root / aai / shibboleth.py @ 8f377cd6
History | View | Annotate | Download (1.7 kB)
1 |
#
|
---|---|
2 |
# Business Logic for working with sibbolleth users
|
3 |
#
|
4 |
# Copyright 2010 Greek Research and Technology Network
|
5 |
#
|
6 |
|
7 |
from synnefo.logic import users |
8 |
|
9 |
class Tokens: |
10 |
SIB_GIVEN_NAME = "givenName"
|
11 |
SIB_SN = "sn"
|
12 |
SIB_CN = "cn"
|
13 |
SIB_DISPLAY_NAME = "displayName"
|
14 |
SIB_EDU_PERSON_PRINCIPAL_NAME = "eduPersonPrincipalName"
|
15 |
SIB_EDU_PERSON_AFFILIATION = "eduPersonAffiliation"
|
16 |
SIB_SCHAC_HOME_ORGANISATION = "schacHomeOrganization"
|
17 |
SIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode"
|
18 |
SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch"
|
19 |
|
20 |
class NoUniqueToken(object): |
21 |
|
22 |
def __init__(self, msg): |
23 |
self.msg = msg
|
24 |
|
25 |
pass
|
26 |
|
27 |
class NoRealName(object): |
28 |
|
29 |
def __init__(self, msg): |
30 |
self.msg = msg
|
31 |
|
32 |
pass
|
33 |
|
34 |
def register_shibboleth_user(tokens): |
35 |
"""Registers a sibbolleth user using the input hash as a source for data.
|
36 |
The token requirements are described in:
|
37 |
http://aai.grnet.gr/policy
|
38 |
"""
|
39 |
realname = None
|
40 |
|
41 |
if Tokens.SIB_GIVEN_NAME in tokens: |
42 |
realname = tokens[Tokens.SIB_GIVEN_NAME] |
43 |
|
44 |
if Tokens.SIB_DISPLAY_NAME in tokens: |
45 |
realname = tokens[Tokens.SIB_DISPLAY_NAME] |
46 |
|
47 |
is_student = Tokens.SIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \ |
48 |
Tokens.SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
|
49 |
|
50 |
unq = tokens.get(Tokens.SIB_EDU_PERSON_PRINCIPAL_NAME) |
51 |
|
52 |
if unq is None: |
53 |
raise NoUniqueToken("Authentication does not return a unique token") |
54 |
|
55 |
if realname is None: |
56 |
raise NoRealName("Authentication does not return the user's name") |
57 |
|
58 |
if is_student:
|
59 |
users.register_student(realname, '' ,unq)
|
60 |
else:
|
61 |
users.register_professor(realname, '' ,unq)
|
62 |
|
63 |
return True |