1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# Login application for demo SSO: using the repoze.who API.
from repoze.who.api import APIFactory
from repoze.who.config import WhoConfig
from webob import Request
LOGIN_FORM_TEMPLATE = """\
<html>
<head>
<title> Demo SSO Login </title>
</head>
<body>
<h1> Demo SSO Login </h1>
<p style="color: Red">%(message)s</p>
<form action="#" method="post">
<input type="hidden" name="came_from" value="%(came_from)s" />
<fieldset id="login_name_fs">
<label for="login_name">Login Name</label>
<input type="text" id="login_name" name="login_name" value="%(login_name)s" />
</fieldset>
<fieldset id="password_fs">
<label for="password">Login Name</label>
<input type="password" id="password" name="password" />
</fieldset>
<input type="submit" name="form.submitted" value="Log In" />
</form>
</body>
</html>
"""
MAX_AGE = '3600' # seconds
AUTH = {
'phred': 'y4bb3d4bb4d00',
'bharney': 'b3dr0ck',
}
# This config would normally be in a separate file: inlined here for
# didactic purposes.
WHO_CONFIG = """\
[plugin:auth_tkt]
# identification + authorization
use = repoze.who.plugins.auth_tkt:make_plugin
secret = s33kr1t
cookie_name = auth_cookie
secure = True
include_ip = True
digest_algo = sha512
[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider
remote_user_key = REMOTE_USER
[identifiers]
plugins =
auth_tkt
[authenticators]
plugins =
auth_tkt
[challengers]
plugins =
[mdproviders]
plugins =
"""
# oh emacs python-mode, you disappoint me """
api_factory = None
def _configure_api_factory():
global api_factory
if api_factory is None:
config = WhoConfig(here='/tmp') # XXX config file location
config.parse(WHO_CONFIG)
api_factory = APIFactory(identifiers=config.identifiers,
authenticators=config.authenticators,
challengers=config.challengers,
mdproviders=config.mdproviders,
request_classifier=config.request_classifier,
challenge_decider=config.challenge_decider,
)
return api_factory
def _validate(login_name, password):
# Your application's logic goes here
return AUTH.get(login_name) == password
def login(environ, start_response):
request = Request(environ)
message = ''
if 'form.submitted' in request.POST:
came_from = request.POST['came_from']
login_name = request.POST['login_name']
password = request.POST['password']
remote_addr = environ['REMOTE_ADDR']
tokens = userdata = ''
if _validate(login_name, password):
api = _configure_api_factory()(environ)
headers = [('Location', came_from)]
headers.extend(api.remember(login_name))
start_response('302 Found', headers)
return []
message = 'Authentication failed'
else:
came_from = request.GET.get('came_from')
login_name = ''
body = LOGIN_FORM_TEMPLATE % {'message': message,
'came_from': came_from,
'login_name': login_name,
}
start_response('200 OK', [])
return [body]
def main(global_config, **local_config):
return login
|
