Revision f2bb825f
b/aai/shibboleth.py | ||
---|---|---|
1 | 1 |
# |
2 | 2 |
# Business Logic for working with Shibboleth users |
3 | 3 |
# |
4 |
# Copyright 2010 Greek Research and Technology Network |
|
4 |
# Copyright 2010-2011 Greek Research and Technology Network
|
|
5 | 5 |
# |
6 | 6 |
|
7 | 7 |
from synnefo.logic import users |
8 | 8 |
|
9 |
|
|
10 | 9 |
class Tokens: |
10 |
# these are mapped by the Shibboleth SP software |
|
11 |
SHIB_EPPN = "eppn" # eduPersonPrincipalName |
|
11 | 12 |
SHIB_NAME = "Shib-InetOrgPerson-givenName" |
12 | 13 |
SHIB_SURNAME = "Shib-Person-surname" |
13 | 14 |
SHIB_CN = "Shib-Person-commonName" |
14 |
SHIB_DISPLAY_NAME = "displayName" |
|
15 |
SHIB_EPPN = "eppn" |
|
16 |
SHIB_EDU_PERSON_AFFILIATION = "shib_ep_primaryaffiliation" |
|
17 |
SHIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode" |
|
18 |
SHIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch" |
|
15 |
SHIB_DISPLAYNAME = "Shib-InetOrgPerson-displayName" |
|
16 |
SHIB_EP_AFFILIATION = "Shib-EP-Affiliation" |
|
19 | 17 |
SHIB_SESSION_ID = "Shib-Session-ID" |
20 | 18 |
|
21 |
class NoUniqueToken(BaseException): |
|
22 | 19 |
|
20 |
class NoUniqueToken(BaseException): |
|
23 | 21 |
def __init__(self, msg): |
24 | 22 |
self.msg = msg |
25 | 23 |
|
26 |
class NoRealName(BaseException): |
|
27 | 24 |
|
25 |
class NoRealName(BaseException): |
|
28 | 26 |
def __init__(self, msg): |
29 | 27 |
self.msg = msg |
30 | 28 |
|
31 |
def register_shibboleth_user(tokens): |
|
32 |
"""Registers a Shibboleth user using the input hash as a source for data. |
|
33 |
The token requirements are described in: |
|
34 |
http://aai.grnet.gr/policy |
|
35 |
""" |
|
36 |
realname = None |
|
37 |
|
|
38 |
if Tokens.SHIB_SURNAME in tokens: |
|
39 |
realname = tokens[Tokens.SHIB_SURNAME] |
|
40 |
else: |
|
41 |
realname = '' |
|
42 | 29 |
|
43 |
if Tokens.SHIB_NAME in tokens:
|
|
44 |
realname = tokens[Tokens.SHIB_NAME] + ' ' + realname
|
|
30 |
def register_shibboleth_user(tokens):
|
|
31 |
"""Registers a Shibboleth user using the input hash as a source for data."""
|
|
45 | 32 |
|
46 |
if Tokens.SHIB_CN in tokens: |
|
33 |
if Tokens.SHIB_DISPLAYNAME in tokens: |
|
34 |
realname = tokens[Tokens.SHIB_DISPLAYNAME] |
|
35 |
elif Tokens.SHIB_CN in tokens: |
|
47 | 36 |
realname = tokens[Tokens.SHIB_CN] |
37 |
elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens: |
|
38 |
realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME] |
|
39 |
else: |
|
40 |
raise NoRealName("Authentication does not return the user's name") |
|
48 | 41 |
|
49 |
is_student = Tokens.SHIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \
|
|
50 |
Tokens.SHIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
|
|
51 |
|
|
52 |
unq = tokens.get(Tokens.SHIB_EPPN)
|
|
42 |
try:
|
|
43 |
affiliation = tokens[Tokens.SHIB_EP_AFFILIATION]
|
|
44 |
except KeyError: |
|
45 |
affiliation = 'member'
|
|
53 | 46 |
|
54 |
if unq is None: |
|
47 |
try: |
|
48 |
eppn = tokens[Tokens.SHIB_EPPN] |
|
49 |
except KeyError: |
|
55 | 50 |
raise NoUniqueToken("Authentication does not return a unique token") |
56 | 51 |
|
57 |
if realname is None: |
|
58 |
raise NoRealName("Authentication does not return the user's name") |
|
59 |
|
|
60 |
if is_student: |
|
61 |
users.register_student(realname, '' , unq) |
|
52 |
if affiliation == 'student': |
|
53 |
users.register_student(realname, '' , eppn) |
|
62 | 54 |
else: |
63 |
users.register_professor(realname, '' , unq) |
|
55 |
# this includes faculty but also staff, alumni, member, other, ... |
|
56 |
users.register_professor(realname, '' , eppn) |
|
64 | 57 |
|
65 | 58 |
return True |
Also available in: Unified diff