root / snf-astakos-app / astakos / im / auth_providers.py @ 0e79735c
History | View | Annotate | Download (10.6 kB)
| 1 |
# Copyright 2011 GRNET S.A. All rights reserved.
|
|---|---|
| 2 |
#
|
| 3 |
# Redistribution and use in source and binary forms, with or
|
| 4 |
# without modification, are permitted provided that the following
|
| 5 |
# conditions are met:
|
| 6 |
#
|
| 7 |
# 1. Redistributions of source code must retain the above
|
| 8 |
# copyright notice, this list of conditions and the following
|
| 9 |
# disclaimer.
|
| 10 |
#
|
| 11 |
# 2. Redistributions in binary form must reproduce the above
|
| 12 |
# copyright notice, this list of conditions and the following
|
| 13 |
# disclaimer in the documentation and/or other materials
|
| 14 |
# provided with the distribution.
|
| 15 |
#
|
| 16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
|
| 17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
| 18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
| 19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
|
| 20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
| 21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
| 22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
| 23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
| 24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
| 25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
| 26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
| 27 |
# POSSIBILITY OF SUCH DAMAGE.
|
| 28 |
#
|
| 29 |
# The views and conclusions contained in the software and
|
| 30 |
# documentation are those of the authors and should not be
|
| 31 |
# interpreted as representing official policies, either expressed
|
| 32 |
# or implied, of GRNET S.A.
|
| 33 |
|
| 34 |
|
| 35 |
from django.core.urlresolvers import reverse |
| 36 |
from django.utils.translation import ugettext as _ |
| 37 |
from django.utils.datastructures import SortedDict |
| 38 |
|
| 39 |
from django.conf import settings |
| 40 |
|
| 41 |
from astakos.im import settings as astakos_settings |
| 42 |
from astakos.im import messages as astakos_messages |
| 43 |
|
| 44 |
import logging |
| 45 |
import urllib |
| 46 |
|
| 47 |
logger = logging.getLogger(__name__) |
| 48 |
|
| 49 |
# providers registry
|
| 50 |
PROVIDERS = {}
|
| 51 |
REQUIRED_PROVIDERS = {}
|
| 52 |
|
| 53 |
class AuthProviderBase(type): |
| 54 |
|
| 55 |
def __new__(cls, name, bases, dct): |
| 56 |
include = False
|
| 57 |
if [b for b in bases if isinstance(b, AuthProviderBase)]: |
| 58 |
type_id = dct.get('module')
|
| 59 |
if type_id:
|
| 60 |
include = True
|
| 61 |
if type_id in astakos_settings.IM_MODULES: |
| 62 |
dct['module_enabled'] = True |
| 63 |
|
| 64 |
newcls = super(AuthProviderBase, cls).__new__(cls, name, bases, dct)
|
| 65 |
if include:
|
| 66 |
PROVIDERS[type_id] = newcls |
| 67 |
if newcls().is_required():
|
| 68 |
REQUIRED_PROVIDERS[type_id] = newcls |
| 69 |
return newcls
|
| 70 |
|
| 71 |
|
| 72 |
class AuthProvider(object): |
| 73 |
|
| 74 |
__metaclass__ = AuthProviderBase |
| 75 |
|
| 76 |
module = None
|
| 77 |
module_active = False
|
| 78 |
module_enabled = False
|
| 79 |
one_per_user = True
|
| 80 |
login_prompt = _('Login using ')
|
| 81 |
primary_login_prompt = _('Login using ')
|
| 82 |
login_message = None
|
| 83 |
logout_message = 'You may still be logged in %(provider)s though. Consider logging out from there too.'
|
| 84 |
remote_authenticate = True
|
| 85 |
remote_logout_url = None
|
| 86 |
logout_from_provider_text = None
|
| 87 |
icon_url = None
|
| 88 |
icon_medium_url = None
|
| 89 |
|
| 90 |
def get_message(self, msg, **kwargs): |
| 91 |
params = kwargs |
| 92 |
params.update({'provider': self.get_title_display})
|
| 93 |
|
| 94 |
override_msg = getattr(self, 'get_%s_message_display' % msg.lower(), None) |
| 95 |
msg = 'AUTH_PROVIDER_%s' % msg
|
| 96 |
return override_msg or getattr(astakos_messages, msg, msg) % params |
| 97 |
|
| 98 |
@property
|
| 99 |
def add_url(self): |
| 100 |
return reverse(self.login_view) |
| 101 |
|
| 102 |
@property
|
| 103 |
def provider_details(self): |
| 104 |
if self.user: |
| 105 |
if self.identifier: |
| 106 |
self._provider_details = \
|
| 107 |
self.user.get_auth_providers().get(module=self.module, |
| 108 |
identifier=self.identifier).__dict__
|
| 109 |
else:
|
| 110 |
self._provider_details = self.user.get(module=self.module).__dict__ |
| 111 |
return self._provider_details |
| 112 |
|
| 113 |
def __init__(self, user=None, identifier=None, provider_details=None): |
| 114 |
self.user = user
|
| 115 |
self.identifier = identifier
|
| 116 |
|
| 117 |
self._provider_details = None |
| 118 |
if provider_details:
|
| 119 |
self._provider_details = provider_details
|
| 120 |
|
| 121 |
for tpl in ['login_prompt', 'login', 'signup_prompt']: |
| 122 |
tpl_name = '%s_%s' % (tpl, 'template') |
| 123 |
override = self.get_setting(tpl_name)
|
| 124 |
if override:
|
| 125 |
setattr(self, tpl_name, override) |
| 126 |
|
| 127 |
for key in ['one_per_user']: |
| 128 |
override = self.get_setting(key)
|
| 129 |
if override != None: |
| 130 |
setattr(self, key, override) |
| 131 |
|
| 132 |
self.login_message = self.login_message or self.get_title_display |
| 133 |
if self.logout_message and "%" in self.logout_message: |
| 134 |
logout_text_display = self.logout_from_provider_text or 'at %s' % self.get_title_display |
| 135 |
self.logout_message = self.logout_message % {'provider': |
| 136 |
logout_text_display} |
| 137 |
else:
|
| 138 |
self.logout_message = self.logout_message or '' |
| 139 |
|
| 140 |
if not self.icon_url: |
| 141 |
self.icon_url = '%s%s' % (settings.MEDIA_URL, 'im/auth/icons/%s.png' % |
| 142 |
self.module.lower())
|
| 143 |
|
| 144 |
if not self.icon_medium_url: |
| 145 |
self.icon_medium_url = '%s%s' % (settings.MEDIA_URL, 'im/auth/icons-medium/%s.png' % |
| 146 |
self.module.lower())
|
| 147 |
|
| 148 |
|
| 149 |
def __getattr__(self, key): |
| 150 |
if not key.startswith('get_'): |
| 151 |
return super(AuthProvider, self).__getattribute__(key) |
| 152 |
|
| 153 |
if key.endswith('_display') or key.endswith('template'): |
| 154 |
attr = key.replace('_display', '').replace('get_','') |
| 155 |
settings_attr = self.get_setting(attr.upper())
|
| 156 |
if not settings_attr: |
| 157 |
return getattr(self, attr) |
| 158 |
return _(settings_attr)
|
| 159 |
else:
|
| 160 |
return super(AuthProvider, self).__getattr__(key) |
| 161 |
|
| 162 |
def get_logout_message(self): |
| 163 |
content = ''
|
| 164 |
if self.remote_logout_url: |
| 165 |
content = '<a href="%s" title="Logout from %%s"></a>' % self.remote_logou_url |
| 166 |
return content % (self.get_logout_message_display % self.get_title_display) |
| 167 |
|
| 168 |
def get_setting(self, name, default=None): |
| 169 |
attr = 'ASTAKOS_AUTH_PROVIDER_%s_%s' % (self.module.upper(), name.upper()) |
| 170 |
attr_sec = 'ASTAKOS_%s_%s' % (self.module.upper(), name.upper()) |
| 171 |
if not hasattr(settings, attr): |
| 172 |
return getattr(settings, attr_sec, default) |
| 173 |
|
| 174 |
return getattr(settings, attr, default) |
| 175 |
|
| 176 |
def is_available_for_login(self): |
| 177 |
""" A user can login using authentication provider"""
|
| 178 |
return self.is_active() and self.get_setting('CAN_LOGIN', |
| 179 |
self.is_active())
|
| 180 |
|
| 181 |
def is_available_for_create(self): |
| 182 |
""" A user can create an account using this provider"""
|
| 183 |
return self.is_active() and self.get_setting('CAN_CREATE', |
| 184 |
self.is_active())
|
| 185 |
|
| 186 |
def is_available_for_add(self): |
| 187 |
""" A user can assign provider authentication method"""
|
| 188 |
return self.is_active() and self.get_setting('CAN_ADD', |
| 189 |
self.is_active())
|
| 190 |
|
| 191 |
def is_required(self): |
| 192 |
"""Provider required (user cannot remove the last one)"""
|
| 193 |
return self.is_active() and self.get_setting('REQUIRED', False) |
| 194 |
|
| 195 |
def is_active(self): |
| 196 |
return self.module in astakos_settings.IM_MODULES |
| 197 |
|
| 198 |
|
| 199 |
class LocalAuthProvider(AuthProvider): |
| 200 |
module = 'local'
|
| 201 |
title = _('Local password')
|
| 202 |
description = _('Create a local password for your account')
|
| 203 |
add_prompt = _('Allows you to login using a local password')
|
| 204 |
details_tpl = _('Local account')
|
| 205 |
login_prompt = _('Classic login (username/password)')
|
| 206 |
signup_prompt = _('New to ~okeanos ?')
|
| 207 |
signup_link_prompt = _('create an account now')
|
| 208 |
login_view = 'password_change'
|
| 209 |
remote_authenticate = False
|
| 210 |
logout_message = ''
|
| 211 |
|
| 212 |
one_per_user = True
|
| 213 |
|
| 214 |
login_template = 'im/auth/local_login_form.html'
|
| 215 |
login_prompt_template = 'im/auth/local_login_prompt.html'
|
| 216 |
signup_prompt_template = 'im/auth/local_signup_prompt.html'
|
| 217 |
|
| 218 |
@property
|
| 219 |
def extra_actions(self): |
| 220 |
return [(_('Change password'), reverse('password_change')), ] |
| 221 |
|
| 222 |
|
| 223 |
class ShibbolethAuthProvider(AuthProvider): |
| 224 |
module = 'shibboleth'
|
| 225 |
title = _('Academic account')
|
| 226 |
add_prompt = _('Allows you to login using an academic account')
|
| 227 |
details_tpl = _('Academic account: %(identifier)s')
|
| 228 |
user_title = _('Academic credentials (%(identifier)s)')
|
| 229 |
primary_login_prompt = _('If you are a student, professor or researcher you '
|
| 230 |
'can login using your academic account.')
|
| 231 |
login_view = 'astakos.im.target.shibboleth.login'
|
| 232 |
|
| 233 |
login_template = 'im/auth/shibboleth_login.html'
|
| 234 |
login_prompt_template = 'im/auth/third_party_provider_generic_login_prompt.html'
|
| 235 |
logout_from_provider_text = ' at your Academic account (shibboleth)'
|
| 236 |
|
| 237 |
|
| 238 |
class TwitterAuthProvider(AuthProvider): |
| 239 |
module = 'twitter'
|
| 240 |
title = _('Twitter')
|
| 241 |
add_prompt = _('Allows you to login using a Twitter account')
|
| 242 |
details_tpl = _('Twitter account: %(info_screen_name)s')
|
| 243 |
user_title = _('Twitter (%(info_screen_name)s)')
|
| 244 |
login_view = 'astakos.im.target.twitter.login'
|
| 245 |
|
| 246 |
login_template = 'im/auth/third_party_provider_generic_login.html'
|
| 247 |
login_prompt_template = 'im/auth/third_party_provider_generic_login_prompt.html'
|
| 248 |
|
| 249 |
|
| 250 |
class GoogleAuthProvider(AuthProvider): |
| 251 |
module = 'google'
|
| 252 |
title = _('Google')
|
| 253 |
add_prompt = _('Allows you to login using a Google account')
|
| 254 |
details_tpl = _('Google account: %(info_email)s')
|
| 255 |
user_title = _('Google (%(info_email)s)')
|
| 256 |
login_view = 'astakos.im.target.google.login'
|
| 257 |
|
| 258 |
login_template = 'im/auth/third_party_provider_generic_login.html'
|
| 259 |
login_prompt_template = 'im/auth/third_party_provider_generic_login_prompt.html'
|
| 260 |
|
| 261 |
|
| 262 |
class LinkedInAuthProvider(AuthProvider): |
| 263 |
module = 'linkedin'
|
| 264 |
title = _('LinkedIn')
|
| 265 |
add_prompt = _('Allows you to login using a LinkedIn account')
|
| 266 |
details_tpl = _('LinkedIn account: %(info_emailAddress)s')
|
| 267 |
user_title = _('LinkedIn (%(info_emailAddress)s)')
|
| 268 |
login_view = 'astakos.im.target.linkedin.login'
|
| 269 |
|
| 270 |
login_template = 'im/auth/third_party_provider_generic_login.html'
|
| 271 |
login_prompt_template = 'im/auth/third_party_provider_generic_login_prompt.html'
|
| 272 |
|
| 273 |
|
| 274 |
def get_provider(id, user_obj=None, default=None, identifier=None, provider_details={}): |
| 275 |
"""
|
| 276 |
Return a provider instance from the auth providers registry.
|
| 277 |
"""
|
| 278 |
if not id in PROVIDERS: |
| 279 |
raise Exception('Invalid auth provider requested "%s"' % id) |
| 280 |
|
| 281 |
return PROVIDERS.get(id, default)(user_obj, identifier, provider_details) |
| 282 |
|