root / aai / shibboleth.py @ 8f377cd6
History | View | Annotate | Download (1.7 kB)
1 | 462c7e47 | Georgios Gousios | #
|
---|---|---|---|
2 | 462c7e47 | Georgios Gousios | # Business Logic for working with sibbolleth users
|
3 | 462c7e47 | Georgios Gousios | #
|
4 | 462c7e47 | Georgios Gousios | # Copyright 2010 Greek Research and Technology Network
|
5 | 462c7e47 | Georgios Gousios | #
|
6 | 462c7e47 | Georgios Gousios | |
7 | 462c7e47 | Georgios Gousios | from synnefo.logic import users |
8 | 462c7e47 | Georgios Gousios | |
9 | 462c7e47 | Georgios Gousios | class Tokens: |
10 | 462c7e47 | Georgios Gousios | SIB_GIVEN_NAME = "givenName"
|
11 | 462c7e47 | Georgios Gousios | SIB_SN = "sn"
|
12 | 462c7e47 | Georgios Gousios | SIB_CN = "cn"
|
13 | 462c7e47 | Georgios Gousios | SIB_DISPLAY_NAME = "displayName"
|
14 | 462c7e47 | Georgios Gousios | SIB_EDU_PERSON_PRINCIPAL_NAME = "eduPersonPrincipalName"
|
15 | 462c7e47 | Georgios Gousios | SIB_EDU_PERSON_AFFILIATION = "eduPersonAffiliation"
|
16 | 462c7e47 | Georgios Gousios | SIB_SCHAC_HOME_ORGANISATION = "schacHomeOrganization"
|
17 | 462c7e47 | Georgios Gousios | SIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode"
|
18 | 462c7e47 | Georgios Gousios | SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch"
|
19 | 462c7e47 | Georgios Gousios | |
20 | 462c7e47 | Georgios Gousios | class NoUniqueToken(object): |
21 | faa26af8 | Georgios Gousios | |
22 | faa26af8 | Georgios Gousios | def __init__(self, msg): |
23 | faa26af8 | Georgios Gousios | self.msg = msg
|
24 | faa26af8 | Georgios Gousios | |
25 | faa26af8 | Georgios Gousios | pass
|
26 | faa26af8 | Georgios Gousios | |
27 | faa26af8 | Georgios Gousios | class NoRealName(object): |
28 | faa26af8 | Georgios Gousios | |
29 | faa26af8 | Georgios Gousios | def __init__(self, msg): |
30 | faa26af8 | Georgios Gousios | self.msg = msg
|
31 | faa26af8 | Georgios Gousios | |
32 | 462c7e47 | Georgios Gousios | pass
|
33 | 462c7e47 | Georgios Gousios | |
34 | dd53338a | Georgios Gousios | def register_shibboleth_user(tokens): |
35 | 462c7e47 | Georgios Gousios | """Registers a sibbolleth user using the input hash as a source for data.
|
36 | 1896d262 | Georgios Gousios | The token requirements are described in:
|
37 | 462c7e47 | Georgios Gousios | http://aai.grnet.gr/policy
|
38 | 462c7e47 | Georgios Gousios | """
|
39 | 1896d262 | Georgios Gousios | realname = None
|
40 | dd53338a | Georgios Gousios | |
41 | 1896d262 | Georgios Gousios | if Tokens.SIB_GIVEN_NAME in tokens: |
42 | 1896d262 | Georgios Gousios | realname = tokens[Tokens.SIB_GIVEN_NAME] |
43 | 462c7e47 | Georgios Gousios | |
44 | 1896d262 | Georgios Gousios | if Tokens.SIB_DISPLAY_NAME in tokens: |
45 | 1896d262 | Georgios Gousios | realname = tokens[Tokens.SIB_DISPLAY_NAME] |
46 | 1896d262 | Georgios Gousios | |
47 | 1896d262 | Georgios Gousios | is_student = Tokens.SIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \ |
48 | 1896d262 | Georgios Gousios | Tokens.SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
|
49 | 1896d262 | Georgios Gousios | |
50 | 1896d262 | Georgios Gousios | unq = tokens.get(Tokens.SIB_EDU_PERSON_PRINCIPAL_NAME) |
51 | 462c7e47 | Georgios Gousios | |
52 | 462c7e47 | Georgios Gousios | if unq is None: |
53 | faa26af8 | Georgios Gousios | raise NoUniqueToken("Authentication does not return a unique token") |
54 | faa26af8 | Georgios Gousios | |
55 | faa26af8 | Georgios Gousios | if realname is None: |
56 | faa26af8 | Georgios Gousios | raise NoRealName("Authentication does not return the user's name") |
57 | 462c7e47 | Georgios Gousios | |
58 | 462c7e47 | Georgios Gousios | if is_student:
|
59 | 462c7e47 | Georgios Gousios | users.register_student(realname, '' ,unq)
|
60 | 1896d262 | Georgios Gousios | else:
|
61 | 462c7e47 | Georgios Gousios | users.register_professor(realname, '' ,unq)
|
62 | dbf97ed2 | Georgios Gousios | |
63 | dbf97ed2 | Georgios Gousios | return True |