-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
694 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
/geomapfish_geoportal/static-ngeo/js/apps/duo/Duo-Web-v2.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
extends: | ||
- openlayers | ||
globals: | ||
'Duo': false | ||
'geomapfish': false | ||
env: | ||
jquery: true | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
# FIXME: is_password_changed | ||
# FIXME: consecutive_failed | ||
# FIXME: update_last_login | ||
|
||
import logging | ||
|
||
from pyramid.view import view_config | ||
from pyramid.authentication import AuthTktAuthenticationPolicy | ||
from pyramid.security import remember | ||
from pyramid.httpexceptions import HTTPBadRequest, HTTPFound, HTTPUnauthorized | ||
|
||
from c2cgeoportal_geoportal.resources import defaultgroupsfinder | ||
|
||
from duo_web import sign_request, verify_response | ||
|
||
|
||
LOG = logging.getLogger(__name__) | ||
logging.basicConfig(level=10) | ||
|
||
def includeme(config): | ||
config.add_route('login', '/login') | ||
config.add_view(login, route_name='login') | ||
config.add_route('duoweb_post_action', '/duoweb/post_action') | ||
config.add_view(duoweb_post_action, route_name='duoweb_post_action') | ||
|
||
|
||
def create_authentication(settings): | ||
timeout = settings.get("authtkt_timeout") | ||
timeout = None if timeout is None or timeout.lower() == "none" else int(timeout) | ||
reissue_time = settings.get("authtkt_reissue_time") | ||
reissue_time = None if reissue_time is None or reissue_time.lower() == "none" else int(reissue_time) | ||
max_age = settings.get("authtkt_max_age") | ||
max_age = None if max_age is None or max_age.lower() == "none" else int(max_age) | ||
http_only = settings.get("authtkt_http_only", "True") | ||
http_only = http_only.lower() in ("true", "yes", "1") | ||
secure = settings.get("authtkt_secure", "True") | ||
secure = secure.lower() in ("true", "yes", "1") | ||
samesite = settings.get("authtkt_samesite", "Lax") | ||
secret = settings.get("authtkt_secret") | ||
return DuoWebAuthenticationPolicy( | ||
secret, | ||
callback=defaultgroupsfinder, | ||
cookie_name=settings["authtkt_cookie_name"], | ||
samesite=None if samesite == "" else samesite, | ||
timeout=timeout, | ||
max_age=timeout, | ||
reissue_time=reissue_time, | ||
hashalg="sha512", | ||
http_only=http_only, | ||
secure=secure, | ||
) | ||
|
||
class DuoWebAuthenticationPolicy(AuthTktAuthenticationPolicy): | ||
def authenticated_userid(self, request): | ||
# FIXME: necessary ? | ||
userid = self.unauthenticated_userid(request) | ||
LOG.info('authenticated_userid: %s' % userid) | ||
if userid is not None: | ||
return userid | ||
# else: | ||
# # back from DuoWeb, validate response | ||
# sig_response = request.params.get('sig_response') | ||
# if sig_response is not None: | ||
# return verify_response(ikey, skey, akey, sig_response) | ||
|
||
# FIXME: 'duoweb_login' instead of 'login' ? | ||
@view_config(route_name='login', renderer='json') | ||
def login(request): | ||
login = request.params.get("login") | ||
password = request.params.get("password") | ||
if login is None or password is None: | ||
raise HTTPBadRequest() | ||
username = request.registry.validate_user(request, login, password) | ||
if username is None: | ||
raise HTTPUnauthorized() | ||
|
||
config = request.registry.settings.get('duo_web') | ||
return { | ||
'sig_request': sign_request(**config, username=username), | ||
# 'c2cjufr': sign_request(ikey, skey, akey, 'c2cjufr') | ||
} | ||
|
||
|
||
@view_config(route_name='duoweb_post_action', renderer='json') | ||
def duoweb_post_action(request): | ||
sig_response = request.params.get('sig_response') | ||
config = request.registry.settings.get('duo_web') | ||
authenticated_username = verify_response(**config, sig_response=sig_response) | ||
if authenticated_username is not None: | ||
headers = remember(request, authenticated_username) | ||
return HTTPFound(request.route_url('loginuser'), headers=headers) | ||
else: | ||
raise HTTPUnauthorized() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.