root / aai / shibboleth.py @ ace4bd5d
History | View | Annotate | Download (3.2 kB)
| 1 |
# Copyright 2011 GRNET S.A. All rights reserved.
|
|---|---|
| 2 |
#
|
| 3 |
# Redistribution and use in source and binary forms, with or without
|
| 4 |
# modification, are permitted provided that the following conditions
|
| 5 |
# are met:
|
| 6 |
#
|
| 7 |
# 1. Redistributions of source code must retain the above copyright
|
| 8 |
# notice, this list of conditions and the following disclaimer.
|
| 9 |
#
|
| 10 |
# 2. Redistributions in binary form must reproduce the above copyright
|
| 11 |
# notice, this list of conditions and the following disclaimer in the
|
| 12 |
# documentation and/or other materials provided with the distribution.
|
| 13 |
#
|
| 14 |
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
| 15 |
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
| 16 |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
| 17 |
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
| 18 |
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
| 19 |
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
| 20 |
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
| 21 |
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
| 22 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
| 23 |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
| 24 |
# SUCH DAMAGE.
|
| 25 |
#
|
| 26 |
# The views and conclusions contained in the software and documentation are
|
| 27 |
# those of the authors and should not be interpreted as representing official
|
| 28 |
# policies, either expressed or implied, of GRNET S.A.
|
| 29 |
|
| 30 |
# Business Logic for working with sibbolleth users
|
| 31 |
|
| 32 |
from synnefo.logic import users |
| 33 |
|
| 34 |
|
| 35 |
class Tokens: |
| 36 |
SIB_NAME = "Shib-InetOrgPerson-givenName"
|
| 37 |
SIB_SURNAME = "Shib-Person-surname"
|
| 38 |
SIB_CN = "Shib-Person-commonName"
|
| 39 |
SIB_DISPLAY_NAME = "displayName"
|
| 40 |
SIB_EPPN = "eppn"
|
| 41 |
SIB_EDU_PERSON_AFFILIATION = "shib_ep_primaryaffiliation"
|
| 42 |
SIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode"
|
| 43 |
SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch"
|
| 44 |
SIB_SESSION_ID = "Shib-Session-ID"
|
| 45 |
|
| 46 |
class NoUniqueToken(BaseException): |
| 47 |
|
| 48 |
def __init__(self, msg): |
| 49 |
self.msg = msg
|
| 50 |
|
| 51 |
class NoRealName(BaseException): |
| 52 |
|
| 53 |
def __init__(self, msg): |
| 54 |
self.msg = msg
|
| 55 |
|
| 56 |
def register_shibboleth_user(tokens): |
| 57 |
"""Registers a sibbolleth user using the input hash as a source for data.
|
| 58 |
The token requirements are described in:
|
| 59 |
http://aai.grnet.gr/policy
|
| 60 |
"""
|
| 61 |
realname = None
|
| 62 |
|
| 63 |
if Tokens.SIB_SURNAME in tokens: |
| 64 |
realname = tokens[Tokens.SIB_SURNAME] |
| 65 |
else:
|
| 66 |
realname = ''
|
| 67 |
|
| 68 |
if Tokens.SIB_NAME in tokens: |
| 69 |
realname = tokens[Tokens.SIB_NAME] + ' ' + realname
|
| 70 |
|
| 71 |
if Tokens.SIB_CN in tokens: |
| 72 |
realname = tokens[Tokens.SIB_CN] |
| 73 |
|
| 74 |
is_student = Tokens.SIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \ |
| 75 |
Tokens.SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
|
| 76 |
|
| 77 |
unq = tokens.get(Tokens.SIB_EPPN) |
| 78 |
|
| 79 |
if unq is None: |
| 80 |
raise NoUniqueToken("Authentication does not return a unique token") |
| 81 |
|
| 82 |
if realname is None: |
| 83 |
raise NoRealName("Authentication does not return the user's name") |
| 84 |
|
| 85 |
if is_student:
|
| 86 |
users.register_student(realname, '' , unq)
|
| 87 |
else:
|
| 88 |
users.register_professor(realname, '' , unq)
|
| 89 |
|
| 90 |
return True |