Source Code for Package glue.auth

  1  # Copyright (C) 2013 Duncan Macleod 
  2   
  3  # GLUE is free software: you can redistribute it and/or modify it under the 
  4  # terms of the GNU General Public License as published by the Free Software 
  5  # Foundation, either version 3 of the License, or (at your option) any later 
  6  # version. 
  7  #  
  8  # This program is distributed in the hope that it will be useful, but WITHOUT 
  9  # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 
 10  # FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more 
 11  # details. 
 12  #  
 13  # You should have received a copy of the GNU General Public License along with 
 14  # this program.  If not, see <http://www.gnu.org/licenses/>. 
 15   
 16  """The glue.auth module provides methods to communicate with data 
 17  stored behind the LIGO.ORG authentication system 
 18  """ 
 19   
 20  import os 
 21  import sys 
 22  import stat 
 23  from six.moves import urllib 
 24  import six.moves.http_cookiejar 
 25   
 26  from .saml import HTTPNegotiateAuthHandler 
 27  from .. import git_version 
 28   
 29  __author__ = "Duncan Macleod <duncan.macleod@ligo.org>" 
 30  __credits__ = "Scott Koranda <scott.koranda@ligo.org>" 
 31  __date__ = git_version.date 
 32  __version__ = git_version.id 
 33   
 34  COOKIE_JAR = '/tmp/%s_cookies' % os.getenv('USER') 
 35  LIGO_LOGIN_URL = 'login.ligo.org' 
 36   
 37   
 38 -def request_ligodotorg(url, debug=False): 
 39      """Request the given URL using LIGO.ORG SAML authentication. 
 40   
 41      This requires an active Kerberos ticket for the user, to get one: 
 42   
 43      $ kinit albert.einstein@LIGO.ORG 
 44   
 45      Parameters 
 46      ---------- 
 47      url : `str` 
 48          URL path for request 
 49      debug : `bool`, optional 
 50          Query in verbose debuggin mode, default `False` 
 51   
 52      Returns 
 53      ------- 
 54      urllib.addinfourl 
 55          file object containing output data, use .read() to extract 
 56          text content 
 57      """ 
 58      # set debug to 1 to see all HTTP(s) traffic 
 59      debug = int(debug) 
 60   
 61      # need an instance of HTTPS handler to do HTTPS 
 62      httpsHandler = HTTPSHandler(debuglevel = debug) 
 63   
 64      # use a cookie jar to store session cookies 
 65      jar = six.moves.http_cookiejar.LWPCookieJar() 
 66   
 67      # if a cookier jar exists open it and read the cookies 
 68      # and make sure it has the right permissions 
 69      if os.path.exists(COOKIE_JAR): 
 70          os.chmod(COOKIE_JAR, stat.S_IRUSR | stat.S_IWUSR) 
 71   
 72          # set ignore_discard so that session cookies are preserved 
 73          jar.load(COOKIE_JAR, ignore_discard = True) 
 74   
 75      # create a cookie handler from the cookier jar 
 76      cookie_handler = urllib.request.HTTPCookieProcessor(jar) 
 77      # need a redirect handler to follow redirects 
 78      redirectHandler = urllib.request.HTTPRedirectHandler() 
 79   
 80      # need an auth handler that can do negotiation. 
 81      # input parameter is the Kerberos service principal. 
 82      auth_handler = HTTPNegotiateAuthHandler(service_principal='HTTP@%s' 
 83                                                              % (LIGO_LOGIN_URL)) 
 84   
 85      # create the opener. 
 86      opener = urllib.request.build_opener(auth_handler, cookie_handler, httpsHandler, 
 87                                    redirectHandler) 
 88   
 89      # prepare the request object 
 90      request = urllib.request.Request(url) 
 91   
 92      # use the opener and the request object to make the request. 
 93      response = opener.open(request) 
 94   
 95      # save the session cookies to a file so that they can 
 96      # be used again without having to authenticate 
 97      jar.save(COOKIE_JAR, ignore_discard=True) 
 98   
 99      return response 
100