1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

* Added "get" an "put" methods to storage (much more easy to remember than readData and savedata...)

* Updated callback so it also gets Groups Manager, needed for group validations
* Fixed getOrCreateUser at Authenticator model, so it updates the name if new name differs from old name
* Removed "return to main" from detectJava, so it transition is more "seamless"
This commit is contained in:
Adolfo Gómez 2012-07-27 02:00:25 +00:00
parent 18a30e0068
commit 4b31a78e25
8 changed files with 44 additions and 17 deletions

View File

@ -248,7 +248,7 @@ class SampleAuth(auths.Authenticator):
return res
def authCallback(self, parameters):
def authCallback(self, parameters, gm):
'''
We provide this as a sample of callback for an user.
We will accept all petitions that has "user" parameter

View File

@ -383,7 +383,7 @@ class Authenticator(Module):
'''
return None
def authCallback(self, parameters):
def authCallback(self, parameters, gm):
'''
There is a view inside UDS, an url, that will redirect the petition
to this callback.
@ -401,6 +401,18 @@ class Authenticator(Module):
If this returns None, or empty, the authentication will be considered "invalid"
and an error will be shown.
Args:
parameters: all GET and POST received parameters
gm: Groups manager, you MUST check group membership using this gm
Return:
An username if validation check is successfull, None if not
You can also return an exception here and, if you don't wont to check the user login,
you can raise :py:class:uds.core.auths.Exceptions.Redirect to redirect user to somewhere.
In this case, no user checking will be done. This is usefull to use this url to provide
other functionality appart of login, (such as logout)
:note: Keeping user information about group membership inside storage is highly recommended.
There will be calls to getGroups one an again, and also to getRealName, not just
at login, but at future (from admin interface, at user editing for example)

View File

@ -36,9 +36,7 @@ Provides useful functions for authenticating, used by web interface.
from functools import wraps
from django.http import HttpResponseRedirect
from uds.core.util.Config import GlobalConfig
from uds.core.auths import GroupsManager
from uds.core.auths import Authenticator
from uds.core.auths.Exceptions import InvalidAuthenticatorException
from uds.core import auths
from uds.core.managers.CryptoManager import CryptoManager
from uds.core.util.State import State
from uds.models import User
@ -116,7 +114,7 @@ def authenticate(username, password, authenticator):
@return: None if authentication fails, User object (database object) if authentication is o.k.
'''
logger.debug('Authenticating user {0} with authenticator {1}'.format(username, authenticator))
gm = GroupsManager(authenticator)
gm = auths.GroupsManager(authenticator)
authInstance = authenticator.getInstance()
if authInstance.authenticate(username, password, gm) == False:
return None
@ -149,16 +147,17 @@ def authenticateViaCallback(authenticator, params):
callbacks, remember to store (using provided environment storage, for example)
the groups of this user so your getGroups will work correctly.
'''
gm = auths.GroupsManager(authenticator)
authInstance = authenticator.getInstance()
# If there is no callback for this authenticator...
if authInstance.authCallback == Authenticator.authCallback:
raise InvalidAuthenticatorException()
if authInstance.authCallback == auths.Authenticator.authCallback:
raise auths.Exceptions.InvalidAuthenticatorException()
username = authInstance.authCallback(params)
username = authInstance.authCallback(params, gm)
if username is None or username == '':
raise InvalidAuthenticatorException()
if username is None or username == '' or gm.hasValidGroups() is False:
raise auths.Exceptions.InvalidUserException('User don\'t has access to UDS')
return __registerUser(authenticator, authInstance, username)

View File

@ -61,6 +61,9 @@ class Storage(object):
dbStorage.objects.filter(key=key).update(owner = self._owner, data = data, attr1 = attr1)
logger.debug('Key saved')
def put(self, skey, data):
return self.saveData(skey, data)
def updateData(self, skey, data, attr1 = None):
self.saveData(skey, data, attr1)
@ -74,6 +77,9 @@ class Storage(object):
logger.debug('key not found')
return None
def get(self, skey):
return self.readData(skey)
def remove(self, skey):
try:
key = self.__getKey(skey)

View File

@ -557,6 +557,10 @@ class Authenticator(models.Model):
if realName is None:
realName = username
user, _ = self.users.get_or_create( name = username, defaults = { 'real_name':realName, 'last_access':NEVER, 'state':State.ACTIVE } )
if realName != user.real_name:
user.real_name = realName
user.save()
return user
def isValidUser(self, username, falseIfNotExists = True):

View File

@ -34,7 +34,7 @@
{% block content %}
<div>
<!--<div>
<a href="<a href="{% url uds.web.views.index %}">{% trans "Go to main page" %}
</div>
</div>-->
{% endblock %}

View File

@ -32,6 +32,7 @@
'''
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
from django.views.decorators.csrf import csrf_exempt
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.utils.translation import ugettext as _
@ -259,7 +260,7 @@ def transportIcon(request, idTrans):
def error(request, idError):
return render_to_response('uds/error.html', {'errorString' : errors.errorString(idError) }, context_instance=RequestContext(request))
@csrf_exempt
def authCallback(request, authName):
'''
This url is provided so external SSO authenticators can get an url for
@ -273,8 +274,9 @@ def authCallback(request, authName):
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
params['_request'] = request
logger.debug('Auth callback for {0} with params {1}'.format(authenticator, params))
logger.debug('Auth callback for {0} with params {1}'.format(authenticator, params.keys()))
user = authenticateViaCallback(authenticator, params)
@ -297,8 +299,10 @@ def authCallback(request, authName):
except auths.Exceptions.Redirect as e:
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
@csrf_exempt
def authInfo(request, authName):
'''
This url is provided so authenticators can provide info (such as SAML metadata)
@ -314,6 +318,7 @@ def authInfo(request, authName):
raise Exception() # This authenticator do not provides info
params = request.GET.copy()
params['_request'] = request
info = authInstance.getInfo(params)

View File

@ -148,7 +148,7 @@ def createAuthenticator(credentials, type, data):
'''
dict_ = dictFromData(data)
# First create data without serialization, then serialies data with correct environment
dict_['request'] = credentials.request
dict_['_request'] = credentials.request
auth = None
try:
auth = Authenticator.objects.create(name = dict_['name'], comments = dict_['comments'], data_type = type, priority=int(dict_['priority']))
@ -179,7 +179,7 @@ def modifyAuthenticator(credentials, id, data):
try:
auth = Authenticator.objects.get(pk=id)
dict_ = dictFromData(data)
dict_['request'] = credentials.request
dict_['_request'] = credentials.request
a = auth.getInstance(dict_)
auth.data = a.serialize()
auth.name = dict_['name']
@ -208,6 +208,7 @@ def testAuthenticator(credentials, type, data):
authType = auths.factory().lookup(type)
# We need an "temporary" environment to test this service
dict_ = dictFromData(data)
dict_['_request'] = credentials.request
res = authType.test(Environment.getTempEnv(), dict_)
return {'ok' : res[0], 'message' : res[1]}