(public_key_path):
                 set_provider_keys(private_key_path, public_key_path)
             self.host.private_key = private_key_path
             metadata_cfg['signing_public_key'] = open(public_key_path).read()
             self.host.public_key = public_key_path
             # Write metadatas
             metadata_path = os.path.join(site_dir, 'metadata.xml')
             open(metadata_path, 'w').write(get_metadata(metadata_cfg))
             self.host.metadata = metadata_path
             if hasattr(self.host, 'saml2_provider_id'):
                 saml2_metadata_path = os.path.join(site_dir, 'saml2_metadata.xml')
                 open(saml2_metadata_path, 'w').write(get_saml2_metadata(metadata_cfg))
                 self.host.saml2_metadata = saml2_metadata_path
             self.host.root_url = '%s/' % misc.get_root_url()
             self.host.return_url = '%s/admin/' % misc.get_root_url()
             self.host.store()
         def domain_names [html] (self):
             form = self.form_domain_name()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Domain name'))
                 '<h2>%s</h2>' % _('Domain name')
                 form.render()
             else:
                 self.submit_domain_name(form)
                 redirect('.')
         def form_domain_name(self):
             get_publisher().reload_cfg()
             if get_cfg('domain_names'):
                 domain_name = get_cfg('domain_names')[0]
             else:
                 domain_name = None
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'domain_name',
                 title=_('Domain name for the sites'),
                 value = domain_name)
             # TODO: Add the option "Both" and handle it in hosts configuration
             form.add(SingleSelectWidget, 'sites_url_scheme', title = _('Use HTTP or HTTPS'),
                     value = get_cfg('sites_url_scheme'),
                     options = [ (None, _('Same as the site')),
                                 ('http', 'HTTP'),
                                 ('https', 'HTTPS') ] )
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             return form
         def submit_domain_name(self, form):
             get_publisher().reload_cfg()
             get_publisher().cfg['domain_names'] = [ form.get_widget('domain_name').parse() ]
             get_publisher().cfg['sites_url_scheme'] = form.get_widget('sites_url_scheme').parse()
             get_publisher().write_cfg()
         def apache2_configuration_generation [html] (self):
             get_publisher().reload_cfg()
             form = Form(enctype='multipart/form-data')
             form.add(CheckboxWidget, 'allow_config_generation',
                     title=_('Automatically generate Apache 2 configuration for new hosts and reload Apache 2 after changes'),
                     value = get_publisher().cfg.get(str('allow_config_generation'), True))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Apache 2 configuration generation'))
                 '<h2>%s</h2>' % _('Apache 2 configuration generation')
                 form.render()
             else:
                 self.apache2_configuration_generation_submit(form)
                 redirect('.')
         def apache2_configuration_generation_submit(self, form):
             get_publisher().reload_cfg()
             f = 'allow_config_generation'
             get_publisher().cfg[f] = form.get_widget(f).parse()
             get_publisher().write_cfg()
         def language [html] (self):
             form = Form(enctype='multipart/form-data')
             language_cfg = get_publisher().cfg.get('language', {})
             form.add(SingleSelectWidget, 'language', title = _('Language'),
                     value = language_cfg.get('language'),
                     options = [ (None, _('System Default')),
                                 (str('en'), _('English')),
                                 (str('fr'), _('French')) ] )
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Language'))
                 '<h2>%s</h2>' % _('Language')
                 form.render()
             else:
                 self.language_submit(form)
                 redirect('.')
         def language_submit(self, form):
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('language'):
                 get_publisher().cfg['language'] = {}
             for k in ('language', ):
                 get_publisher().cfg['language'][k] = form.get_widget(k).parse()
             get_publisher().write_cfg()
         def proxy [html] (self):
             get_publisher().reload_cfg()
             form = Form(enctype='multipart/form-data')
             form.add(CheckboxWidget, 'use_proxy',
                     title=_('Use a web proxy'),
                     value = get_publisher().cfg.get(str('use_proxy'), False))
             form.add(StringWidget, 'proxy_ip',
                     title=_('Proxy IP address or domain name'),
                     value = get_publisher().cfg.get(str('proxy_ip')))
             form.add(StringWidget, 'proxy_port',
                     title=_('Proxy port'),
                     value = get_publisher().cfg.get(str('proxy_port')))
             form.add(StringWidget, 'proxy_user',
                     title=_('User name'),
                     value = get_publisher().cfg.get(str('proxy_user')))
             form.add(PasswordWidget, 'proxy_password',
                     title=_('User password'),
                     value = get_publisher().cfg.get(str('proxy_password')))
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('settings', title = _('Proxy'))
                 '<h2>%s</h2>' % _('Proxy')
                 form.render()
             else:
                 self.proxy_submit(form)
                 redirect('.')
         def proxy_submit(self, form):
             get_publisher().reload_cfg()
             for f in ('use_proxy', 'proxy_ip', 'proxy_port', 'proxy_user', 'proxy_password'):
                 get_publisher().cfg[f] = form.get_widget(f).parse()
             get_publisher().write_cfg()
     #     def debug_options [html] (self):
     #         form = Form(enctype="multipart/form-data")
     #         debug_cfg = get_publisher().cfg.get('debug', {})
     #         form.add(StringWidget, 'error_email', title = _('Email for Tracebacks'),
     #                 value = debug_cfg.get('error_email', ''))
     #         form.add(SingleSelectWidget, 'display_exceptions', title = _('Display Exceptions'),
     #                 value = debug_cfg.get('display_exceptions', ''),
     #                 options = [ (str(''), _('No display')),
     #                             (str('text'), _('Display as Text')),
     #                             (str('text-in-html'), _('Display as Text in HTML an error page')),
     #                             (str('html'), _('Display as HTML')) ])
     #         form.add(CheckboxWidget, 'logger', title = _('Logger'),
     #                 value = debug_cfg.get('logger', False))
     #         form.add_submit("submit", _("Submit"))
     #         form.add_submit("cancel", _("Cancel"))
     #         if form.get_widget('cancel').parse():
     #             return redirect('.')
     #         if not form.is_submitted() or form.has_errors():
     #             html_top('settings', title = _('Debug Options'))
     #             '<h2>%s</h2>' % _('Debug Options')
     #             form.render()
     #         else:
     #             self.debug_options_submit(form)
     #             redirect('.')
     #     def debug_options_submit(self, form):
     #         get_publisher().reload_cfg()
     #         if not get_publisher().cfg.has_key('debug'):
     #             get_publisher().cfg['debug'] = {}
     #         for k in ('error_email', 'display_exceptions', 'logger'):
     #             get_publisher().cfg['debug'][k] = form.get_widget(k).parse()
     #         get_publisher().write_cfg()
     #         get_publisher().set_config()
     def error_page [html] (error_message):
         html_top(_('Error'))
         '<h1>%s</h1>' % _('Error')
         '<div class="error-page">'
         '<p>%s</p>' % error_message
         '</div>'

     import random
     import lasso
     from quixote import get_request, get_session, redirect, get_publisher
     from quixote.directory import Directory
     from larpe.qommon.form import *
     from larpe.qommon import emails
     from larpe import errors
     from larpe import misc
     from larpe import storage
     from larpe.users import User
     from larpe.hosts import Host
     from menu import *
     class UserUI:
         def __init__(self, user):
             self.user = user
         def form_new(self):
             form = Form(enctype="multipart/form-data")
             form.add(StringWidget, "name", title = _('User Name'), required = True, size=30)
             form.add(StringWidget, "email", title = _('Email'), required = False, size=30)
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             return form
         def form_edit(self):
             form = Form(enctype="multipart/form-data")
             form.add(StringWidget, "id", title = _('User Id'), required = False, size=30,
                     value = self.user.id, readonly = 'readonly')
             form.add(StringWidget, "name", title = _('User Name'), required = True, size=30,
                     value = self.user.name)
             form.add(StringWidget, "email", title = _('Email'), required = False, size=30,
                     value = self.user.email)
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             return form
         def submit_form(self, form):
             if not self.user:
                 self.user = User()
             for f in ('name', 'email'):
                 widget = form.get_widget(f)
                 if widget:
                     setattr(self.user, f, widget.parse())
             self.user.is_admin = True
             self.user.store()
     class UserPage(Directory):
         _q_exports = ['', 'edit', 'delete', 'token']
         def __init__(self, component):
             self.user = User.get(component)
             self.user_ui = UserUI(self.user)
             get_response().breadcrumb.append((component + '/', self.user.name))
         def _q_index [html] (self):
             html_top('users', '%s - %s' % (_('User'), self.user.name))
             '<h2>%s - %s</h2>' % (_('User'), self.user.name)
             '<div class="form">'
             '<div class="title">%s</div>' % _('Name')
             '<div class="StringWidget content">%s</div>' % self.user.name
             if self.user.email:
                 '<div class="title">%s</div>' % _('Email')
                 '<div class="StringWidget content">%s</div>' % self.user.email
     #         if self.user.lasso_dump:
     #             identity = lasso.Identity.newFromDump(self.user.lasso_dump)
     #             server = misc.get_lasso_server()
     #             if len(identity.providerIds) and server:
     #                 '<h3>%s</h3>' % _('Liberty Alliance Details')
     #                 '<div class="StringWidget content"><ul>'
     #                 for pid in identity.providerIds:
     #                     provider = server.getProvider(pid)
     #                     label = misc.get_provider_label(provider)
     #                     if label:
     #                         label = '%s (%s)' % (label, pid)
     #                     else:
     #                         label = pid
     #                     federation = identity.getFederation(pid)
     #                     '<li>'
     #                     _('Account federated with %s') % label
     #                     '<br />'
     #                     if federation.localNameIdentifier:
     #                         _("local: ") + federation.localNameIdentifier.content
     #                     if federation.remoteNameIdentifier:
     #                         _("remote: ") + federation.remoteNameIdentifier.content
     #                     '</li>'
     #                 '</ul></div>'
     #                 # XXX: only display this in debug mode:
     #                 '<h4>%s</h4>' % _('Lasso Identity Dump')
     #                 '<pre>%s</pre>' % self.user.lasso_dump
             '</div>'
         def debug [html] (self):
             get_response().breadcrumb.append( ('debug', _('Debug')) )
             html_top('users', 'Debug')
             "<h2>Debug - %s</h2>" % self.user.name
             "<pre>"
             self.user.lasso_dump
             "</pre>"
         def edit [html] (self):
             form = self.user_ui.form_edit()
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append( ('edit', _('Edit')) )
                 html_top('users', title = _('Edit User'))
                 '<h2>%s</h2>' % _('Edit User')
                 form.render()
             else:
                 self.user_ui.submit_form(form)
                 return redirect('..')
         def delete [html] (self):
             form = Form(enctype="multipart/form-data")
             form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                             "You are about to irrevocably delete this user.")))
             form.add_submit("submit", _("Submit"))
             form.add_submit("cancel", _("Cancel"))
             if form.get_widget('cancel').parse():
                 return redirect('..')
             if not form.is_submitted() or form.has_errors():
                 get_response().breadcrumb.append(('delete', _('Delete')))
                 html_top('users', title = _('Delete User'))
                 '<h2>%s %s</h2>' % (_('Deleting User :'), self.user.name)
                 form.render()
             else:
                 self.user.remove_self()
                 return redirect('..')
         def token [html] (self):
             form = Form(enctype="multipart/form-data", use_tokens = False)
             form.add_submit("submit", _("Generate"))
             form.add_submit("cancel", _("Cancel"))
             request = get_request()
             if request.form.has_key('cancel') or request.form.has_key('done'):
                 return redirect('..')
             get_response().breadcrumb.append(('token', _('Identification Token')))
             if not form.is_submitted() or form.has_errors():
                 html_top('users', title = _('Identification Token'))
                 '<h2>%s</h2>' % _('Identification Token')
                 '<p>%s</p>' % _('You are about to generate a token than can be used to federate the account.')
                 '<p>%s</p>' % _('After that, you will have the choice to send it to the user by email so that he can federate his accounts.')
                 if self.user.identification_token:
                     '<p>%s</p>' % _('Note that user has already been issued an identification token : %s') % self.user.identification_token
                 form.render()
             else:
                 if request.form.has_key('submit'):
                     html_top('users', title = _('Identification Token'))
                     token = '-'.join(['%04d' % random.randint(1, 9999) for x in range(4)])
                     self.user.identification_token = str(token)
                     self.user.store()
                     '<p>'
                     _('Identification Token for %s') % self.user.name
                     ' : %s</p>' % self.user.identification_token
                     form = Form(enctype="multipart/form-data", use_tokens = False)
                     form.add_submit('done', _('Done'))
                     if self.user.email:
                         form.add_submit("submit-email", _("Send by email"))
                     form.render()
                 else:
                     site_url = '%s://%s%s/token?token=%s' \
                         % (request.get_scheme(), request.get_server(),
                            get_request().environ['SCRIPT_NAME'], self.user.identification_token)
                     body = _("""You have been given an identification token.
     Your token is %(token)s
     Click on %(url)s to use it.
     """) % {'token': self.user.identification_token, 'url': site_url}
                     try:
                         emails.email(_('Identification Token'), body, self.user.email)
                     except errors.EmailError, e:
                         html_top('users', title = _('Identification Token'))
                         _('Failed sending email. Check your email configuration.')
                         '<div class="buttons"><a href=".."><input type="button" value="%s" /></a></div><br />' % _('Back')
                     else:
                         return redirect('..')
     class UsersDirectory(Directory):
         _q_exports = ['', 'new']
         def _q_index [html] (self):
             get_publisher().reload_cfg()
             get_response().breadcrumb.append( ('users/', _('Users')) )
             html_top('users', title = _('Users'))
             if not list(Host.select(lambda x: x.name == 'larpe')):
                 '<p>%s</p>' % _('Liberty support must be setup before creating users.')
             else:
                 """<ul id="nav-users-admin">
                   <li><a href="new">%s</a></li>
                 </ul>""" % _('New User')
             debug_cfg = get_publisher().cfg.get('debug', {})
             users = User.select(lambda x: x.name is not None, order_by = 'name')
             '<ul class="biglist">'
             for user in users:
                 '<li>'
                 '<strong class="label">%s</strong>' % user.name
                 if user.email:
                     '<p class="details">'
                     user.email
                     '</p>'
                 '<p class="commands">'
                 command_icon('%s/' % user.id, 'view')
                 if not user.name_identifiers:
                     if not user.identification_token:
                         command_icon('%s/token' % user.id, 'token',
                                 label = _('Identification Token'), icon = 'stock_exec_16.png')
                     else:
                         command_icon('%s/token' % user.id, 'token',
                                 label = _('Identification Token (current: %s)') % \
                                     user.identification_token,
                                 icon = 'stock_exec_16.png')
                 command_icon('%s/edit' % user.id, 'edit')
                 command_icon('%s/delete' % user.id, 'remove')
                 if debug_cfg.get('logger', False):
                     command_icon('../logger/by_user/%s/' % user.id, 'logs',
                             label = _('Logs'), icon = 'stock_harddisk_16.png')
                 '</p></li>'
             '</ul>'
         def new [html] (self):
             get_response().breadcrumb.append( ('users/', _('Users')) )
             get_response().breadcrumb.append( ('new', _('New')) )
             hosts = list(Host.select(lambda x: x.name == 'larpe'))
             if not hosts:
                 return error_page('users', _('Liberty support must be setup before creating users.'))
             host = hosts[0]
             # XXX: user must be logged in to get here
             user_ui = UserUI(None)
             # FIXME : should be able to use User.count(). Track fake user creations.
             users = User.select(lambda x: x.name is not None)
             first_user = (len(users) == 0)
             form = user_ui.form_new()
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 html_top('users', title = _('New User'))
                 '<h2>%s</h2>' % _('New User')
                 form.render()
             else:
                 user_ui.submit_form(form)
                 if first_user:
                     req = get_request()
                     if hasattr(req, str('user')) and req.user:
                         user_ui.user.name_identifiers = req.user.name_identifiers
                         user_ui.user.lasso_dump = req.user.lasso_dump
                         user_ui.user.store()
                     # TODO : SAML 2.0
                     get_session().set_user(user_ui.user.id, host.provider_id)
                 return redirect('.')
         def _q_lookup(self, component):
             get_response().breadcrumb.append( ('users/', _('Users')) )
             try:
                 return UserPage(component)
             except KeyError:
                 raise errors.TraversalError()

larpe/branches/idwsf/larpe/ctl/__init__.py
1		from start import start
2

     import socket
     import sys
     from qommon.scgi_server import run
     import publisher
     def start(args):
         port = 3007
         script_name = ''
         i = 0
         while i < len(args):
             if args[i] == '--port':
                 port = int(args[i+1])
                 i += 1
             elif args[i] == '--silent':
                 sys.stdout = open('/dev/null', 'w')
                 sys.stderr = open('/dev/null', 'w')
             elif args[i] == '--script-name':
                 script_name = args[i+1]
                 i += 1
             i += 1
         try:
             run(publisher.LarpePublisher.create_publisher, port=port, script_name=script_name)
         except socket.error, e:
             if e[0] == 98:
                 print >> sys.stderr, 'address already in use'
                 sys.exit(1)
             raise
         except KeyboardInterrupt:
             sys.exit(1)

     from quixote import get_session, get_request, redirect
     from qommon.errors import *
     class AccessUnauthorizedError(AccessError):
         def render [html] (self):
             session = get_session()
             request = get_request()
             session.after_url = str('%s?%s' % (request.get_url(), request.get_query()))
             # TODO : SAML2
             login_url = '%s/liberty/larpe/login' % request.environ['SCRIPT_NAME']
             redirect(login_url)

     from storage import StorableObject
     class Federation(StorableObject):
         _names = 'federations'
         username = None
         password = None
         host_id = None
         name_identifiers = None
         cookies = None
         select_fields = {}
         def __init__(self, username, password, host_id, name_identifier, cookies=None, select={}):
             StorableObject.__init__(self)
             self.username = username
             self.password = password
             self.host_id = host_id
             self.name_identifiers = [ name_identifier ]
             self.cookies = cookies
             self.select_fields = select
     #     def add_name_identifier(self, name_identifier):
     #         self.name_identifiers.append(name_identifier)
         def remove_name_identifier(self, name_identifier):
             self.name_identifiers.remove(name_identifier)
             if not self.name_identifiers:
                 self.remove_self()
         def set_cookies(self, cookies):
             self.cookies = cookies
         def __str__(self):
             return 'Federation username : %s, name identifiers : %s, cookies : %s' \
                     % (self.username, self.name_identifiers, self.cookies)

     from storage import StorableObject
     class FieldPrefill(StorableObject):
         _names = 'field_prefill'
         form_id = 0
         name = None
         xpath = None
         number = 1
         raw_xml = False
         regexp_match = None
         regexp_replacing = None
         select_options = {}

     import os
     import re
     from mod_python import apache
     #import larpe.hosts
     app_dir = '/var/lib/larpe'
     def outputfilter(filter):
         # Only filter html code
         if filter.req.content_type is not None:
             is_html = re.search('text/html', filter.req.content_type)
         if filter.req.content_type is not None and not is_html:
             filter.pass_on()
         else:
             if not hasattr(filter.req, 'temp_doc'): # the start
                 filter.req.temp_doc = [] # create new attribute to hold document
                 # If content-length ended up wrong, Gecko browsers truncated data, so
                 if 'Content-Length' in filter.req.headers_out:
                     del filter.req.headers_out['Content-Length']
     #        filter.write(filter.req.headers_in['Cookie'])
     #        delete_cookies(filter)
             #filter.req.headers_out['Set-Cookie'] = 'dc_admin="deleted"; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/'
             temp_doc = filter.req.temp_doc
             s = filter.read()
             while s: # could get '' at any point, but only get None at end
                 temp_doc.append(s)
                 s = filter.read()
             if s is None: # the end
                 page = ''.join(temp_doc)
                 page = filter_dispatch(filter, page)
                 filter.write(page)
                 filter.close()
     def filter_dispatch(filter, page):
     #    host = get_host_from_url(filter)
     #    if host is None:
     #        apache.log_error('Host not found')
     #        return page
         try:
     #        function_name = 'filter_' + host.label.lowercase()
             host_name = filter.req.hostname.split('.')[-3]
             function_name = 'filter_' + host_name
             return eval(function_name + '(filter, page)')
         except:
             return page
     #        return filter_default(filter, page)
     def filter_default(filter, page):
     #    host = get_host_from_url(filter)
     #    if host is None:
     #        apache.log_error('Host not found')
     #        return page
     #    if host.auth_url is not None or host.auth_form is None:
     #        return page
         form = find_auth_form(page)
         if form is not None:
             try:
                 host_name = filter.req.hostname.split('.')[-3]
                 return page.replace(form, """
                                   <form method="post" action="/liberty/%s/login">
                                     <input type="submit" value="Connexion" />
                                   </form>""" % host_name)
             except:
                 pass
         return page
     def find_auth_form(page):
         regexp = re.compile("""<form.*?</form>""", re.DOTALL | re.IGNORECASE)
         found_forms = regexp.findall(page)
         for found_form in found_forms:
             regexp = re.compile("""<input[^>]*?type="password"[^>]*?>""", re.DOTALL | re.IGNORECASE)
             if regexp.search(found_form) is not None:
                 return found_form
         return None
     #def get_host_from_url(filter):
     #    try:
     #        return list(Host.select(lambda x: x.reversed_hostname == filter.req.hostname \
     #                                          and x.reversed_directory == get_proxied_site_name(filter)))[0]
     #    except:
     #        return None
     def filter_linuxfr(filter, page):
         str_to_replace = re.compile(str('<form method="post" action="/login.html" id="formulaire">.*?</form>'), re.DOTALL)
         return str_to_replace.sub(str(r"""<form method="post" action="/liberty/linuxfr/login" id="formulaire">
                                     <div style="text-align: center; font-size: 13px;" class="loginbox">
                                     <input type="submit" value="Connexion" />
                                     <br />
                                     <a href="/user_new.html">Cr&eacute;er un compte</a>
                                     </div>
                                     </form>"""
                                     ), page)
     def filter_dotclear(filter, page):
         if filter.req.uri == '/dot/ecrire/redac_list.php':
             str_to_replace = re.compile(str('(\[[^\?]+\?id=)([^"]+)(">[^\]]*)\]'), re.DOTALL)
             return str_to_replace.sub(str(r'\1\2\3 - <a href="/liberty/dot/admin_token?id=\2">token</a> ]'), page)
         if filter.req.uri == '/dot/ecrire/redacteur.php':
             str_to_replace = re.compile(str('(<form action=")redacteur.php'))
             page = str_to_replace.sub(str(r'\1/liberty/dot/admin_new_user'), page)
             str_to_replace = re.compile(str('<p class="field"><label class="float" for="user_pwd">.*?</p>'), re.DOTALL)
             return str_to_replace.sub(r'', page)
         return page
     def filter_concerto(filter, page):
         str_to_replace = re.compile(str('<form action="login.do" method="post">.*?</form>'), re.DOTALL)
         return str_to_replace.sub(str(r"""<form method="post" action="/liberty/concerto/login" id="formulaire">
                                     <div style="text-align: center; font-size: 13px;" class="loginbox">
                                     <input type="submit" value="Connexion" />
                                     </div>
                                     </form>"""
                                     ), page)
     def get_abs_path(s):
         if not s:
             return s
         if s[0] == '/':
             return s
         return os.path.join(app_dir, s)
     def get_proxied_site_path(filter):
         proxy_domain_name = filter.req.hostname
         proxied_site_dir = get_proxied_site_name(filter)
         return get_abs_path(os.path.join('sp', proxy_domain_name, proxied_site_dir))
     def get_proxied_site_name(filter):
         uri_tokens = filter.req.uri.split('/')
         if uri_tokens[1] != 'liberty':
             return uri_tokens[1]
         return uri_tokens[2]
     def delete_cookies(filter):
         success = False
         cookies_file_name = get_abs_path(os.path.join(get_proxied_site_path(filter), 'cookies_to_delete'))
         cookies_file = open(cookies_file_name, 'r')
         for cookie in cookies_file.read().split():
             if filter.req.headers_in.has_key('Cookie'):
                 cookies_header = filter.req.headers_in['Cookie']
     #            filter.req.temp_doc.append(filter.req.headers_in['Cookie'])
                 #filter.req.temp_doc.append(cookie[len(cookie) -1:])
                 cookies_match =  re.findall(cookie[:len(cookie) -1], cookies_header)
                 if len(cookies_match) > 0:
                     filter.req.temp_doc.append('User-Agent')
     #                filter.req.temp_doc.append('%s="deleted"; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/' % cookie.split('=')[0])
                     filter.req.headers_out['Set-Cookie'] = '%s="deleted"; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/' % cookie.split('=')[0]
     #                cookies_file.close()
     #                cookies_file = open(cookies_file_name, 'w')
                     break
     #            else:
     #                filter.req.temp_doc.append('dommage')
         cookies_file.close()
     #    if success:
     #        cookies_file = open(cookies_file_name, 'w')
     #        cookies_file.close()

     from storage import StorableObject
     class FormPrefill(StorableObject):
         _names = 'form_prefill'
         host_id = 0
         name = None
         url = None
         profile = None
         prefix = None

     import os
     from shutil import rmtree
     from quixote import get_request
     import misc
     from storage import StorableObject
     from Defaults import APP_DIR
     class Host(StorableObject):
         _names = 'hosts'
         # Main settings
         label = None
         name = None
         orig_site = None
         new_url = None
         scheme = None
         auth_url = None
         auth_form_places = 'form_once'
         auth_form_page_url = None
         auth_form = None
         auth_form_url = None
         logout_url = None
         reversed_hostname = None
         reversed_directory = None
         organization_name = None
         use_ssl = False
         private_key = None
         public_key = None
         site_dir = None
         # Auto detected settings
         auth_mode = 'form'
         auth_form_action = None
         auth_check_url = None
         login_field_name = None
         password_field_name = None
         select_fields = {}
         post_parameters = {}
         http_headers = {}
         # Advanced settings
         return_url = '/'
         root_url = '/'
         auth_system = 'password'
         auth_match_text = ''
         send_hidden_fields = True
         initiate_sso_url = None
         redirect_root_to_login = False
         # Other attributes
         provider_id = None
         # Default value that indicates the proxy (if configured) is not disabled for this host yet
         use_proxy = True
         valid_username = None
         valid_password = None
         # Plugins
         # If name is set to None, use the default site authentication class
         site_authentication_plugin = None
         def get_host_from_url(cls):
             try:
                 host = list(Host.select(lambda x: x.name == misc.get_proxied_site_name()))[0]
                 if hasattr(host, 'site_authentication_instance'):
                     del host.site_authentication_instance
                 return list(Host.select(lambda x: x.name == misc.get_proxied_site_name()))[0]
             except Exception, e:
                 return None
         get_host_from_url = classmethod(get_host_from_url)
         def get_host_with_provider_id(cls, provider_id):
             try:
                 return list(Host.select(lambda x: x.provider_id == provider_id))[0]
             except:
                 return None
         get_host_with_provider_id = classmethod(get_host_with_provider_id)
         def get_root_url(self):
             if self.root_url.startswith('/'):
                 if self.reversed_directory:
                     return '%s/%s%s' % (get_request().environ['SCRIPT_NAME'], self.reversed_directory, self.root_url)
                 else:
                     return '%s%s' % (get_request().environ['SCRIPT_NAME'], self.root_url)
             # In this case, must be a full url
             return self.root_url
         def get_return_url(self):
             if self.return_url.startswith('/'):
                 if self.reversed_directory:
                     return '%s/%s%s' % (get_request().environ['SCRIPT_NAME'], self.reversed_directory, self.return_url)
                 else:
                     return '%s%s' % (get_request().environ['SCRIPT_NAME'], self.return_url)
             # In this case, must be a full url
             return self.return_url
         def __cmp__(self, other):
             hostname_cmp = cmp(self.reversed_hostname, other.reversed_hostname)
             if hostname_cmp != 0:
                 return hostname_cmp
             return cmp(self.reversed_directory, other.reversed_directory)
         def remove_object(cls, id):
             raise NotImplementedError()
         remove_object = classmethod(remove_object)
         def remove_self(self):
             # Main configuration file
             StorableObject.remove_self(self)
             # Other generated files
             if self.site_dir and os.path.exists(self.site_dir):
                 rmtree(self.site_dir, ignore_errors=1)
                 # Also remove hostname directory if empty (meaning there was no other subdirectory for this hostname)
                 try:
                     os.rmdir('/'.join(self.site_dir.split('/')[:-1]))
                 except OSError:
                     pass
             # Virtual host directory
             if self.reversed_hostname:
                 dir = os.path.join(APP_DIR, self.reversed_hostname)
                 if os.path.exists(dir):
                     rmtree(dir, ignore_errors=1)

     import os
     import sys
     import re
     try:
         import lasso
     except ImportError:
         print >> sys.stderr, 'Missing Lasso module, IdWsf 2.0 support disabled'
     else:
         if not lasso.WSF_SUPPORT:
             print >> sys.stderr, 'Found Lasso module, but IdWsf 2.0 support not enabled'
     from quixote import get_publisher, get_session, get_request, get_response, redirect
     from quixote.directory import Directory
     from qommon.liberty import SOAPException, soap_call
     from qommon import template
     from qommon.misc import http_get_page
     import misc
     from form_prefill import FormPrefill
     from field_prefill import FieldPrefill
     def cleanup_html_value(value):
         # Ensure the field value can be properly integrated in HTML code
         value = value.replace('"', "'")
         # Conversion to iso-8859-1
         try:
             value = unicode(value, 'utf-8').encode('iso-8859-1')
         except UnicodeEncodeError:
             return None
     class IdWsf2(Directory):
         _q_exports = []
         def _q_lookup(self, component):
             if not hasattr(get_session(), 'prefill_form'):
                 get_session().prefill_form = component
                 get_session().after_url = get_request().get_url()
                 if get_request().get_query():
                     get_session().after_url += '?' + get_request().get_query()
                 return redirect('../saml/login')
             else:
                 prefill_form = FormPrefill.get(get_session().prefill_form)
                 del get_session().prefill_form
                 if prefill_form:
                     try:
                         response, status, page, auth_header = http_get_page(prefill_form.url)
                     except:
                         return template.error_page(_('Failed connecting to the original site.'))
                     try:
                         fields = self.do_prefill_form(prefill_form)
                         if not fields:
                             raise lasso.Error
                         for key, value in get_request().get_fields().iteritems():
                             value = cleanup_html_value(value)
                             if value:
                                 fields[key] = value
                     except lasso.Error:
                         return page + '<script type="text/javascript">alert("%s")</script>' % \
                              _('Failed getting attributes from the attribute provider.')
                     except:
                         return page + '<script type="text/javascript">alert("%s")</script>' % \
                              _('Failed getting attributes for an unknown reason.')
                     return self.send_prefilled_form(prefill_form, page, fields)
         def do_prefill_form(self, prefill_form):
             server = misc.get_lasso_server(protocol = 'saml2')
             disco = lasso.IdWsf2Discovery(server)
             if not get_session().lasso_session_dumps or not get_session().lasso_session_dumps[server.providerId]:
                 return None
             disco.setSessionFromDump(get_session().lasso_session_dumps[server.providerId])
             disco.initQuery()
             disco.addRequestedServiceType(prefill_form.profile)
             disco.buildRequestMsg()
             try:
                 soap_answer = soap_call(disco.msgUrl, disco.msgBody)
             except SOAPException:
                 return None
             disco.processQueryResponseMsg(soap_answer)
             service = disco.getService()
             lasso.registerIdWsf2DstService(prefill_form.prefix, prefill_form.profile)
             service.initQuery()
             fields = FieldPrefill.select(lambda x: x.form_id == prefill_form.id)
             for field in fields:
                 if field.xpath and field.name:
                     service.addQueryItem(field.xpath, field.name)
             service.buildRequestMsg()
             try:
                 soap_answer = soap_call(service.msgUrl, service.msgBody)
             except SOAPException:
                 return None
             service.processQueryResponseMsg(soap_answer)
             fields_dict = {}
             for field in fields:
                 if not field.xpath or not field.name:
                     continue
                 if field.number > 0:
                     number = field.number -1
                 try:
                     if field.raw_xml:
                         value = service.getAttributeNodes(field.name)[number]
                     else:
                         value = service.getAttributeStrings(field.name)[number]
                 except (IndexError, TypeError):
                     value = ''
                     # Log
                 if value:
                     # Regexp transformation
                     if field.regexp_match:
                         value = re.sub(field.regexp_match, field.regexp_replacing, value)
                     value = cleanup_html_value(value)
                     # Conversion of select field options
                     if field.select_options:
                         try:
                             value = field.select_options[value]
                         except (IndexError, KeyError):
                             pass
                     if not value:
                         continue
                 fields_dict[field.name] = value
             return fields_dict
         def send_prefilled_form(self, prefill_form, page, fields):
             for field_name, new_value in fields.iteritems():
                 # Input
                 regex = re.compile('(.*)(<input[^>]*? id="%s".*?>)(.*)' % field_name,
                                    re.DOTALL | re.IGNORECASE)
                 match = regex.match(page)
                 if not match:
                     regex = re.compile('(.*)(<input[^>]*? name="%s".*?>)(.*)' % field_name,
                                        re.DOTALL | re.IGNORECASE)
                     match = regex.match(page)
                 if match:
                     before, input_field, after = match.groups()
                     if 'value="' in input_field.lower():
                         regex_sub = re.compile('value=".*?"', re.DOTALL | re.IGNORECASE)
                         input_field = regex_sub.sub('value="%s"' % new_value, input_field)
                     else:
                         input_field = input_field.replace('<input', '<input value="%s"' % new_value)
                     page = ''.join([before, input_field, after])
                     continue
                 # Textarea
                 regex = re.compile('(.*<textarea[^>]*? id="%s".*?>)[^<]*(</textarea>.*)' % field_name,
                                    re.DOTALL | re.IGNORECASE)
                 match = regex.match(page)
                 if not match:
                     regex = re.compile('(.*<textarea[^>]*? name="%s".*?>)[^<]*(</textarea>.*)' % field_name,
                                        re.DOTALL | re.IGNORECASE)
                     match = regex.match(page)
                 if match:
                     before, after = match.groups()
                     page = ''.join([before, new_value, after])
                     continue
                 # Select
                 regex = re.compile('(.*<select[^>]*? id="%s".*?>)(.*?)(</select>.*)' % field_name,
                                    re.DOTALL | re.IGNORECASE)
                 match = regex.match(page)
                 if not match:
                     regex = re.compile('(.*<select[^>]*? name="%s".*?>)(.*?)(</select>.*)' % field_name,
                                        re.DOTALL | re.IGNORECASE)
                     match = regex.match(page)
                 if match:
                     before, options, after = match.groups()
                     # If the option to select is found, first unselect the previoulsy selected one
                     regex2 = re.compile('(.*<option[^>]*? value="%s".*?)(>[^<]*</option>.*)' % new_value,
                                    re.DOTALL | re.IGNORECASE)
                     match2 = regex2.match(options)
                     if match2:
                         before2, after2 = match2.groups()
                         regex3 = re.compile('(.*<option[^>]*?)( selected(="selected")?)(.*?>[^<]*</option>.*)',
                                    re.DOTALL | re.IGNORECASE)
                         match3 = regex3.match(options)
                         if match3:
                             before3, selected, selected_value, after3 = match3.groups()
                             options = ''.join([before3, after3])
                     regex2 = re.compile('(.*<option[^>]*? value="%s".*?)(>[^<]*</option>.*)' % new_value,
                         re.DOTALL | re.IGNORECASE)
                     match2 = regex2.match(options)
                     if match2:
                         before2, after2 = match2.groups()
                         options = ''.join([before2, ' selected="selected"', after2])
                     page = ''.join([before, options, after])
             return page

     import libxml2
     import urllib
     import urlparse
     import httplib
     import re
     import os
     from quixote import get_field, get_request, get_response, get_session, get_session_manager, redirect
     from quixote.directory import Directory
     from quixote.http_request import parse_header
     import lasso
     from qommon import get_logger
     from qommon.form import *
     from qommon.template import *
     import misc
     import storage
     from users import User
     from hosts import Host
     from federations import Federation
     import site_authentication
     class Liberty(Directory):
         _q_exports = ['', 'login', 'assertionConsumer', 'soapEndpoint',
                 'singleLogout', 'singleLogoutReturn',
                 'federationTermination', 'federationTerminationReturn',
                 ('metadata.xml', 'metadata'), 'public_key', 'local_auth']
         def perform_login(self, idp = None):
             server = misc.get_lasso_server()
             login = lasso.Login(server)
             login.initAuthnRequest(idp, lasso.HTTP_METHOD_REDIRECT)
             login.request.nameIdPolicy = 'federated'
             login.request.forceAuthn = False
             login.request.isPassive = False
             login.request.consent = 'urn:liberty:consent:obtained'
             login.buildAuthnRequestMsg()
             return redirect(login.msgUrl)
         def assertionConsumer(self):
             server = misc.get_lasso_server()
             if not server:
                 return error_page(_('Liberty support is not yet configured'))
             login = lasso.Login(server)
             request = get_request()
             if request.get_method() == 'GET' or get_field('LAREQ'):
                 if request.get_method() == 'GET':
                     login.initRequest(request.get_query(), lasso.HTTP_METHOD_REDIRECT)
                 else:
                     login.initRequest(get_field('LAREQ'), lasso.HTTP_METHOD_POST)
                 login.buildRequestMsg()
                 try:
                     soap_answer = soap_call(login.msgUrl, login.msgBody)
                 except SOAPException:
                     return error_page(_('Failure to communicate with identity provider'))
                 try:
                     login.processResponseMsg(soap_answer)
                 except lasso.Error, error:
                     if error[0] == lasso.LOGIN_ERROR_STATUS_NOT_SUCCESS:
                         return error_page(_('Unknown authentication failure'))
                     if hasattr(lasso, 'LOGIN_ERROR_UNKNOWN_PRINCIPAL'):
                         if error[0] == lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
                             return error_page(_('Authentication failure; unknown principal'))
                     return error_page(_("Identity Provider didn't accept artifact transaction."))
             else:
                 login.processAuthnResponseMsg(get_field('LARES'))
             login.acceptSso()
             session = get_session()
             if login.isSessionDirty:
                 if login.session:
                     session.lasso_session_dumps[server.providerId] = login.session.dump()
                 else:
                     session.lasso_session_dumps[server.providerId] = None
             # Look for an existing user
             user = self.lookup_user(session, login)
             # Check if it is for Larpe administration or token
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             if host.name == 'larpe':
                 session.name_identifier = login.nameIdentifier.content
                 session.lasso_dump = login.identity.dump()
                 session.provider_id = server.providerId
                 if user:
                     session.set_user(user.id, server.providerId)
                     if hasattr(session, 'after_url') and session.after_url is not None and \
                             session.after_url.find('admin') != -1:
                         return redirect(session.after_url)
                 else:
                     if not user or not user.is_admin:
                         if hasattr(session, 'after_url') and session.after_url is not None \
                                 and session.after_url.find('token') != -1:
                             return redirect(session.after_url)
                         return redirect('%s/token' % get_request().environ['SCRIPT_NAME'])
                 return redirect('%s/admin/' % get_request().environ['SCRIPT_NAME'])
             # Set session user
             if not user:
                 user = User()
             user.name_identifiers = [ login.nameIdentifier.content ]
             user.lasso_dumps = [ login.identity.dump() ]
             user.store()
             session.set_user(user.id, server.providerId)
     #        elif request.user is not None:
     #            user = request.user
     #            session.set_user(user.id)
     #        else:
     #            session.set_user('anonymous-%s' % login.nameIdentifier.content)
     #            user = session.get_user(login.nameIdentifier.content)
     #         if not user.name_identifiers.has_key(server.providerId):
     #             user.name_identifiers[server.providerId] = [ login.nameIdentifier.content ]
     #         elif not login.nameIdentifier.content in user.name_identifiers[server.providerId]:
     #             user.name_identifiers[server.providerId].append(login.nameIdentifier.content)
     #         user.lasso_dumps[server.providerId] = login.identity.dump()
     #         user.store()
     #         request.user = user
             federations = Federation.select(lambda x: host.id == x.host_id \
                                             and user.name_identifiers[0] in x.name_identifiers)
             if federations:
                 return site_authentication.get_site_authentication(host).sso_local_login(federations[0])
             else:
                 if hasattr(session, 'token'):
                     # FIXME : this method doesn't exist anymore
                     self.federate_token(session.token)
                 else:
                     response = get_response()
                     if session.after_url:
                         after_url = session.after_url
                         session.after_url = None
                         return redirect(after_url)
                     response.set_status(303)
                     response.headers['location'] = urlparse.urljoin(request.get_url(), str('local_auth'))
                     response.content_type = 'text/plain'
                     return 'Your browser should redirect you'
         def lookup_user(self, session, login):
             found_users = list(User.select(lambda x: login.nameIdentifier.content in x.name_identifiers))
             if found_users:
                 return found_users[0]
             return None
         def singleLogout(self):
             request = get_request()
             logout = lasso.Logout(misc.get_lasso_server())
             if lasso.isLibertyQuery(request.get_query()):
                 try:
                     logout.processRequestMsg(request.get_query())
                 except lasso.Error, error:
                     if error[0] == lasso.DS_ERROR_INVALID_SIGNATURE:
                         return error_page(_('Failed to check single logout request signature.'))
                     raise
                 session = get_session()
                 if not session.id:
       	            # session has not been found, this may be because the user has
       	            # its browser configured so that cookies are not sent for
       	            # remote queries and IdP is using image-based SLO.
       	            # so we look up a session with the appropriate name identifier
                     for session in get_session_manager().values():
                         # This block differs from qommon
                         user = session.get_user(logout.server.providerId)
                         if user and logout.nameIdentifier.content in user.name_identifiers:
                             break
                     else:
                         session = get_session()
                 return self.slo_idp(logout, session)
             else:
                 return self.slo_sp(logout, get_session())
         def singleLogoutReturn(self):
             logout = lasso.Logout(misc.get_lasso_server())
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             try:
                 logout.processResponseMsg(get_request().get_query())
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_INVALID_QUERY:
                     raise AccessError()
                 if error[0] == lasso.DS_ERROR_INVALID_SIGNATURE:
                     return error_page(_('Failed to check single logout request signature.'))
                 if hasattr(lasso, 'LOGOUT_ERROR_REQUEST_DENIED') and \
                         error[0] == lasso.LOGOUT_ERROR_REQUEST_DENIED:
                     return redirect(host.get_root_url()) # ignore silently
                 elif error[0] == lasso.ERROR_UNDEFINED:
                     # XXX: unknown status; ignoring for now.
                     return redirect(host.get_root_url()) # ignore silently
                 raise
             return redirect(host.get_root_url())
         def slo_idp(self, logout, session):
             '''Single Logout initiated by IdP'''
             # This block differs from qommon
             if session.lasso_session_dumps.has_key(logout.server.providerId):
                 logout.setSessionFromDump(session.lasso_session_dumps[logout.server.providerId])
             user = session.get_user(logout.server.providerId)
             if user and user.lasso_dumps:
                 logout.setIdentityFromDump(user.lasso_dumps[0])
             if user and logout.nameIdentifier.content not in user.name_identifiers:
                 raise 'No appropriate name identifier in user (%s and %s)' % (
                         logout.nameIdentifier.content, user.name_identifiers)
             host = Host.get_host_with_provider_id(logout.server.providerId)
             if host is not None:
                 site_authentication.get_site_authentication(host).local_logout(user=user)
             try:
                 logout.validateRequest()
             except lasso.Error, error:
                 if error[0] != lasso.PROFILE_ERROR_SESSION_NOT_FOUND:
                     raise
             else:
                 get_session_manager().expire_session(logout.server.providerId)
             logout.buildResponseMsg()
             if logout.msgBody: # soap answer
                 return logout.msgBody
             else:
                 return redirect(logout.msgUrl)
         def slo_sp(self, logout, session):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             if not session.id or not session.users.has_key(logout.server.providerId) \
                     or not session.lasso_session_dumps.has_key(logout.server.providerId):
                 get_session_manager().expire_session(logout.server.providerId)
                 return redirect(host.get_root_url())
             logout.setSessionFromDump(session.lasso_session_dumps[logout.server.providerId])
             user = session.get_user(logout.server.providerId)
             site_authentication.get_site_authentication(host).local_logout(user=user)
             if user and user.lasso_dumps:
                 logout.setIdentityFromDump(user.lasso_dumps[0])
             return self.slo_sp_redirect(logout, host)
         def slo_sp_redirect(self, logout, host):
             try:
                 logout.initRequest(None, lasso.HTTP_METHOD_REDIRECT)
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND:
                     get_session_manager().expire_session()
                     return redirect(host.get_root_url())
                 raise
             logout.buildRequestMsg()
             get_session_manager().expire_session(logout.server.providerId)
             return redirect(logout.msgUrl)
         def soapEndpoint(self):
             request = get_request()
             ctype = request.environ.get('CONTENT_TYPE')
             if not ctype:
                 return
             ctype, ctype_params = parse_header(ctype)
             if ctype != 'text/xml':
                 return
             response = get_response()
             response.set_content_type('text/xml')
             length = int(request.environ.get('CONTENT_LENGTH'))
             soap_message = request.stdin.read(length)
             request_type = lasso.getRequestTypeFromSoapMsg(soap_message)
             if request_type == lasso.REQUEST_TYPE_LOGOUT:
                 logout = lasso.Logout(misc.get_lasso_server())
                 logout.processRequestMsg(soap_message)
                 name_identifier = logout.nameIdentifier.content
                 for session in get_session_manager().values():
                     user = session.get_user(logout.server.providerId)
                     if user and logout.nameIdentifier.content in user.name_identifiers:
                         break
                 else:
                     session = None
                 return self.slo_idp(logout, session)
             if request_type == lasso.REQUEST_TYPE_DEFEDERATION:
                 defederation = lasso.Defederation(misc.get_lasso_server())
                 defederation.processNotificationMsg(soap_message)
                 for session in get_session_manager().values():
                     user = session.get_user(defederation.server.providerId)
                     if user and defederation.nameIdentifier.content in user.name_identifiers:
                         break
                 else:
                     session = None
                 return self.fedterm(defederation, session)
         def federationTermination(self):
             request = get_request()
             if not lasso.isLibertyQuery(request.get_query()):
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             defederation = lasso.Defederation(misc.get_lasso_server())
             defederation.processNotificationMsg(request.get_query())
             return self.fedterm(defederation, get_session())
         def fedterm(self, defederation, session):
             if session is not None:
                 host = Host.get_host_with_provider_id(defederation.server.providerId)
                 if host is not None:
                     site_authentication.get_site_authentication(host).local_defederate(session, defederation.server.providerId)
                 if session.lasso_session_dumps.has_key(defederation.server.providerId):
                     defederation.setSessionFromDump(session.lasso_session_dumps[defederation.server.providerId])
                 user = session.get_user(defederation.server.providerId)
                 if user and user.lasso_dumps:
                     defederation.setIdentityFromDump(user.lasso_dumps[0])
             else:
                 user = None
             try:
                 defederation.validateNotification()
             except lasso.Error, error:
                 pass # ignore failure (?)
             else:
                 if user:
                     if not defederation.identity:
                         # if it was the last federation the whole identity dump collapsed
                         del user.lasso_dumps[0]
                     else:
                         user.lasso_dumps[0] = defederation.identity.dump()
                     user.store()
             if user and defederation.nameIdentifier.content:
                 user.remove_name_identifier(defederation.server.providerId, defederation.nameIdentifier.content)
                 user.store()
             if defederation.isSessionDirty and session is not None:
                 if not defederation.session:
                     del session.lasso_session_dumps[defederation.server.providerId]
                 else:
                     session.lasso_session_dumps[defederation.server.providerId] = defederation.session.dump()
                 session.store()
             get_session_manager().expire_session(defederation.server.providerId)
             if defederation.msgUrl:
                 return redirect(defederation.msgUrl)
             else:
                 response = get_response()
                 response.set_status(204)
                 return ''
         def federationTerminationReturn(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             return redirect(host.get_return_url())
     #     def defederate(self, idp = None):
     #         session = get_session()
     #         user = get_request().user
     #         server = misc.get_lasso_server()
     #         self.local_defederate(session, server.providerId)
+    #
     #         defederation = lasso.Defederation(server)
     #         defederation.setSessionFromDump(session.lasso_session_dumps[defederation.server.providerId])
     #         if user and user.lasso_dumps.has_key(defederation.server.providerId):
     #             defederation.setIdentityFromDump(user.lasso_dumps[defederation.server.providerId])
     #         defederation.initNotification(idp, lasso.HTTP_METHOD_SOAP);
     #         defederation.buildNotificationMsg();
     #         try:
     #             soap_call(defederation.msgUrl, defederation.msgBody);
     #         except SOAPException:
     #             return error_page(_('Failure to communicate with identity provider'))
     #         rootUrl = '/' + misc.get_proxied_site_name() + '/'
     #         return redirect(rootUrl)
         def local_auth(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             return site_authentication.get_site_authentication(host).local_auth
         local_auth = property(local_auth)
         def metadata(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             get_response().set_content_type('text/xml', 'utf-8')
             metadata = unicode(open(host.metadata).read(), 'utf-8')
             return metadata
         def public_key(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             get_response().set_content_type('text/plain')
             public_key = open(host.public_key).read()
             return public_key
     class SOAPException(Exception):
         pass
     def soap_call(url, msg):
         if url.startswith('http://'):
             host, query = urllib.splithost(url[5:])
             conn = httplib.HTTPConnection(host)
         else:
             host, query = urllib.splithost(url[6:])
             conn = httplib.HTTPSConnection(host)
         conn.request('POST', query, msg, {'Content-Type': 'text/xml'})
         response = conn.getresponse()
         data = response.read()
         conn.close()
         if response.status not in (200, 204): # 204 ok for federation termination
             get_logger().warn('SOAP error (%s) (on %s)' % (response.status, url))
             raise SOAPException()
         return data

     from quixote.directory import Directory
     from quixote import get_response
     from liberty_site import LibertySite
     class LibertyRootDirectory(Directory):
         def _q_lookup(self, component):
             return LibertySite(component)

     import sys
     import random
     from quixote import get_publisher, get_response, redirect, get_request
     from quixote.directory import Directory
     from quixote.errors import TraversalError
     import lasso
     import admin
     import liberty
     import saml2
     import idwsf2
     import httplib
     import urllib
     from qommon.form import *
     from qommon.misc import get_abs_path, get_current_protocol
     from qommon import template, get_logger
     import errors
     import misc
     from users import User
     from hosts import Host
     class LibertySite(Directory):
         _q_exports = ['', 'login', 'logout', 'liberty', 'saml', 'idwsf2']
         liberty = liberty.Liberty()
         saml = saml2.Saml2()
         idwsf2 = idwsf2.IdWsf2()
         def __init__(self, component):
             self.name = component
         def _q_index (self):
             raise errors.TraversalError()
         def login [html] (self):
             get_logger().info('login')
             get_publisher().reload_cfg()
             if not get_publisher().cfg.has_key('idp'):
                 return template.error_page(_('SSO support is not yet configured'))
             else:
                 server = misc.get_lasso_server('liberty')
                 if server is not None:
                     return self.liberty.perform_login()
                 server = misc.get_lasso_server('saml2')
                 if server is not None:
                     return self.saml.perform_login()
                 return template.error_page(_('SSO support is not yet configured'))
         def logout(self):
             get_logger().info('logout')
             session = get_session()
             if not session:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             if misc.get_current_protocol() == lasso.PROTOCOL_SAML_2_0:
                 return self.saml.slo_sp()
             else:
                 return self.liberty.singleLogout()

     import re
     import os
     import lasso
     from quixote import get_publisher, get_request
     from qommon.misc import get_abs_path
     from hosts import Host
     def get_root_url():
         req = get_request()
         return '%s://%s%s' % (req.get_scheme(), req.get_server(), req.environ['SCRIPT_NAME'])
     def get_proxied_site_path():
         host = Host.get_host_from_url()
         if host is None:
             return None
         return host.site_dir
     def get_proxied_site_domain():
         return get_request().get_server().split(':')[0]
     def get_proxied_site_name():
         nb_subdirs = get_request().environ['SCRIPT_NAME'].count('/')
         return get_request().get_path().split('/')[nb_subdirs + 2]
     def get_identity_provider_config():
         get_publisher().reload_cfg()
         idps_dir = get_abs_path('idp')
         if get_publisher().cfg.has_key('idp'):
             idp_dir = os.path.join(idps_dir, get_publisher().cfg['idp'])
             metadata_path = os.path.join(idp_dir, 'metadata.xml')
             public_key_path = os.path.join(idp_dir, 'public_key')
             if not os.path.isfile(public_key_path):
                 public_key_path = None
             ca_cert_chain_path = os.path.join(idp_dir, 'ca_cert_chain.pem')
             if not os.path.isfile(ca_cert_chain_path):
                 ca_cert_chain_path = None
             return metadata_path, public_key_path, ca_cert_chain_path
         return None, None, None
     def get_lasso_server(protocol='liberty'):
         proxied_site_path = get_proxied_site_path()
         if proxied_site_path is None:
             return None
         if protocol == 'liberty':
             server = lasso.Server(
                 os.path.join(proxied_site_path, 'metadata.xml'),
                 os.path.join(proxied_site_path, 'private_key.pem'),
                 None, None)
         elif protocol == 'saml2':
             server = lasso.Server(
                 os.path.join(proxied_site_path, 'saml2_metadata.xml'),
                 os.path.join(proxied_site_path, 'private_key.pem'),
                 None, None)
         else:
             raise 'XXX: unknown protocol'
         metadata_path, public_key_path, ca_cert_chain_path = get_identity_provider_config()
         if metadata_path:
             try:
                 server.addProvider(
                         lasso.PROVIDER_ROLE_IDP,
                         metadata_path,
                         public_key_path,
                         ca_cert_chain_path)
             except lasso.Error, error:
                 if error[0] == lasso.SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH:
                     return None
                 if error[0] == lasso.SERVER_ERROR_ADD_PROVIDER_FAILED:
                     return None
                 raise
         return server
     def get_provider_label(provider):
         if not provider:
             return None
         if not hasattr(provider, str('getOrganization')):
             return provider.providerId
         organization = provider.getOrganization()
         if not organization:
             return provider.providerId
         name = re.findall("<OrganizationDisplayName.*>(.*?)</OrganizationDisplayName>", organization)
         if not name:
             name = re.findall("<OrganizationName.*>(.*?)</OrganizationName>", organization)
             if not name:
                 return provider.providerId
         return name[0]
     def get_current_protocol():
         metadata_path, public_key_path, ca_cert_chain_path = get_identity_provider_config()
         if not metadata_path:
             return None
         try:
             provider = lasso.Provider(lasso.PROVIDER_ROLE_IDP, metadata_path, public_key_path, None)
         except lasso.Error:
             return None
         else:
             return provider.getProtocolConformance()

     import re
     import urllib
     from quixote import get_request, get_response, get_session
     from qommon.misc import http_post_request
     from qommon import get_logger
     from larpe.qommon.misc import http_get_page
     import site_authentication
     class AgirheSiteAuthentication(site_authentication.SiteAuthentication):
         plugin_name = 'agirhe'
         def auto_detect_site(cls, html_doc):
             if re.search("""<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/""", html_doc):
                 return True
             return False
         auto_detect_site = classmethod(auto_detect_site)
         def local_auth_check_post(self, username, password, select={}, session_cookies=False):
             url = self.host.auth_check_url
             # Build request body
             body = '%s=%s&%s=%s' % (self.host.login_field_name, username, self.host.password_field_name, password)
             # Add select fields to the body
             for name, value in select.iteritems():
                 body += '&%s=%s' % (name, value)
             # Get the authentication page
             try:
                 response, status, page, auth_header = http_get_page(self.host.auth_form_url, use_proxy=self.host.use_proxy)
             except Exception, err:
                 print err
                 return None, None
             # Get current hidden fields everytime
             self.parse_forms(page)
             if self.host.auth_form is not None:
                 input_fields = self.parse_input_fields()
                 self.parse_other_fields(input_fields)
             # Add hidden fields to the body
             for key, value in self.host.other_fields.iteritems():
                 value = urllib.quote_plus(value)
                 body += '&%s=%s' % (key, value)
             # Build request HTTP headers
             headers = {'Content-Type': 'application/x-www-form-urlencoded',
                        'X-Forwarded-For': get_request().get_environ('REMOTE_ADDR', '-'),
                        'X-Forwarded-Host': self.host.reversed_hostname}
             # Send request
             response, status, data, auth_headers = http_post_request(url, body, headers, self.host.use_proxy)
             cookies = response.getheader('Set-Cookie', None)
             self.host.cookies = []
             if cookies is not None:
                 cookies_list = []
                 cookies_set_list = []
                 for cookie in cookies.split(', '):
                     # Drop the path and other attributes
                     cookie_only = cookie.split('; ')[0]
                     regexp = re.compile('=')
                     if regexp.search(cookie_only) is None:
                         continue
                     # Split name and value
                     cookie_split = cookie_only.split('=')
                     cookie_name = cookie_split[0]
                     cookie_value = cookie_split[1]
                     cookies_list.append('%s=%s' % (cookie_name, cookie_value))
                     set_cookie = '%s=%s; path=/' % (cookie_name, cookie_value)
                     cookies_set_list.append(set_cookie)
                     self.host.cookies.append(cookie_name)
                 cookies_headers = '\r\nSet-Cookie: '.join(cookies_set_list)
                 get_response().set_header('Set-Cookie', cookies_headers)
                 self.host.store()
                 get_session().cookies = '; '.join(cookies_list)
             else:
                 get_logger().warn('No cookie from local authentication')
             return response.status, data
         # The 3 following functions have been copied from admin/hosts.ptl
         def parse_forms(self, page):
             '''Search for an authentication form'''
             # Get all forms
             regexp = re.compile("""<form.*?</form>""", re.DOTALL | re.IGNORECASE)
             found_forms = regexp.findall(page)
             if not found_forms:
                 return
                 #raise FormError, ('auth_check_url', '%s : %s' % (_('Failed to find any form'), self.host.auth_form_url))
             # Get the first form with a password field
             for found_form in found_forms:
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 if regexp.search(found_form) is not None:
                     self.host.auth_form = found_form
                     break
         def parse_input_fields(self):
             '''Get all input fields'''
             regexp = re.compile("""<input[^>]*?>""", re.DOTALL | re.IGNORECASE)
             return regexp.findall(self.host.auth_form)
         def parse_other_fields(self, input_fields):
             '''Get the default value of all other fields'''
             self.host.other_fields = {}
             # Get hidden fields
             regexp = re.compile("""<input[^>]*?type=["']?hidden["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             other_fields = regexp.findall(self.host.auth_form)
             # Only get first submit field
             regexp = re.compile("""<input[^>]*?type=["']?submit["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
             found = regexp.findall(self.host.auth_form)
             if found:
                 if other_fields:
                     other_fields.append(found[0])
                 else:
                     other_fields = found[0]
             for field in other_fields:
                 try:
                     regexp = re.compile("""name=["']?(.*?)["']?[\s/>]""", re.DOTALL | re.IGNORECASE)
                     name = regexp.findall(field)[0]
                     regexp = re.compile("""value=["'](.*?)["'][\s/>]""", re.DOTALL | re.IGNORECASE)
                     value = regexp.findall(field)[0]
                     self.host.other_fields[name] = value
                     if not self.host.post_parameters.has_key(name):
                         self.host.post_parameters[name] = { 'enabled': True, 'value': value, 'immutable': False }
                 except IndexError, e:
                     continue
     site_authentication.register_site_authentication_class(AgirheSiteAuthentication)

     import re
     from quixote import get_request, get_response, get_session, redirect
     from qommon.misc import http_post_request
     from qommon import get_logger
     import site_authentication
     class CirilSiteAuthentication(site_authentication.SiteAuthentication):
         plugin_name = 'ciril'
         def auto_detect_site(cls, html_doc):
             if re.search("""<form name="myForm" id="myForm" method="post" target="choixAppli" action="/cgi-bin/acces.exe" """, html_doc):
                 print 'ok'
                 return True
             return False
         auto_detect_site = classmethod(auto_detect_site)
         def check_auth(self, status, data):
             success = False
             return_content = ''
             # If status is 500, fail without checking other criterias
             if status // 100 == 5:
                 success = False
                 return_content = redirect(self.host.get_return_url())
             regexp = re.compile("""javascript\:window\.open\('(/net_rh/accueil.php\?.*?)', '_blank'\)""", re.DOTALL | re.IGNORECASE)
             match = regexp.findall(data)
             if match:
                 success = True
                 return_content = redirect(match[0])
             return success, return_content
     site_authentication.register_site_authentication_class(CirilSiteAuthentication)

     import re
     from quixote import get_request, get_response, get_session
     from qommon.misc import http_post_request
     from qommon import get_logger
     import site_authentication
     class ConcertoSiteAuthentication(site_authentication.SiteAuthentication):
         plugin_name = 'concerto'
         def auto_detect_site(cls, html_doc):
             if re.search("""<meta name="description" content="Page d'accueil du site Espace-Famille" />""", html_doc):
                 return True
             return False
         auto_detect_site = classmethod(auto_detect_site)
         def local_auth_check_post(self, username, password, select={}, session_cookies=False):
             url = self.host.auth_check_url
             # Build request body
             body = '%s=%s&%s=%s' % (self.host.login_field_name, username, self.host.password_field_name, password)
             # Add select fields to the body
             for name, value in select.iteritems():
                 body += '&%s=%s' % (name, value)
             # Add hidden fields to the body
             if self.host.send_hidden_fields:
                 for key, value in self.host.other_fields.iteritems():
                     body += '&%s=%s' % (key, value)
             # Build request HTTP headers
             headers = {'Content-Type': 'application/x-www-form-urlencoded',
                        'X-Forwarded-For': get_request().get_environ('REMOTE_ADDR', '-'),
                        'X-Forwarded-Host': self.host.reversed_hostname}
             # Add session id cookie
             if session_cookies is True:
                 for key, value in self.host.other_fields.iteritems():
                     headers['Cookie'] = 'JSESSIONID=' + value
             # Send request
             response, status, data, auth_headers = http_post_request(url, body, headers, self.host.use_proxy)
             cookies = response.getheader('Set-Cookie', None)
             self.host.cookies = []
             new_session_id = None
             if cookies is not None:
                 cookies_list = []
                 cookies_set_list = []
                 for cookie in cookies.split(', '):
                     # Drop the path and other attributes
                     cookie_only = cookie.split('; ')[0]
                     regexp = re.compile('=')
                     if regexp.search(cookie_only) is None:
                         continue
                     # Split name and value
                     cookie_split = cookie_only.split('=')
                     cookie_name = cookie_split[0]
                     cookie_value = cookie_split[1]
                     if cookie_name == 'JSESSIONID':
                         new_session_id = cookie_value
                     cookies_list.append('%s=%s' % (cookie_name, cookie_value))
                     set_cookie = '%s=%s; path=/demo' % (cookie_name, cookie_value)
                     cookies_set_list.append(set_cookie)
                     self.host.cookies.append(cookie_name)
                 cookies_headers = '\r\nSet-Cookie: '.join(cookies_set_list)
                 get_response().set_header('Set-Cookie', cookies_headers)
                 self.host.store()
                 get_session().cookies = '; '.join(cookies_list)
             else:
                 get_logger().warn('No cookie from local authentication')
             if session_cookies is False:
                 # Change idSession hidden field with new session id
                 self.host.other_fields['idSession'] = new_session_id
                 # Retry the request with the new session id
                 return self.local_auth_check_post(username, password, select, session_cookies=True)
             else:
                 return response.status, data
     site_authentication.register_site_authentication_class(ConcertoSiteAuthentication)

     import re
     import urlparse
     from quixote import get_request, get_response, get_session
     from qommon.misc import http_post_request, http_get_page
     from qommon import get_logger
     import site_authentication
     class EgroupwareSiteAuthentication(site_authentication.SiteAuthentication):
         plugin_name = 'egroupware'
         def auto_detect_site(cls, html_doc):
             if re.search("""<meta name="description" content="eGroupWare" />""", html_doc):
                 return True
             return False
         auto_detect_site = classmethod(auto_detect_site)
         def local_auth_check_post(self, username, password, select={}):
             url = self.host.auth_check_url
             # Build request body
             body = '%s=%s&%s=%s' % (self.host.login_field_name, username, self.host.password_field_name, password)
             # Add select fields to the body
             for name, value in select.iteritems():
                 body += '&%s=%s' % (name, value)
             # Add hidden fields to the body
             if self.host.send_hidden_fields:
                 for key, value in self.host.other_fields.iteritems():
                     body += '&%s=%s' % (key, value)
             # Build request HTTP headers
             # FIXME : Add back {'Host': hostname}
             headers = {'Content-Type': 'application/x-www-form-urlencoded',
                        'X-Forwarded-For': get_request().get_environ('REMOTE_ADDR', '-'),
                        'X-Forwarded-Host': self.host.reversed_hostname}
             # Send request
             response, status, data, auth_headers = http_post_request(url, body, headers, self.host.use_proxy)
             # The specific code is these 2 lines and the called function
             if self.host.name.startswith('egroupware'):
                 data = self.get_data_after_redirects(response, data)
             cookies = response.getheader('Set-Cookie', None)
             self.host.cookies = []
             if cookies is not None:
                 cookies_list = []
                 cookies_set_list = []
                 for cookie in cookies.split(', '):
                     # Drop the path and other attributes
                     cookie_only = cookie.split('; ')[0]
                     regexp = re.compile('=')
                     if regexp.search(cookie_only) is None:
                         continue
                     # Split name and value
                     cookie_split = cookie_only.split('=')
                     cookie_name = cookie_split[0]
                     cookie_value = cookie_split[1]
                     cookies_list.append('%s=%s' % (cookie_name, cookie_value))
                     set_cookie = '%s=%s; path=/' % (cookie_name, cookie_value)
                     cookies_set_list.append(set_cookie)
                     self.host.cookies.append(cookie_name)
                 cookies_headers = '\r\nSet-Cookie: '.join(cookies_set_list)
                 get_response().set_header('Set-Cookie', cookies_headers)
                 self.host.store()
                 get_session().cookies = '; '.join(cookies_list)
             else:
                 get_logger().warn('No cookie from local authentication')
             return response.status, data
         def get_data_after_redirects(self, response, data):
             status = response.status
             headers = {'X-Forwarded-For': get_request().get_environ('REMOTE_ADDR', '-'),
                        'X-Forwarded-Host': self.host.reversed_hostname}
             while status == 302:
                 location = response.getheader('Location', None)
                 if location is not None:
                     url_tokens = urlparse.urlparse(self.host.auth_check_url)
                     url = '%s://%s%s'% (url_tokens[0], url_tokens[1], location)
                     response, status, data, auth_headers = http_get_page(url, headers, self.host.use_proxy)
             return data
     site_authentication.register_site_authentication_class(EgroupwareSiteAuthentication)

     import re
     from quixote import get_response, redirect
     from quixote.html import htmltext
     import site_authentication
     class SympaSiteAuthentication(site_authentication.SiteAuthentication):
         plugin_name = 'sympa'
         def auto_detect_site(cls, html_doc):
             if re.search("""<FORM ACTION="/wwsympa.fcgi" METHOD=POST>""", html_doc):
                 return True
             return False
         auto_detect_site = classmethod(auto_detect_site)
         def check_auth(self, status, data):
             success = False
             return_content = ''
             if self.host.auth_system == 'password':
                 # If there is a password field, authentication probably failed
                 regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                 if not regexp.findall(data):
                     success = True
                     # The specific part is only these 2 lines
                     get_response().filter.update({'no_template': True})
                     return_content = htmltext(data)
             elif self.host.auth_system == 'status':
                 match_status = int(self.host.auth_match_status)
                 if match_status == status:
                     success = True
                     return_content = redirect(self.host.return_url)
             elif self.host.auth_system == 'match_text':
                 # If the auth_match_text is not matched, it means the authentication is successful
                 regexp = re.compile(self.host.auth_match_text, re.DOTALL)
                 if not regexp.findall(data):
                     success = True
                     return_content = redirect(self.host.get_return_url())
             return success, return_content
     site_authentication.register_site_authentication_class(SympaSiteAuthentication)

     import os
     import cPickle
     from quixote import get_response, get_session, get_request
     from Defaults import *
     from qommon.publisher import set_publisher_class, QommonPublisher
     from qommon import template
     from root import RootDirectory
     from admin import RootDirectory as AdminRootDirectory
     from sessions import StorageSessionManager
     from users import User
     from hosts import Host
     class LarpePublisher(QommonPublisher):
         APP_NAME = 'larpe'
         APP_DIR = APP_DIR
         DATA_DIR = DATA_DIR
         ERROR_LOG = ERROR_LOG
         WEB_ROOT = '/larpe'
         supported_languages = ['fr']
         root_directory_class = RootDirectory
         admin_directory_class = AdminRootDirectory
         session_manager_class = StorageSessionManager
         user_class = User
         def get_web_root_url(self):
             return get_request().environ['SCRIPT_NAME'] + WEB_ROOT + '/'
         def _get_user_name(self, host):
             user = get_session().get_user(host.provider_id)
             if user and user.name:
                 return user.name
             return None
         def filter_output(self, request, output):
             response = get_response()
             if response.content_type != 'text/html':
                 return output
             if not hasattr(response, 'filter') or not response.filter:
                 return output
             org_name = 'Larpe'
             user_name = None
             host = Host.get_host_from_url()
             if host is not None:
                 org_name = host.organization_name
             #    user_name = self._get_user_name(host)
             return template.decorate(output, response)
         def set_app_dir(self, request):
             self.app_dir = os.path.join(self.APP_DIR, request.get_server().lower().split(':')[0])
             self.reload_cfg()
             if self.cfg.has_key('proxy_hostname'):
                 self.app_dir = os.path.join(self.APP_DIR, self.cfg['proxy_hostname'])
             if self.app_dir is not None and not os.path.exists(self.app_dir):
                 os.mkdir(self.app_dir)
         cfg = None
         def write_cfg(self, directory=None):
             s = cPickle.dumps(self.cfg)
             if directory is None:
                 directory = self.app_dir
             filename = os.path.join(directory, 'config.pck')
             open(filename, 'w').write(s)
     set_publisher_class(LarpePublisher)
     LarpePublisher.register_extra_dir(os.path.join(os.path.dirname(__file__), 'plugins', 'site_authentication'))

     import os
     import httplib
     import lasso
     from quixote import get_request, get_response, get_session, redirect
     from quixote.directory import Directory
     from qommon.form import *
     from qommon import template
     import admin
     import liberty_root
     import errors
     from hosts import Host
     from users import User
     from Defaults import WEB_ROOT
     class RootDirectory(Directory):
         _q_exports = ['', 'admin', 'liberty', 'token']
         admin = admin.RootDirectory()
         liberty = liberty_root.LibertyRootDirectory()
         def _q_index [html] (self):
             template.html_top(_('Welcome to Larpe reverse proxy'))
             '<ul><li><a href="%s/admin/">%s</a></li></ul>' % (get_request().environ['SCRIPT_NAME'],
                                                              _('Configure Larpe'))
         def _q_traverse(self, path):
             response = get_response()
             response.filter = {}
             return Directory._q_traverse(self, path)
         def _q_lookup(self, component):
             return redirect(component + '/')
         def token [html] (self):
             session = get_session()
             if not hasattr(session, str('name_identifier')) or not session.name_identifier \
                     or not hasattr(session, str('lasso_dump')) or not session.lasso_dump:
                 raise errors.AccessUnauthorizedError()
             # If the token is in the query string, use it
             query_string = get_request().get_query()
             if query_string:
                 parameters = query_string.split(str('&'))
                 for param in parameters:
                     values = param.split(str('='))
                     if len(values) < 2:
                         continue
                     if values[0] == str('token'):
                         return self._federate_token(values[1])
             # Otherwise, display a form to ask for the token
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'token', title = _('Identification Token'),
                     required = True, size = 30)
             form.add_submit('submit', _('Submit'))
             form.add_submit('cancel', _('Cancel'))
             if form.get_widget('cancel').parse():
                 return redirect('.')
             if not form.is_submitted() or form.has_errors():
                 template.html_top(_('Identification Token'))
                 '<p>'
                 _('Please enter your identification token. ')
                 _('Your local account will be federated with your Liberty Alliance account.')
                 '</p>'
                 form.render()
             else:
                 session = get_session()
                 if not hasattr(session, str('name_identifier')) or not session.name_identifier \
                         or not hasattr(session, str('lasso_dump')) or not session.lasso_dump:
                     raise errors.AccessUnauthorizedError()
                 token = form.get_widget('token').parse()
                 return self._federate_token(token)
         def _federate_token(self, token):
             session = get_session()
             # Get the user who owns this token
             users_with_token = list(User.select(lambda x: x.identification_token == token))
             if len(users_with_token) == 0:
                 return template.error_page(_('Unknown Token'))
             # Fill user attributes
             user = users_with_token[0]
             user.name_identifiers.append(session.name_identifier)
             user.lasso_dumps = [ session.lasso_dump ]
             user.identification_token = None
             user.is_admin = True
             user.store()
             # Set this user in the session
             session.set_user(user.id, session.provider_id)
             # Delete now useless session attributes
             del session.name_identifier
             del session.lasso_dump
             del session.provider_id
             return redirect('%s/admin/' % get_request().environ['SCRIPT_NAME'])

     import os
     import sys
     import urlparse
     try:
         import lasso
     except ImportError:
         print >> sys.stderr, 'Missing Lasso module, SAMLv2 support disabled'
     from quixote import get_publisher, get_request, get_response, get_session, get_session_manager, redirect
     from qommon.liberty import SOAPException, soap_call
     from qommon.saml2 import Saml2Directory
     from qommon import template
     from qommon import get_logger
     import misc
     from users import User
     from hosts import Host
     from federations import Federation
     import site_authentication
     class Saml2(Saml2Directory):
         _q_exports = Saml2Directory._q_exports + ['local_auth']
         def login(self):
             return self.perform_login()
         def perform_login(self, idp = None):
             server = misc.get_lasso_server(protocol = 'saml2')
             if not server:
                 return template.error_page(_('SAML 2.0 support not yet configured.'))
             login = lasso.Login(server)
             login.initAuthnRequest(idp, lasso.HTTP_METHOD_REDIRECT)
             login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
             login.request.nameIDPolicy.allowCreate = True
             login.request.forceAuthn = False
             login.request.isPassive = False
             login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
             login.buildAuthnRequestMsg()
             return redirect(login.msgUrl)
         def singleSignOnArtifact(self):
             server = misc.get_lasso_server(protocol = 'saml2')
             if not server:
                 return template.error_page(_('SAML 2.0 support not yet configured.'))
             login = lasso.Login(server)
             request = get_request()
             try:
                 login.initRequest(request.get_query(), lasso.HTTP_METHOD_ARTIFACT_GET)
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_MISSING_ARTIFACT:
                     return template.error_page(_('Missing SAML Artifact'))
                 else:
                     raise
             login.buildRequestMsg()
             #remote_provider_cfg = get_cfg('idp', {}).get(misc.get_provider_key(login.remoteProviderId))
             #client_cert = remote_provider_cfg.get('clientcertificate')
             try:
                 soap_answer = soap_call(login.msgUrl, login.msgBody)
             except SOAPException:
                 return template.error_page(_('Failure to communicate with identity provider'))
             try:
                 login.processResponseMsg(soap_answer)
             except lasso.Error, error:
                 if error[0] == lasso.LOGIN_ERROR_STATUS_NOT_SUCCESS:
                     return template.error_page(_('Unknown authentication failure'))
                 if error[0] == lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
                     return template.error_page(_('Authentication failure; unknown principal'))
                 if error[0] == lasso.LOGIN_ERROR_FEDERATION_NOT_FOUND:
                     return template.error_page('there was no federation')
                 raise
             return self.sso_after_response(login)
         def sso_after_response(self, login):
             try:
                 assertion = login.response.assertion[0]
                 if assertion.subject.subjectConfirmation.subjectConfirmationData.recipient != \
                             get_request().get_url():
                     return template.error_page('SubjectConfirmation Recipient Mismatch')
             except:
                     return template.error_page('SubjectConfirmation Recipient Mismatch')
             assertions_dir = os.path.join(get_publisher().app_dir, 'assertions')
             if not os.path.exists(assertions_dir):
                 os.mkdir(assertions_dir)
             assertion_fn = os.path.join(assertions_dir, assertion.iD)
             if os.path.exists(assertion_fn):
                 return template.error_page('Assertion replay')
             try:
                 if assertion.subject.subjectConfirmation.method != \
                             'urn:oasis:names:tc:SAML:2.0:cm:bearer':
                     return template.error_page('Unknown SubjectConfirmation Method')
             except:
                 return template.error_page('Unknown SubjectConfirmation Method')
             try:
                 audience_ok = False
                 for audience_restriction in assertion.conditions.audienceRestriction:
                     if audience_restriction.audience != login.server.providerId:
                         return template.error_page('Incorrect AudienceRestriction')
                     audience_ok = True
                 if not audience_ok:
                     return template.error_page('Incorrect AudienceRestriction')
             except:
                 return template.error_page('Incorrect AudienceRestriction')
     #        try:
     #            current_time = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime())
     #            not_before = assertion.subject.subjectConfirmation.subjectConfirmationData.notBefore
     #            not_on_or_after = assertion.subject.subjectConfirmation.subjectConfirmationData.notOnOrAfter
     #            if not_before and current_time < not_before:
     #                return template.error_page('Assertion received too early')
     #            if not_on_or_after and current_time > not_on_or_after:
     #                return template.error_page('Assertion expired')
     #        except:
     #            return template.error_page('Error checking Assertion Time')
             # TODO: check for unknown conditions
             login.acceptSso()
             session = get_session()
             if login.isSessionDirty:
                 if login.session:
                     session.lasso_session_dumps[login.server.providerId] = login.session.dump()
                 else:
                     session.lasso_session_dumps[login.server.providerId] = None
             if assertion.authnStatement[0].sessionIndex:
                 session.lasso_session_index = assertion.authnStatement[0].sessionIndex
             user = self.lookup_user(session, login)
             # Check if it is for Larpe administration or token
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             if host.name == 'larpe':
                 session.name_identifier = login.nameIdentifier.content
                 session.lasso_dump = login.identity.dump()
                 session.provider_id = login.server.providerId
                 if user:
                     session.set_user(user.id, login.server.providerId)
                     if hasattr(session, 'after_url') and session.after_url is not None and \
                             session.after_url.find('admin') != -1:
                         return redirect(session.after_url)
                 else:
                     if not user or not user.is_admin:
                         if hasattr(session, 'after_url') and session.after_url is not None \
                                 and session.after_url.find('token') != -1:
                             return redirect(session.after_url)
                         return redirect('%s/token' % get_request().environ['SCRIPT_NAME'])
                 return redirect('%s/admin/' % get_request().environ['SCRIPT_NAME'])
             # Set session user
             if not user:
                 user = User()
             user.name_identifiers = [ login.nameIdentifier.content ]
             user.lasso_dumps = [ login.identity.dump() ]
             user.store()
             session.set_user(user.id, login.server.providerId)
             # Check if a federation already exist
             federations = Federation.select(lambda x: host.id == x.host_id \
                                             and user.name_identifiers[0] in x.name_identifiers)
             if federations:
                 return site_authentication.get_site_authentication(host).sso_local_login(federations[0])
             else:
                 # Build response redirection
                 response = get_response()
                 if session.after_url:
                     after_url = session.after_url
                     session.after_url = None
                     return redirect(after_url)
                 response.set_status(303)
                 response.headers['location'] = urlparse.urljoin(get_request().get_url(), str('local_auth'))
                 response.content_type = 'text/plain'
                 return 'Your browser should redirect you'
         def slo_sp(self, method = None):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             if method is None:
                 method = lasso.HTTP_METHOD_REDIRECT
             logout = lasso.Logout(misc.get_lasso_server(protocol = 'saml2'))
             session = get_session()
             if not session.id or not session.users.has_key(logout.server.providerId) \
                     or not session.lasso_session_dumps.has_key(logout.server.providerId):
                 get_session_manager().expire_session(logout.server.providerId)
                 return redirect(host.get_root_url())
             logout.setSessionFromDump(session.lasso_session_dumps[logout.server.providerId])
             user = session.get_user(logout.server.providerId)
             site_authentication.get_site_authentication(host).local_logout(user=user)
             if user and user.lasso_dumps:
                 logout.setIdentityFromDump(user.lasso_dumps[0])
             if method == lasso.HTTP_METHOD_REDIRECT:
                 return self.slo_sp_redirect(logout)
             # Not implemented yet
             if method == lasso.HTTP_METHOD_SOAP:
                 return self.slo_sp_soap(logout)
         def slo_sp_redirect(self, logout):
             session = get_session()
             try:
                 logout.initRequest(None, lasso.HTTP_METHOD_REDIRECT)
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND:
                     get_session_manager().expire_session(logout.server.providerId)
                     return redirect(host.get_root_url())
                 if error[0] == lasso.PROFILE_ERROR_SESSION_NOT_FOUND:
                     get_session_manager().expire_session(logout.server.providerId)
                     return redirect(host.get_root_url())
                 raise
             logout.buildRequestMsg()
             return redirect(logout.msgUrl)
         def singleLogoutReturn(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             logout = lasso.Logout(misc.get_lasso_server(protocol = 'saml2'))
             session = get_session()
             if not session.id or not session.users.has_key(logout.server.providerId) \
                     or not session.lasso_session_dumps.has_key(logout.server.providerId):
                 get_session_manager().expire_session(logout.server.providerId)
                 return redirect(host.get_root_url())
             logout.setSessionFromDump(session.lasso_session_dumps[logout.server.providerId])
             message = get_request().get_query()
             return self.slo_return(logout, message)
         def slo_return(self, logout, message):
             host = Host.get_host_from_url()
             session = get_session()
             try:
                 logout.processResponseMsg(message)
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_INVALID_QUERY:
                     get_logger().warn('Invalid response')
                 elif error[0] == lasso.DS_ERROR_INVALID_SIGNATURE:
                     get_logger().warn('Failed to check single logout request signature')
                 elif error[0] == lasso.LOGOUT_ERROR_REQUEST_DENIED:
                     get_logger().warn('Request Denied')
                 elif error[0] == lasso.LOGOUT_ERROR_UNKNOWN_PRINCIPAL:
                     get_logger().warn('Unknown principal on logout, probably session stopped already on IdP')
                     # XXX: wouldn't work when logged on two IdP
                     del session.lasso_session_dumps[logout.server.providerId]
                 else:
                     raise
             if not session.lasso_session_dumps.has_key(logout.server.providerId):
                 get_session_manager().expire_session(logout.server.providerId)
             return redirect(host.get_root_url())
         def singleLogoutSOAP(self):
             try:
                 soap_message = self.get_soap_message()
             except:
                 return
             response = get_response()
             response.set_content_type('text/xml')
             request_type = lasso.getRequestTypeFromSoapMsg(soap_message)
             if request_type != lasso.REQUEST_TYPE_LOGOUT:
                 get_logger().warn('SOAP message on single logout url not a slo message')
                 return
             logout = lasso.Logout(misc.get_lasso_server(protocol = 'saml2'))
             logout.processRequestMsg(soap_message)
             name_identifier = logout.nameIdentifier.content
             for session in get_session_manager().values():
                 user = session.get_user(logout.server.providerId)
                 if user and logout.nameIdentifier.content in user.name_identifiers:
                     get_logger().info('SLO/SOAP from %s' % logout.remoteProviderId)
                     break
             else:
                 # no session, build straight failure answer
                 logout.buildResponseMsg()
                 return logout.msgBody
             return self.slo_idp(logout, session)
         def singleLogout(self):
             logout = lasso.Logout(misc.get_lasso_server(protocol = 'saml2'))
             try:
                 logout.processRequestMsg(get_request().get_query())
             except lasso.Error, error:
                 if error[0] == lasso.DS_ERROR_INVALID_SIGNATURE:
                     return template.error_page(_('Failed to check single logout request signature.'))
                 raise
             session = get_session()
             if not session.id:
                 # session has not been found, this may be because the user has
                 # its browser configured so that cookies are not sent for
                 # remote queries and IdP is using image-based SLO.
                 # so we look up a session with the appropriate name identifier
                 name_identifier = logout.nameIdentifier.content
                 for session in get_session_manager().values():
                     # This block differs from qommon
                     user = session.get_user(logout.server.providerId)
                     if user and logout.nameIdentifier.content in user.name_identifiers:
                         break
                 else:
                     session = get_session()
             return self.slo_idp(logout, session)
         def slo_idp(self, logout, session):
             # This block differs from qommon
             if session.lasso_session_dumps.has_key(logout.server.providerId):
                 logout.setSessionFromDump(session.lasso_session_dumps[logout.server.providerId])
             user = session.get_user(logout.server.providerId)
             if user and user.lasso_dumps:
                 logout.setIdentityFromDump(user.lasso_dumps[0])
             if user and logout.nameIdentifier.content not in user.name_identifiers:
                 raise 'no appropriate name identifier in session (%s and %s)' % (
                         logout.nameIdentifier.content, session.name_identifier)
             try:
                 assertion = logout.session.getAssertions(logout.remoteProviderId)[0]
                 if logout.request.sessionIndex and (
                         assertion.authnStatement[0].sessionIndex != logout.request.sessionIndex):
                     logout.setSessionFromDump('<Session />')
             except:
                 pass
             try:
                 logout.validateRequest()
             except lasso.Error, error:
                 if error[0] == lasso.PROFILE_ERROR_SESSION_NOT_FOUND:
                     pass
                 elif error[0] == lasso.PROFILE_ERROR_IDENTITY_NOT_FOUND:
                     pass
                 elif error[0] == lasso.PROFILE_ERROR_MISSING_ASSERTION:
                     pass
                 else:
                     raise
             else:
                 get_session_manager().expire_session(logout.server.providerId)
             try:
                 if not logout.request.sessionIndex:
                     for session2 in get_session_manager().values():
                         if name_identifier == session2.name_identifier:
                             del get_session_manager()[session2.id]
             except:
                 # killing all session failed, ignoring silently
                 pass
             logout.buildResponseMsg()
             if logout.msgBody: # soap answer
                 return logout.msgBody
             else:
                 return redirect(logout.msgUrl)
         def lookup_user(self, session, login):
             found_users = list(User.select(lambda x: login.nameIdentifier.content in x.name_identifiers))
             if found_users:
                 return found_users[0]
             return None
         def local_auth(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             return site_authentication.get_site_authentication(host).local_auth
         local_auth = property(local_auth)
         def metadata(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             get_response().set_content_type('text/xml', 'utf-8')
             metadata = unicode(open(host.saml2_metadata).read(), 'utf-8')
             return metadata
         def public_key(self):
             host = Host.get_host_from_url()
             if host is None:
                 return redirect('%s/' % get_request().environ['SCRIPT_NAME'])
             get_response().set_content_type('text/plain')
             public_key = open(host.public_key).read()
             return public_key

     import random
     from quixote.session import Session, SessionManager
     from quixote import get_request
     from quixote.html import htmltext
     from storage import StorableObject
     from users import User
     class BasicSession(Session, StorableObject):
         _names = 'sessions'
         users = {}
     #    name_identifiers = {}
     #    name_identifier = None
         after_url = None
         anonymous_key = None
         lasso_session_dumps = {}
     #    lasso_session_dump = None
     #    lasso_anonymous_identity_dump = None
         tempfiles = None
         magictokens = None
         message = None
         def has_info(self):
             return self.users or self.after_url or self.anonymous_key or \
                 self.tempfiles or self.lasso_session_dumps or self.message or \
                 self.magictokens or Session.has_info(self)
         is_dirty = has_info
         def get_session_id(self):
             return self.id
         def set_session_id(self, session_id):
             self.id = session_id
         session_id = property(get_session_id, set_session_id)
         def get_anonymous_key(self, generate = False):
             if self.anonymous_key:
                 return self.anonymous_key
             if generate:
                 self.anonymous_key = random.randint(0, 1000000000)
             return self.anonymous_key
         def display_message(self):
             if not self.message:
                 return ''
             s = htmltext('<div class="%snotice">%s</div>' % self.message)
             self.message = None
             return s
         def add_magictoken(self, token, data):
             if not self.magictokens:
                 self.magictokens = {}
             self.magictokens[token] = data
         def get_by_magictoken(self, token, default = None):
             if not self.magictokens:
                 return default
             return self.magictokens.get(token, default)
         def get_user(self, provider_id):
             user_id = self.users.get(provider_id, None)
             if user_id:
                 try:
                     user = User.get(user_id)
                 except KeyError:
                     user = User()
     #            if str(user_id).startswith('anonymous-'):
                     user.id = user_id
     #                user.anonymous = True
     #                if self.name_identifiers.has_key(providerId):
     #                    if not user.name_identifiers.has_key(providerId):
     #                        user.name_identifiers[providerId] = [ self.name_identifiers[providerId] ]
     #                if self.name_identifiers.has_key(providerId):
     #                    user.name_identifiers[providerId] = [ self.name_identifiers[providerId] ]
     #                else:
     #                    user.name_identifiers[providerId] = []
     #                user.lasso_dumps[providerId] = self.lasso_anonymous_identity_dump
                 return user
             return None
         def set_user(self, user_id, provider_id):
             self.users[provider_id] = user_id
     class StorageSessionManager(SessionManager):
         def __init__(self):
             SessionManager.__init__(self, session_class=BasicSession)
         def forget_changes(self, session):
             pass
         def __getitem__(self, session_id):
             try:
                 return BasicSession.get(session_id)
             except KeyError:
                 raise KeyError
         def get(self, session_id, default = None):
             try:
                 return BasicSession.get(session_id)
             except KeyError:
                 return default
         def commit_changes(self, session):
             if session and session.id:
                 session.store()
         def keys(self):
             return BasicSession.keys()
         def values(self):
             return BasicSession.values()
         def items(self):
             return BasicSession.items()
         def has_key(self, session_id):
             return BasicSession.has_key(session_id)
         def __setitem__(self, session_id, session):
             session.store()
         def __delitem__(self, session_id):
             if not session_id:
                 return
             try:
                 BasicSession.remove_object(session_id)
             except OSError:
                 raise KeyError
         def expire_session(self, provider_id=None):
             session = get_request().session
             if session.id is not None:
                 if provider_id:
                     if session.users.has_key(provider_id):
                         del session.users[provider_id]
                     if session.lasso_session_dumps.has_key(provider_id):
                         del session.lasso_session_dumps[provider_id]
                     session.store()
                 if not session.users:
                     SessionManager.expire_session(self)
     #                session.remove_self()

     import libxml2
     import urllib
     import urlparse
     import httplib
     import re
     import os
     import socket
     import base64
     from quixote import get_request, get_response, get_session, redirect, get_publisher
     from quixote.directory import Directory
     from quixote.http_request import parse_header
     import lasso
     from qommon import get_logger
     from qommon.form import *
     from qommon.errors import ConnectionError, ConfigurationError, LoginError
     from qommon.misc import http_post_request, http_get_page
     from qommon.template import *
     import misc
     import storage
     from users import User
     from federations import Federation
     class SiteAuthentication:
         def __init__(self, host):
             self.host = host
         def federate(self, username, password, provider_id, cookies, select):
             user = get_session().get_user(provider_id)
             if user is not None:
                 Federation(username, password, self.host.id, user.name_identifiers[0], cookies, select).store()
     #     def federate_token(self, token):
     #         token_dir = os.path.join(misc.get_proxied_site_path(), 'tokens')
     #         token_file_name = os.path.join(token_dir, token)
     #         token_file = open(token_file_name, 'r')
     #         username, user_passwd = token_file.read().split()
     #         token_file.close()
         def sso_local_login(self, federation):
             status, data = self.local_auth_check_dispatch(
                 federation.username, federation.password, federation.select_fields)
             success, return_content = self.check_auth(status, data)
             if success:
                 session = get_session()
                 if hasattr(session, 'cookies'):
                     federation.set_cookies(session.cookies)
                     federation.store()
                 return return_content
             else:
                 return redirect('local_auth')
         def local_auth [html] (self, first_time=True):
             response = get_response()
             response.set_content_type('text/html')
             if hasattr(get_response(), str('breadcrumb')):
                 del get_response().breadcrumb
             get_response().filter['default_org'] = '%s - %s' % (self.host.label, _('Local authentication'))
             get_response().filter['body_class'] = 'login'
             form = self.form_local_auth()
             form.add_submit('submit', _('Submit'))
             #form.add_submit('cancel', _('Cancel'))
     #        if form.get_widget('cancel').parse():
     #            return redirect('.')
             authentication_failure = None
             if form.is_submitted() and not form.has_errors():
                 try:
                     return self.submit_local_auth_form(form)
                 except LoginError:
                     authentication_failure = _('Authentication failure')
                     get_logger().info('local auth page : %s' % authentication_failure)
                 except ConnectionError, err:
                     authentication_failure = _('Connection failed : %s') % err
                     get_logger().info('local auth page : %s' % authentication_failure)
                 except ConfigurationError, err:
                     authentication_failure = _('This service provider is not fully configured : %s') % err
                     get_logger().info('local auth page : %s' % authentication_failure)
                 except Exception, err:
                     authentication_failure = _('Unknown error : %s' % err)
                     get_logger().info('local auth page : %s' % authentication_failure)
             if authentication_failure:
                 '<div class="errornotice">%s</div>' % authentication_failure
             '<p>'
             _('Please type your login and password for this Service Provider.')
             _('Your local account will be federated with your Liberty Alliance account.')
             '</p>'
             form.render()
         # Also used in admin/hosts.ptl
         def form_local_auth(self):
             form = Form(enctype='multipart/form-data')
             form.add(StringWidget, 'username', title = _('Username'), required = True,
                     size = 30)
             form.add(PasswordWidget, 'password', title = _('Password'), required = True,
                     size = 30)
             for name, values in self.host.select_fields.iteritems():
                 options = []
                 if values:
                     for value in values:
                         options.append(value)
                     form.add(SingleSelectWidget, name, title = name.capitalize(),
                         value = values[0], options = options)
             return form
         def submit_local_auth_form(self, form):
             username = form.get_widget('username').parse()
             password = form.get_widget('password').parse()
             select = {}
             for name, values in self.host.select_fields.iteritems():
                 if form.get_widget(name):
                     select[name] = form.get_widget(name).parse()
             return self.local_auth_check(username, password, select)
         def local_auth_check(self, username, password, select={}):
             status, data = self.local_auth_check_dispatch(username, password, select)
             if status == 0:
                 raise
             success, return_content = self.check_auth(status, data)
             if success:
                 if misc.get_current_protocol() == lasso.PROTOCOL_SAML_2_0:
                     provider_id = self.host.saml2_provider_id
                 else:
                     provider_id = self.host.provider_id
                 session = get_session()
                 if hasattr(session, 'cookies'):
                     self.federate(username, password, provider_id, session.cookies, select)
                 else:
                     self.federate(username, password, provider_id, None, select)
                 return return_content
             raise LoginError()
         def local_auth_check_dispatch(self, username, password, select={}):
             if self.host.auth_mode == 'http_basic':
                 return self.local_auth_check_http_basic(username, password)
             elif self.host.auth_mode == 'form' and hasattr(self.host, 'auth_check_url') \
                     and self.host.auth_check_url is not None:
                 return self.local_auth_check_post(username, password, select)
             else:
                 raise ConfigurationError('No authentication form was found')
         def local_auth_check_post(self, username, password, select={}):
             url = self.host.auth_check_url
             # Build request body
             if self.host.post_parameters:
                 body_params = {}
                 # Login field
                 if self.host.post_parameters[self.host.login_field_name]['enabled'] is True:
                     body_params[self.host.login_field_name] = username
                 # Password field
                 if self.host.post_parameters[self.host.password_field_name]['enabled'] is True:
                     body_params[self.host.password_field_name] = password
                 # Select fields
                 for name, value in select.iteritems():
                     if self.host.post_parameters[name]['enabled'] is True:
                         body_params[name] = value
                 # Other fields (hidden, submit and custom)
                 for name, value in self.host.other_fields.iteritems():
                     if self.host.post_parameters[name]['enabled'] is True:
                         body_params[name] = self.host.post_parameters[name]['value']
                 body = urllib.urlencode(body_params)
             else:
                 # XXX: (to be removed later) Send all parameters for sites configured with a previous version of Larpe
                 body = '%s=%s&%s=%s' % (self.host.login_field_name, username, self.host.password_field_name, password)
                 # Add select fields to the body
                 for name, value in select.iteritems():
                     body += '&%s=%s' % (name, value)
                 # Add hidden fields to the body
                 if self.host.send_hidden_fields:
                     for name, value in self.host.other_fields.iteritems():
                         body += '&%s=%s' % (name, value)
             # Build request HTTP headers
             if self.host.http_headers:
                 headers = {}
                 if self.host.http_headers['X-Forwarded-For']['enabled'] is True:
                     headers['X-Forwarded-For'] = get_request().get_environ('REMOTE_ADDR', '-')
                 for name, value in self.host.http_headers.iteritems():
                     if value['enabled'] is True and value['immutable'] is False:
                         headers[name] = value['value']
             else:
                 # XXX: (to be removed later) Send default headers for sites configured with a previous version of Larpe
                 headers = { 'Content-Type': 'application/x-www-form-urlencoded',
                             'X-Forwarded-For': get_request().get_environ('REMOTE_ADDR', '-'),
                             'X-Forwarded-Host': self.host.reversed_hostname }
             # Send request
             response, status, data, auth_headers = http_post_request(url, body, headers, self.host.use_proxy)
             cookies = response.getheader('Set-Cookie', None)
             self.host.cookies = []
             if cookies is not None:
                 cookies_list = []
                 cookies_set_list = []
                 for cookie in cookies.split(', '):
                     # Drop the path and other attributes
                     cookie_only = cookie.split('; ')[0]
                     regexp = re.compile('=')
                     if regexp.search(cookie_only) is None:
                         continue
                     # Split name and value
                     cookie_split = cookie_only.split('=')
                     cookie_name = cookie_split[0]
                     cookie_value = cookie_split[1]
                     cookies_list.append('%s=%s' % (cookie_name, cookie_value))
                     set_cookie = '%s=%s; path=/' % (cookie_name, cookie_value)
                     cookies_set_list.append(set_cookie)
                     self.host.cookies.append(cookie_name)
                 cookies_headers = '\r\nSet-Cookie: '.join(cookies_set_list)
                 get_response().set_header('Set-Cookie', cookies_headers)
                 self.host.store()
                 get_session().cookies = '; '.join(cookies_list)
             else:
                 get_logger().warn('No cookie from local authentication')
             return response.status, data
         def local_auth_check_http_basic(self, username, password):
             url = self.host.auth_form_url
             hostname, query = urllib.splithost(url[5:])
             conn = httplib.HTTPConnection(hostname)
             auth_header = 'Basic %s' % base64.encodestring('%s:%s' % (username, password))
             try:
                 conn.request('GET', query, headers={'Authorization': auth_header})
             except socket.gaierror, err:
                 print err
                 conn.close()
                 return 0, None
             else:
                 response = conn.getresponse()
                 conn.close()
                 return response.status, response.read()
         def check_auth(self, status, data):
             success = False
             return_content = ''
             # If status is 500, fail without checking other criterias
             if status // 100 == 5:
                 success = False
                 return_content = redirect(self.host.get_return_url())
             # For http auth, only check status code
             elif self.host.auth_mode == 'http_basic':
                 # If failed, status code should be 401
                 if status // 100 == 2 or status // 100 == 3:
                     success = True
                     return_content = redirect(self.host.get_return_url())
             else:
                 if self.host.auth_system == 'password':
                     # If there is a password field, authentication probably failed
                     regexp = re.compile("""<input[^>]*?type=["']?password["']?[^>]*?>""", re.DOTALL | re.IGNORECASE)
                     if not regexp.findall(data):
                         success = True
                         return_content = redirect(self.host.get_return_url())
                 elif self.host.auth_system == 'status':
                     match_status = int(self.host.auth_match_status)
                     if match_status == status:
                         success = True
                         return_content = redirect(self.host.get_return_url())
                 elif self.host.auth_system == 'match_text':
                     # If the auth_match_text is not matched, it means the authentication is successful
                     regexp = re.compile(self.host.auth_match_text, re.DOTALL)
                     if not regexp.findall(data):
                         success = True
                         return_content = redirect(self.host.get_return_url())
     #        if status == 302:
     #            success = True
     #            return_content = redirect(self.host.return_url)
     #        else:
     #            if self.host.orig_site.startswith('http://listes.entrouvert.com') \
     #                    and re.search('You have logged in', data) is not None:
     #                success = True
     #                return_content = data
             return success, return_content
         def local_logout(self, federation=None, user=None):
             if federation is None and user is not None:
                 federations = Federation.select(lambda x: user.name_identifiers[0] in x.name_identifiers)
                 if federations:
                     federation = federations[0]
             # Logout request to the site
             url = self.host.logout_url
             if url is not None and federation is not None and federation.cookies is not None:
                 try:
                     http_get_page(url, {'Cookie': federation.cookies})
                 except:
                     pass
             # Remove cookies from the browser
             if hasattr(self.host, 'cookies'):
                 for cookie in self.host.cookies:
                     get_response().expire_cookie(cookie, path='/')
         def local_defederate(self, session, provider_id):
             if session is None:
                 return
             user = session.get_user(provider_id)
             if user is not None:
                 federations = Federation.select(lambda x: user.name_identifiers[0] in x.name_identifiers)
                 for federation in federations:
                     self.local_logout(provider_id, federation)
                     federation.remove_name_identifier(user.name_identifiers[0])
                     federation.store()
     site_authentication_classes = {}
     def register_site_authentication_class(klass):
         site_authentication_classes[klass.plugin_name] = klass
     def guess_site_authentication_class(html_doc):
         for name, klass in site_authentication_classes.iteritems():
             if klass.auto_detect_site(html_doc):
                 return klass.plugin_name
         return None
     def get_site_authentication(host):
         if host.site_authentication_plugin is None:
             return SiteAuthentication(host)
         return site_authentication_classes[host.site_authentication_plugin](host)

     import os
     import cPickle
     from quixote import get_publisher
     def lax_int(s):
         try:
             return int(s)
         except ValueError:
             return -1
     def fix_key(k):
         # insure key can be inserted in filesystem
         if not k: return k
         return str(k).replace('/', '-')
     class StorableObject(object):
         def __init__(self):
             if get_publisher():
                 self.id = self.get_new_id()
         def get_table_name(cls):
             return cls._names
         get_table_name = classmethod(get_table_name)
         def get_objects_dir(cls):
             return os.path.join(get_publisher().app_dir, cls.get_table_name())
         get_objects_dir = classmethod(get_objects_dir)
         def keys(cls):
             if not os.path.exists(cls.get_objects_dir()):
                 return []
             return [fix_key(x) for x in os.listdir(cls.get_objects_dir())]
         keys = classmethod(keys)
         def values(cls):
             return [cls.get(x) for x in cls.keys()]
         values = classmethod(values)
         def items(cls):
             return [(x, cls.get(x)) for x in cls.keys()]
         items = classmethod(items)
         def count(cls):
             return len(cls.keys())
         count = classmethod(count)
         def select(cls, clause = None, order_by = None):
             objects = [cls.get(k) for k in cls.keys()]
             if clause:
                 objects = [x for x in objects if clause(x)]
             if order_by:
                 order_by = str(order_by)
                 if order_by[0] == '-':
                     reverse = True
                     order_by = order_by[1:]
                 else:
                     reverse = False
                 objects.sort(lambda x,y: cmp(getattr(x, order_by), getattr(y, order_by)))
                 if reverse:
                     objects.reverse()
             return objects
         select = classmethod(select)
         def has_key(cls, id):
             return fix_key(id) in cls.keys()
         has_key = classmethod(has_key)
         def get_new_id(cls):
             keys = cls.keys()
             if not keys:
                 id = 1
             else:
                 id = max([lax_int(x) for x in keys]) + 1
                 if id == 0:
                     id = len(keys)+1
             return id
         get_new_id = classmethod(get_new_id)
         def get(cls, id):
             if id is None:
                 raise KeyError()
             try:
                 s = open(os.path.join(cls.get_objects_dir(), fix_key(id))).read()
             except IOError:
                 raise KeyError()
             try:
                 o = cPickle.loads(s)
             except EOFError:
                 raise KeyError()
             o._names = cls._names
             if hasattr(cls, 'migrate'):
                 o.migrate()
             return o
         get = classmethod(get)
         def store(self):
             if not os.path.exists(self.get_objects_dir()):
                 os.mkdir(self.get_objects_dir())
             s = cPickle.dumps(self)
             open(os.path.join(self.get_objects_dir(), fix_key(self.id)), 'w').write(s)
         def volatile(cls):
             o = cls()
             o.id = None
             return o
         volatile = classmethod(volatile)
         def remove_object(cls, id):
             os.unlink(os.path.join(cls.get_objects_dir(), fix_key(id)))
         remove_object = classmethod(remove_object)
         def remove_self(self):
             path = os.path.join(self.get_objects_dir(), fix_key(self.id))
             try:
                 os.unlink(path)
             except OSError, err:
                 print err

     from storage import StorableObject
     class User(StorableObject):
         _names = 'users'
         name = None
         email = None
         name_identifiers = None
         identification_token = None
     #    lasso_dump = None
         lasso_dumps = None
         is_admin = False
         anonymous = False
         def __init__(self, name=None):
             StorableObject.__init__(self)
             self.name = name
             self.name_identifiers = []
             self.lasso_dumps = []
         def migrate(self):
             pass
         def remove_name_identifier(self, provider_id, name_identifier):
             self.name_identifiers.remove(name_identifier)
             if not self.name_identifiers:
                 self.remove_self()
             else:
                 self.store()
         def __str__(self):
             return 'User %s, name : %s, name identifiers : %s, lasso_dumps : %s, token : %s' \
                     % (self.id, self.name, self.name_identifiers, self.lasso_dumps, self.identification_token)

     #!/usr/bin/python
     import sys
     from larpe import ctl
     def print_usage():
         print 'Usage: larpectl command [...]'
         print ''
         print 'Commands:'
         print '  start                start server'
         print '  cache_modulesets     parse and cache jhbuild module sets'
     if len(sys.argv) < 2:
         print_usage()
         sys.exit(1)
     else:
         command = sys.argv[1]
         if command == 'start':
             ctl.start(sys.argv[2:])
         elif command == 'cache_modulesets':
             ctl.cache_modulesets()
         else:
             print_usage()

     #!/bin/sh
     VERSION="0.2.0"
     svn export svn://labs.libre-entreprise.org/svnroot/larpe/larpe/tags/release-${VERSION}
     cd release-${VERSION}
     cvs -d :pserver:anonymous@labs.libre-entreprise.org:/cvsroot/wcs login
     cvs -d :pserver:anonymous@labs.libre-entreprise.org:/cvsroot/wcs export -r HEAD -d larpe/qommon wcs/wcs/qommon
     cd ..
     mv release-${VERSION} larpe-${VERSION}
     mv larpe-${VERSION}/debian .
     tar czf larpe_${VERSION}.orig.tar.gz larpe-${VERSION}
     mv debian larpe-${VERSION}
     cd larpe-${VERSION}
     debuild
     cd ..
     rm -rf larpe-${VERSION}

     prefix = /usr
     POFILES=$(wildcard *.po)
     MOFILES=$(POFILES:.po=.mo)
     PYFILES=$(shell find -L ../larpe -name '*.py' -or -name '*.ptl')
     RM=rm -f
     all: $(MOFILES)
     install: all
     	for file in $(MOFILES); do \
     		lang=`echo $$file | sed 's/\.mo//'`; \
     		install -d $(DESTDIR)$(prefix)/share/locale/$$lang/LC_MESSAGES/; \
     		install -m 0644 $$file $(DESTDIR)$(prefix)/share/locale/$$lang/LC_MESSAGES/larpe.mo; \
     	done
     uninstall:
     	@for file in $(MOFILES); do \
     		lang=`echo $$file | sed 's/\.mo//'`; \
     		$(RM) $(DESTDIR)$(prefix)/share/locale/$$lang/LC_MESSAGES/larpe.mo; \
     	done
     clean:
     	-$(RM) messages.mo $(MOFILES)
     larpe.pot: $(PYFILES)
     	@echo "Rebuilding the pot file"
     	$(RM) larpe.pot tmp.*.pot
     	cnt=0;
     	for file in $(PYFILES); do \
     		cnt=$$(expr $$cnt + 1); \
     		bn=$$cnt.`basename $$file`; \
     		xgettext --keyword=N_ -c -L Python -o tmp.$$bn.pot $$file; \
     	done
     	msgcat tmp.*.pot > larpe.pot
     	$(RM) tmp.*.pot
     %.mo: %.po
     	msgfmt -o $@ $<
     %.po: larpe.pot
     	@echo -n "Merging larpe.pot and $@"
     	@msgmerge $@ larpe.pot -o $@.new
     	@if [ "`diff $@ $@.new | grep '[<>]' | wc -l`" -ne 2 ]; then \
     		mv -f $@.new $@; \
     	else \
     		$(RM) $@.new; \
     	fi
     	@msgfmt --statistics $@

     msgid ""
     msgstr ""
     "Project-Id-Version: Larpe 0.2.0\n"
     "Report-Msgid-Bugs-To: \n"
     "POT-Creation-Date: 2007-12-18 08:49+0100\n"
     "PO-Revision-Date: 2007-01-29 16:57+0200\n"
     "Last-Translator: Damien Laniel <dlaniel@entrouvert.com>\n"
     "Language-Team: French\n"
     "MIME-Version: 1.0\n"
     "Content-Type: text/plain; charset=utf-8\n"
     "Content-Transfer-Encoding: 8bit\n"
     #: ../larpe/liberty.ptl:45 ../larpe/qommon/liberty.ptl:43
     msgid "Liberty support is not yet configured"
     msgstr "Le support Liberty n'est pas encore configuré"
     #: ../larpe/liberty.ptl:58 ../larpe/qommon/liberty.ptl:58
     #: ../larpe/qommon/saml2.ptl:96 ../larpe/qommon/saml2.ptl:358
     #: ../larpe/qommon/saml2.ptl:528 ../larpe/saml2.ptl:88 ../larpe/saml2.ptl:314
     #: ../larpe/saml2.ptl:479
     msgid "Failure to communicate with identity provider"
     msgstr "Impossible de communiquer avec le fournisseur d'identités."
     #: ../larpe/liberty.ptl:63 ../larpe/qommon/liberty.ptl:63
     #: ../larpe/qommon/saml2.ptl:102 ../larpe/qommon/saml2.ptl:207
     #: ../larpe/qommon/saml2.ptl:234 ../larpe/saml2.ptl:94 ../larpe/saml2.ptl:199
     msgid "Unknown authentication failure"
     msgstr "Erreur d'authentification inconnue"
     #: ../larpe/liberty.ptl:66 ../larpe/qommon/liberty.ptl:66
     #: ../larpe/qommon/saml2.ptl:104 ../larpe/saml2.ptl:96
     msgid "Authentication failure; unknown principal"
     msgstr "Erreur d'authentification: utilisateur inconnu"
     #: ../larpe/liberty.ptl:67 ../larpe/qommon/liberty.ptl:69
     msgid "Identity Provider didn't accept artifact transaction."
     msgstr "Le fournisseur d'identité n'a pas accepté l'artifact."
     #: ../larpe/liberty.ptl:163 ../larpe/liberty.ptl:193
     #: ../larpe/qommon/liberty.ptl:119 ../larpe/qommon/liberty.ptl:145
     #: ../larpe/qommon/saml2.ptl:442 ../larpe/saml2.ptl:277 ../larpe/saml2.ptl:395
     msgid "Failed to check single logout request signature."
     msgstr "Erreur à la vérification de la signature de la demande de déconnexion"
     #: ../larpe/qommon/admin/texts.ptl:47 ../larpe/qommon/admin/texts.ptl:48
     #: ../larpe/qommon/admin/texts.ptl:100 ../larpe/qommon/admin/texts.ptl:137
     msgid "Texts"
     msgstr "Textes"
     #: ../larpe/qommon/admin/texts.ptl:57
     msgid "Custom Text:"
     msgstr "Texte personnalisé :"
     #: ../larpe/qommon/admin/texts.ptl:57 ../larpe/qommon/admin/texts.ptl:133
     #: ../larpe/qommon/admin/emails.ptl:90 ../larpe/qommon/admin/emails.ptl:172
     msgid "description"
     msgstr "description"
     #: ../larpe/qommon/admin/texts.ptl:61 ../larpe/qommon/admin/emails.ptl:94
     #: ../larpe/admin/settings.ptl:149 ../larpe/admin/hosts.ptl:592
     #: ../larpe/admin/hosts.ptl:644 ../larpe/admin/hosts.ptl:1672
     #: ../larpe/admin/hosts.ptl:1740 ../larpe/admin/users.ptl:186
     msgid "Back"
     msgstr "Retour"
     #. #-#-#-#-#  tmp.23.idp.ptl.pot (PACKAGE VERSION)  #-#-#-#-#
     #. TODO
     #: ../larpe/qommon/admin/texts.ptl:82 ../larpe/qommon/admin/emails.ptl:64
     #: ../larpe/qommon/admin/emails.ptl:116 ../larpe/qommon/ident/password.ptl:260
     #: ../larpe/qommon/ident/password.ptl:510
     #: ../larpe/qommon/ident/password.ptl:548
     #: ../larpe/qommon/ident/password.ptl:741
     #: ../larpe/qommon/ident/password.ptl:768 ../larpe/qommon/ident/idp.ptl:76
     #: ../larpe/qommon/ident/idp.ptl:212 ../larpe/qommon/ident/idp.ptl:298
     #: ../larpe/qommon/ident/idp.ptl:491 ../larpe/qommon/ident/idp.ptl:515
     #: ../larpe/qommon/ident/idp.ptl:737 ../larpe/qommon/ident/idp.ptl:1022
     #: ../larpe/admin/settings.ptl:30 ../larpe/admin/settings.ptl:116
     #: ../larpe/admin/settings.ptl:165 ../larpe/admin/settings.ptl:310
     #: ../larpe/admin/settings.ptl:449 ../larpe/admin/settings.ptl:466
     #: ../larpe/admin/settings.ptl:495 ../larpe/admin/settings.ptl:536
     #: ../larpe/admin/hosts.ptl:357 ../larpe/admin/hosts.ptl:624
     #: ../larpe/admin/hosts.ptl:673 ../larpe/admin/hosts.ptl:721
     #: ../larpe/admin/hosts.ptl:1092 ../larpe/admin/hosts.ptl:1393
     #: ../larpe/admin/hosts.ptl:1440 ../larpe/admin/hosts.ptl:1464
     #: ../larpe/admin/hosts.ptl:1685 ../larpe/admin/users.ptl:26
     #: ../larpe/admin/users.ptl:38 ../larpe/admin/users.ptl:124
     #: ../larpe/admin/logger.ptl:110 ../larpe/root.ptl:64
     #: ../larpe/site_authentication.ptl:67 ../larpe/liberty_site.ptl:96
     msgid "Submit"
     msgstr "Valider"
     #: ../larpe/qommon/admin/texts.ptl:84
     msgid "Restore default text"
     msgstr "Restaurer le texte par défaut"
     #: ../larpe/qommon/admin/texts.ptl:85 ../larpe/qommon/admin/emails.ptl:65
     #: ../larpe/qommon/admin/emails.ptl:119 ../larpe/qommon/ident/password.ptl:261
     #: ../larpe/qommon/ident/password.ptl:511
     #: ../larpe/qommon/ident/password.ptl:549
     #: ../larpe/qommon/ident/password.ptl:743
     #: ../larpe/qommon/ident/password.ptl:769 ../larpe/qommon/ident/idp.ptl:77
     #: ../larpe/qommon/ident/idp.ptl:299 ../larpe/qommon/ident/idp.ptl:516
     #: ../larpe/qommon/ident/idp.ptl:738 ../larpe/qommon/ident/idp.ptl:1023
     #: ../larpe/admin/settings.ptl:117 ../larpe/admin/settings.ptl:167
     #: ../larpe/admin/settings.ptl:311 ../larpe/admin/settings.ptl:450
     #: ../larpe/admin/settings.ptl:467 ../larpe/admin/settings.ptl:496
     #: ../larpe/admin/settings.ptl:537 ../larpe/admin/hosts.ptl:118
     #: ../larpe/admin/hosts.ptl:358 ../larpe/admin/hosts.ptl:623
     #: ../larpe/admin/hosts.ptl:674 ../larpe/admin/hosts.ptl:722
     #: ../larpe/admin/hosts.ptl:1093 ../larpe/admin/hosts.ptl:1394
     #: ../larpe/admin/hosts.ptl:1441 ../larpe/admin/hosts.ptl:1465
     #: ../larpe/admin/hosts.ptl:1686 ../larpe/admin/users.ptl:27
     #: ../larpe/admin/users.ptl:39 ../larpe/admin/users.ptl:125
     #: ../larpe/admin/users.ptl:140 ../larpe/root.ptl:65
     msgid "Cancel"
     msgstr "Annuler"
     #: ../larpe/qommon/admin/texts.ptl:97 ../larpe/qommon/admin/emails.ptl:131
     #: ../larpe/admin/settings.ptl:179
     msgid "Invalid template"
     msgstr "Squelette invalide"
     #: ../larpe/qommon/admin/texts.ptl:101
     msgid "Text"
     msgstr "Texte"
     #: ../larpe/qommon/admin/menu.ptl:46
     msgid "backoffice"
     msgstr "backoffice"
     #: ../larpe/qommon/admin/menu.ptl:47 ../larpe/qommon/backoffice/menu.ptl:38
     #: ../larpe/admin/menu.ptl:45
     msgid "logout"
     msgstr "déconnexion"
     #: ../larpe/qommon/admin/menu.ptl:67
     #, python-format
     msgid "Administration of %s"
     msgstr "Administration de %s"
     #: ../larpe/qommon/admin/menu.ptl:88 ../larpe/admin/menu.ptl:88
     msgid "Add"
     msgstr "Ajouter"
     #: ../larpe/qommon/admin/menu.ptl:89 ../larpe/qommon/ident/idp.ptl:476
     #: ../larpe/admin/menu.ptl:89 ../larpe/admin/hosts.ptl:1553

Projet

Général

Profil

Produits Entr'ouvert » Larpe

Révision 009bafa7

Ajouté par Jérôme Schneider il y a environ 13 ans