Statistics
| Branch: | Tag: | Revision:

root / logic / shibboleth.py @ faa26af8

History | View | Annotate | Download (1.7 kB)

1
#
2
# Business Logic for working with sibbolleth users
3
#
4
# Copyright 2010 Greek Research and Technology Network
5
#
6

    
7
from synnefo.logic import users
8

    
9
class Tokens:
10
    SIB_GIVEN_NAME = "givenName"
11
    SIB_SN = "sn"
12
    SIB_CN = "cn"
13
    SIB_DISPLAY_NAME = "displayName"
14
    SIB_EDU_PERSON_PRINCIPAL_NAME = "eduPersonPrincipalName"
15
    SIB_EDU_PERSON_AFFILIATION = "eduPersonAffiliation"
16
    SIB_SCHAC_HOME_ORGANISATION = "schacHomeOrganization"
17
    SIB_SCHAC_PERSONAL_UNIQUE_CODE = "schacPersonalUniqueCode"
18
    SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH = "grEduPersonUndergraduateBranch"
19

    
20
class NoUniqueToken(object):
21

    
22
    def __init__(self, msg):
23
        self.msg = msg
24
    
25
    pass
26

    
27
class NoRealName(object):
28

    
29
    def __init__(self, msg):
30
        self.msg = msg
31

    
32
    pass
33

    
34
def register_shibboleth_user(tokens):
35
    """Registers a sibbolleth user using the input hash as a source for data.
36
       The token requirements are described in:
37
       http://aai.grnet.gr/policy
38
    """
39
    realname = None
40

    
41
    if Tokens.SIB_GIVEN_NAME in tokens:
42
        realname = tokens[Tokens.SIB_GIVEN_NAME]
43

    
44
    if Tokens.SIB_DISPLAY_NAME in tokens:
45
        realname = tokens[Tokens.SIB_DISPLAY_NAME]
46

    
47
    is_student = Tokens.SIB_SCHAC_PERSONAL_UNIQUE_CODE in tokens or \
48
                 Tokens.SIB_GR_EDU_PERSON_UNDERGRADUATE_BRANCH in tokens
49

    
50
    unq = tokens.get(Tokens.SIB_EDU_PERSON_PRINCIPAL_NAME)
51

    
52
    if unq is None:
53
        raise NoUniqueToken("Authentication does not return a unique token")
54

    
55
    if realname is None:
56
        raise NoRealName("Authentication does not return the user's name")
57

    
58
    if is_student:
59
        users.register_student(realname, '' ,unq)
60
    else:
61
        users.register_professor(realname, '' ,unq)
62

    
63
    return True