/aai/shibboleth.py - Annotate - Synnefo - Greek Research and Technology Network's projects

| Branch: | Tag: | Revision:

root / aai / shibboleth.py @ ac3c3a4b

History | View | Annotate | Download (1.8 kB)

1	462c7e47	Georgios Gousios	#
2	462c7e47	Georgios Gousios	# Business Logic for working with sibbolleth users
3	462c7e47	Georgios Gousios	#
4	462c7e47	Georgios Gousios	# Copyright 2010 Greek Research and Technology Network
5	462c7e47	Georgios Gousios	#
6	462c7e47	Georgios Gousios
7	462c7e47	Georgios Gousios	from synnefo.logic import users
8	462c7e47	Georgios Gousios
9	462c7e47	Georgios Gousios	class Tokens:
10	63efc637	Georgios Gousios	SIB_NAME = "Shib-InetOrgPerson-givenName"
11	63efc637	Georgios Gousios	SIB_SURNAME = "Shib-Person-surname"
12	63efc637	Georgios Gousios	SIB_CN = "Shib-Person-commonName"
13	462c7e47	Georgios Gousios	SIB_DISPLAY_NAME = "displayName"
14	63efc637	Georgios Gousios	SIB_EPPN = "eppn"
15	73dbfbf5	Georgios Gousios	SIB_EDU_PERSON_AFFILIATION = "shib_ep_primaryaffiliation"
16	462c7e47	Georgios Gousios	SIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode"
17	462c7e47	Georgios Gousios	SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch"
18	ac3c3a4b	Georgios Gousios	SIB_SESSION_ID = "Shib-Session-ID"
19	462c7e47	Georgios Gousios
20	462c7e47	Georgios Gousios	class NoUniqueToken(object):
21	faa26af8	Georgios Gousios
22	faa26af8	Georgios Gousios	def __init__(self, msg):
23	faa26af8	Georgios Gousios	self.msg = msg
24	faa26af8	Georgios Gousios
25	faa26af8	Georgios Gousios	pass
26	faa26af8	Georgios Gousios
27	faa26af8	Georgios Gousios	class NoRealName(object):
28	faa26af8	Georgios Gousios
29	faa26af8	Georgios Gousios	def __init__(self, msg):
30	faa26af8	Georgios Gousios	self.msg = msg
31	faa26af8	Georgios Gousios
32	462c7e47	Georgios Gousios	pass
33	462c7e47	Georgios Gousios
34	dd53338a	Georgios Gousios	def register_shibboleth_user(tokens):
35	462c7e47	Georgios Gousios	"""Registers a sibbolleth user using the input hash as a source for data.
36	1896d262	Georgios Gousios	The token requirements are described in:
37	462c7e47	Georgios Gousios	http://aai.grnet.gr/policy
38	462c7e47	Georgios Gousios	"""
39	1896d262	Georgios Gousios	realname = None
40	dd53338a	Georgios Gousios
41	63efc637	Georgios Gousios	if Tokens.SIB_SURNAME in tokens:
42	63efc637	Georgios Gousios	realname = tokens[Tokens.SIB_SURNAME]
43	ac3c3a4b	Georgios Gousios	else:
44	ac3c3a4b	Georgios Gousios	realname = ''
45	462c7e47	Georgios Gousios
46	63efc637	Georgios Gousios	if Tokens.SIB_NAME in tokens:
47	63efc637	Georgios Gousios	realname = tokens[Tokens.SIB_NAME] + ' ' + realname
48	63efc637	Georgios Gousios
49	63efc637	Georgios Gousios	if Tokens.SIB_CN in tokens:
50	63efc637	Georgios Gousios	realname = tokens[Tokens.SIB_CN]
51	1896d262	Georgios Gousios
52	1896d262	Georgios Gousios	is_student = Tokens.SIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \
53	1896d262	Georgios Gousios	Tokens.SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
54	1896d262	Georgios Gousios
55	63efc637	Georgios Gousios	unq = tokens.get(Tokens.SIB_EPPN)
56	462c7e47	Georgios Gousios
57	462c7e47	Georgios Gousios	if unq is None:
58	faa26af8	Georgios Gousios	raise NoUniqueToken("Authentication does not return a unique token")
59	faa26af8	Georgios Gousios
60	faa26af8	Georgios Gousios	if realname is None:
61	faa26af8	Georgios Gousios	raise NoRealName("Authentication does not return the user's name")
62	462c7e47	Georgios Gousios
63	462c7e47	Georgios Gousios	if is_student:
64	462c7e47	Georgios Gousios	users.register_student(realname, '' ,unq)
65	1896d262	Georgios Gousios	else:
66	462c7e47	Georgios Gousios	users.register_professor(realname, '' ,unq)
67	dbf97ed2	Georgios Gousios
68	63efc637	Georgios Gousios	return True