Updated authenticator callback, and added a few methods to Cryptomanager

This commit is contained in:
Adolfo Gómez 2012-07-26 12:50:36 +00:00
parent 0c4a86b560
commit 18a30e0068
7 changed files with 72 additions and 6 deletions

View File

@ -53,6 +53,7 @@ encoding//src/uds/core/managers/PublicationManager.py=utf-8
encoding//src/uds/core/managers/TaskManager.py=utf-8 encoding//src/uds/core/managers/TaskManager.py=utf-8
encoding//src/uds/core/managers/UserPrefsManager.py=utf-8 encoding//src/uds/core/managers/UserPrefsManager.py=utf-8
encoding//src/uds/core/managers/UserServiceManager.py=utf-8 encoding//src/uds/core/managers/UserServiceManager.py=utf-8
encoding//src/uds/core/managers/__init__.py=utf-8
encoding//src/uds/core/osmanagers/BaseOsManager.py=utf-8 encoding//src/uds/core/osmanagers/BaseOsManager.py=utf-8
encoding//src/uds/core/osmanagers/OSManagersFactory.py=utf-8 encoding//src/uds/core/osmanagers/OSManagersFactory.py=utf-8
encoding//src/uds/core/osmanagers/__init__.py=utf-8 encoding//src/uds/core/osmanagers/__init__.py=utf-8

View File

@ -48,3 +48,9 @@ class InvalidAuthenticatorException(Exception):
Invalida authenticator has been specified Invalida authenticator has been specified
''' '''
pass pass
class Redirect(Exception):
'''
This exception indicates that a redirect is required.
Used in authUrlCallback to indicate that no use has been authenticated, but redirect is needed
'''

View File

@ -213,5 +213,5 @@ def webLogout(request, exit_url = None):
if exit_url is None: if exit_url is None:
exit_url = GlobalConfig.LOGIN_URL.get() exit_url = GlobalConfig.LOGIN_URL.get()
# Try to delete session # Try to delete session
return HttpResponseRedirect(exit_url) return HttpResponseRedirect(request.build_absolute_uri(exit_url))

View File

@ -33,6 +33,7 @@
from server.settings import RSA_KEY from server.settings import RSA_KEY
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
from OpenSSL import crypto
from Crypto.Random import atfork from Crypto.Random import atfork
import hashlib, array import hashlib, array
@ -70,6 +71,24 @@ class CryptoManager(object):
s2 = array.array('B', s2 * mult) s2 = array.array('B', s2 * mult)
return array.array('B', (s1[i] ^ s2[i] for i in range(len(s1)))).tostring() return array.array('B', (s1[i] ^ s2[i] for i in range(len(s1)))).tostring()
def loadPrivateKey(self, rsaKey):
try:
pk = RSA.importKey(rsaKey)
except Exception as e:
raise e
return pk
def loadCertificate(self,certificate):
try:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
except crypto.Error as e:
raise Exception(e.message[0][2])
return cert
def certificateString(self, certificate):
return certificate.replace('-----BEGIN CERTIFICATE-----', '').replace('-----END CERTIFICATE-----', '').replace('\n', '')
def hash(self, string): def hash(self, string):
if string is '' or string is None: if string is '' or string is None:
return '' return ''

View File

@ -0,0 +1,39 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2012 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
UDS managers (downloads, users preferences, publications, ...)
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
'''
def cryptoManager():
from CryptoManager import CryptoManager
return CryptoManager.manager()

View File

@ -64,7 +64,7 @@ strings = [
_('You need to enable cookies to let this application work'), _('You need to enable cookies to let this application work'),
_('User service not found'), _('User service not found'),
_('Authenticator not found'), _('Authenticator not found'),
_('Invalid authenticator callback') _('Invalid authenticator')
] ]

View File

@ -61,7 +61,6 @@ def __authLog(request, authenticator, userName, java, os, log):
javaStr = java and 'Java' or 'No Java' javaStr = java and 'Java' or 'No Java'
authLogger.info('|'.join([authenticator.name, userName, javaStr, os['OS'], log, request.META['HTTP_USER_AGENT']])) authLogger.info('|'.join([authenticator.name, userName, javaStr, os['OS'], log, request.META['HTTP_USER_AGENT']]))
def login(request): def login(request):
#request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) #request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
if request.method == 'POST': if request.method == 'POST':
@ -269,7 +268,7 @@ def authCallback(request, authName):
This will invoke authCallback of the requested idAuth and, if this represents This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback an authenticator that has an authCallback
''' '''
from uds.core.auths.Exceptions import InvalidUserException from uds.core import auths
try: try:
authenticator = Authenticator.objects.get(name=authName) authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy() params = request.GET.copy()
@ -283,7 +282,7 @@ def authCallback(request, authName):
if user is None: if user is None:
__authLog(request, authenticator, '{0}'.format(params), False, os, 'Invalid at auth callback') __authLog(request, authenticator, '{0}'.format(params), False, os, 'Invalid at auth callback')
raise InvalidUserException() raise auths.Exceptions.InvalidUserException()
# Redirect to main page through java detection process, so UDS know the availability of java # Redirect to main page through java detection process, so UDS know the availability of java
response = render_to_response('uds/detectJava.html', { 'idAuth' : scrambleId(request, authenticator.id)}, response = render_to_response('uds/detectJava.html', { 'idAuth' : scrambleId(request, authenticator.id)},
@ -295,6 +294,8 @@ def authCallback(request, authName):
# It will only detect java, and them redirect to Java # It will only detect java, and them redirect to Java
return response return response
except auths.Exceptions.Redirect as e:
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
except Exception as e: except Exception as e:
return errors.exceptionView(request, e) return errors.exceptionView(request, e)