Statistics
| Branch: | Tag: | Revision:

root / aai / shibboleth.py @ 96b635d9

History | View | Annotate | Download (3.2 kB)

1 48130e66 Georgios Gousios
# Copyright 2011 GRNET S.A. All rights reserved.
2 462c7e47 Georgios Gousios
#
3 48130e66 Georgios Gousios
# Redistribution and use in source and binary forms, with or without
4 48130e66 Georgios Gousios
# modification, are permitted provided that the following conditions
5 48130e66 Georgios Gousios
# are met:
6 462c7e47 Georgios Gousios
#
7 48130e66 Georgios Gousios
#   1. Redistributions of source code must retain the above copyright
8 48130e66 Georgios Gousios
#      notice, this list of conditions and the following disclaimer.
9 462c7e47 Georgios Gousios
#
10 48130e66 Georgios Gousios
#  2. Redistributions in binary form must reproduce the above copyright
11 48130e66 Georgios Gousios
#     notice, this list of conditions and the following disclaimer in the
12 48130e66 Georgios Gousios
#     documentation and/or other materials provided with the distribution.
13 462c7e47 Georgios Gousios
#
14 48130e66 Georgios Gousios
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
15 48130e66 Georgios Gousios
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 48130e66 Georgios Gousios
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 48130e66 Georgios Gousios
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
18 48130e66 Georgios Gousios
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 48130e66 Georgios Gousios
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 48130e66 Georgios Gousios
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 48130e66 Georgios Gousios
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 48130e66 Georgios Gousios
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 48130e66 Georgios Gousios
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 48130e66 Georgios Gousios
# SUCH DAMAGE.
25 85c6267a Georgios Gousios
26 462c7e47 Georgios Gousios
#
27 48130e66 Georgios Gousios
# The views and conclusions contained in the software and documentation are
28 48130e66 Georgios Gousios
# those of the authors and should not be interpreted as representing official
29 48130e66 Georgios Gousios
# policies, either expressed or implied, of GRNET S.A.
30 48130e66 Georgios Gousios
31 48130e66 Georgios Gousios
# Business Logic for working with sibbolleth users
32 462c7e47 Georgios Gousios
33 462c7e47 Georgios Gousios
from synnefo.logic import users
34 462c7e47 Georgios Gousios
35 462c7e47 Georgios Gousios
class Tokens:
36 f2bb825f Faidon Liambotis
    # these are mapped by the Shibboleth SP software
37 f2bb825f Faidon Liambotis
    SHIB_EPPN = "eppn" # eduPersonPrincipalName
38 fdc10aee Faidon Liambotis
    SHIB_NAME = "Shib-InetOrgPerson-givenName"
39 fdc10aee Faidon Liambotis
    SHIB_SURNAME = "Shib-Person-surname"
40 fdc10aee Faidon Liambotis
    SHIB_CN = "Shib-Person-commonName"
41 f2bb825f Faidon Liambotis
    SHIB_DISPLAYNAME = "Shib-InetOrgPerson-displayName"
42 f2bb825f Faidon Liambotis
    SHIB_EP_AFFILIATION = "Shib-EP-Affiliation"
43 fdc10aee Faidon Liambotis
    SHIB_SESSION_ID = "Shib-Session-ID"
44 462c7e47 Georgios Gousios
45 faa26af8 Georgios Gousios
46 f2bb825f Faidon Liambotis
class NoUniqueToken(BaseException):
47 faa26af8 Georgios Gousios
    def __init__(self, msg):
48 faa26af8 Georgios Gousios
        self.msg = msg
49 faa26af8 Georgios Gousios
50 faa26af8 Georgios Gousios
51 f2bb825f Faidon Liambotis
class NoRealName(BaseException):
52 faa26af8 Georgios Gousios
    def __init__(self, msg):
53 faa26af8 Georgios Gousios
        self.msg = msg
54 faa26af8 Georgios Gousios
55 462c7e47 Georgios Gousios
56 f2bb825f Faidon Liambotis
def register_shibboleth_user(tokens):
57 f2bb825f Faidon Liambotis
    """Registers a Shibboleth user using the input hash as a source for data."""
58 63efc637 Georgios Gousios
59 f2bb825f Faidon Liambotis
    if Tokens.SHIB_DISPLAYNAME in tokens:
60 f2bb825f Faidon Liambotis
        realname = tokens[Tokens.SHIB_DISPLAYNAME]
61 f2bb825f Faidon Liambotis
    elif Tokens.SHIB_CN in tokens:
62 fdc10aee Faidon Liambotis
        realname = tokens[Tokens.SHIB_CN]
63 f2bb825f Faidon Liambotis
    elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
64 f2bb825f Faidon Liambotis
        realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
65 f2bb825f Faidon Liambotis
    else:
66 f2bb825f Faidon Liambotis
        raise NoRealName("Authentication does not return the user's name")
67 1896d262 Georgios Gousios
68 f2bb825f Faidon Liambotis
    try:
69 f2bb825f Faidon Liambotis
        affiliation = tokens[Tokens.SHIB_EP_AFFILIATION]
70 f2bb825f Faidon Liambotis
    except KeyError:
71 f2bb825f Faidon Liambotis
        affiliation = 'member'
72 462c7e47 Georgios Gousios
73 f2bb825f Faidon Liambotis
    try:
74 f2bb825f Faidon Liambotis
        eppn = tokens[Tokens.SHIB_EPPN]
75 f2bb825f Faidon Liambotis
    except KeyError:
76 faa26af8 Georgios Gousios
        raise NoUniqueToken("Authentication does not return a unique token")
77 faa26af8 Georgios Gousios
78 f2bb825f Faidon Liambotis
    if affiliation == 'student':
79 f2bb825f Faidon Liambotis
        users.register_student(realname, '' , eppn)
80 1896d262 Georgios Gousios
    else:
81 f2bb825f Faidon Liambotis
        # this includes faculty but also staff, alumni, member, other, ...
82 f2bb825f Faidon Liambotis
        users.register_professor(realname, '' , eppn)
83 dbf97ed2 Georgios Gousios
84 63efc637 Georgios Gousios
    return True