1
|
import os
|
2
|
import httplib
|
3
|
|
4
|
import lasso
|
5
|
|
6
|
from quixote import get_request, get_response, get_session, redirect
|
7
|
from quixote.directory import Directory
|
8
|
|
9
|
from qommon.form import *
|
10
|
from qommon import template
|
11
|
|
12
|
import admin
|
13
|
import liberty_root
|
14
|
import errors
|
15
|
|
16
|
from hosts import Host
|
17
|
from users import User
|
18
|
from Defaults import WEB_ROOT
|
19
|
|
20
|
class RootDirectory(Directory):
|
21
|
_q_exports = ['', 'admin', 'liberty', 'logout', 'token']
|
22
|
|
23
|
admin = admin.RootDirectory()
|
24
|
liberty = liberty_root.LibertyRootDirectory()
|
25
|
|
26
|
def _q_index [html] (self):
|
27
|
template.html_top(_('Welcome to Larpe reverse proxy'))
|
28
|
'<ul><li><a href="%s/admin/">%s</a></li></ul>' % (get_request().environ['SCRIPT_NAME'],
|
29
|
_('Configure Larpe'))
|
30
|
|
31
|
def _q_traverse(self, path):
|
32
|
response = get_response()
|
33
|
response.filter = {}
|
34
|
|
35
|
return Directory._q_traverse(self, path)
|
36
|
|
37
|
def _q_lookup(self, component):
|
38
|
return redirect(component + '/')
|
39
|
|
40
|
def logout(self):
|
41
|
return redirect(get_publisher().get_root_url() + 'liberty/larpe/logout')
|
42
|
|
43
|
def token [html] (self):
|
44
|
session = get_session()
|
45
|
|
46
|
if not session.name_identifier or not session.lasso_anonymous_identity_dump:
|
47
|
raise errors.AccessUnauthorizedError()
|
48
|
|
49
|
# If the token is in the query string, use it
|
50
|
query_string = get_request().get_query()
|
51
|
if query_string:
|
52
|
parameters = query_string.split(str('&'))
|
53
|
for param in parameters:
|
54
|
values = param.split(str('='))
|
55
|
if len(values) < 2:
|
56
|
continue
|
57
|
if values[0] == str('token'):
|
58
|
return self._federate_token(values[1])
|
59
|
|
60
|
# Otherwise, display a form to ask for the token
|
61
|
form = Form(enctype='multipart/form-data')
|
62
|
form.add(StringWidget, 'token', title = _('Identification Token'),
|
63
|
required = True, size = 30)
|
64
|
form.add_submit('submit', _('Submit'))
|
65
|
form.add_submit('cancel', _('Cancel'))
|
66
|
|
67
|
if form.get_widget('cancel').parse():
|
68
|
return redirect('.')
|
69
|
|
70
|
if not form.is_submitted() or form.has_errors():
|
71
|
template.html_top(_('Identification Token'))
|
72
|
'<p>'
|
73
|
_('Please enter your identification token. ')
|
74
|
_('Your local account will be federated with your Liberty Alliance account.')
|
75
|
'</p>'
|
76
|
form.render()
|
77
|
else:
|
78
|
token = form.get_widget('token').parse()
|
79
|
return self._federate_token(token)
|
80
|
|
81
|
def _federate_token(self, token):
|
82
|
session = get_session()
|
83
|
|
84
|
# Get the user who owns this token
|
85
|
users_with_token = list(User.select(lambda x: x.identification_token == token))
|
86
|
if len(users_with_token) == 0:
|
87
|
return template.error_page(_('Unknown Token'))
|
88
|
|
89
|
# Fill user attributes
|
90
|
user = users_with_token[0]
|
91
|
user.name_identifiers = [ session.name_identifier ]
|
92
|
user.lasso_dumps = [ session.lasso_anonymous_identity_dump ]
|
93
|
user.identification_token = None
|
94
|
user.is_admin = True
|
95
|
user.store()
|
96
|
|
97
|
# Set this user in the session
|
98
|
session.set_user(user.id, session.provider_id)
|
99
|
|
100
|
# Delete now useless session attributes
|
101
|
session.name_identifier = None
|
102
|
session.lasso_anonymous_identity_dump = None
|
103
|
session.provider_id = None
|
104
|
|
105
|
return redirect('%s/admin/' % get_request().environ['SCRIPT_NAME'])
|
106
|
|