OK, now globalauth works without apache2 fixup handler

2013-08-12 16:27:54 +04:00 · 2013-08-12 16:27:54 +04:00 · 0a6f6a7a66
parent 3ddd0caa42
commit 0a6f6a7a66
5 changed files with 98 additions and 36 deletions
--- a/bin/wsgi/viewvcwsgi.py
+++ b/bin/wsgi/viewvcwsgi.py
@ -0,0 +1,41 @@
+# -*-python-*-
+#
+# Copyright (C) 1999-2013 The ViewCVS Group. All Rights Reserved.
+#
+# By using this file, you agree to the terms and conditions set forth in
+# the LICENSE.html file which can be found at the top level of the ViewVC
+# distribution or at http://viewvc.org/license-1.html.
+#
+# For more information, visit http://viewvc.org/
+#
+# -----------------------------------------------------------------------
+#
+# viewvc: View CVS/SVN repositories via a web browser
+#
+# -----------------------------------------------------------------------
+#
+# This is a wsgi entry point for the main ViewVC app. It's appropriate
+# for use with mod_wsgi. It defines a single application function that
+# is a valid wsgi entry point.
+#
+# -----------------------------------------------------------------------
+
+import sys, os
+
+import viewvcinstallpath
+LIBRARY_DIR = viewvcinstallpath.LIBRARY_DIR
+CONF_PATHNAME = viewvcinstallpath.CONF_PATHNAME
+
+if LIBRARY_DIR:
+  sys.path.insert(0, LIBRARY_DIR)
+else:
+  sys.path.insert(0, os.path.abspath(os.path.join(
+    os.path.dirname(__file__), "../../lib")))
+import sapi
+import viewvc
+
+def application(environ, start_response):
+  server = sapi.WsgiServer(environ, start_response)
+  cfg = viewvc.load_config(CONF_PATHNAME, server)
+  viewvc.main(server, cfg)
+  return []
--- a/lib/globalauth.py
+++ b/lib/globalauth.py
@ -9,12 +9,11 @@
 #
 # import globalauth
 # c = globalauth.GlobalAuthClient()
-# try:
-#   c.auth(server)
-#   user_name = c.user_name
-#   user_url = c.user_url
-# except globalauth.ServerReturn:
-#   STOP REQUEST PROCESSING HERE WITHOUT ERROR
+# c.auth(server)
+# user_name = c.user_name
+# user_url = c.user_url
+#
+# auth() will call sys.exit() when it needs to stop request processing
 #
 # -----------------------------------------------------------------------

@ -26,6 +25,7 @@ import cgi
 import binascii
 import time
 import datetime
+import urllib
 import urllib2
 import anyjson
 import random
@ -33,15 +33,12 @@ import Cookie

 import ga_config

-class ServerReturn(Exception):
-
-  def __init__(self, code):
-    self.code = code
-
 class FileCache:

  def __init__(self, dir):
    self.dir = dir
+    if not os.path.isdir(dir):
+      os.mkdir(dir)

  def fn(self, key):
    key = re.sub('([^a-zA-Z0-9_\-]+)', lambda x: binascii.hexlify(x.group(1)), key)
@ -95,10 +92,18 @@ class GlobalAuthClient:
  ms = { 1 : 'Jan', 2 : 'Feb', 3 : 'Mar', 4 : 'Apr', 5 : 'May', 6 : 'Jun', 7 : 'Jul', 8 : 'Aug', 9 : 'Sep', 10 : 'Oct', 11 : 'Nov', 12 : 'Dec' }

  def __init__(self, server):
+
    self.server = server
-    self.v = server.params()
+    self.v = {}
+    for name, values in server.params().items():
+      self.v[name] = values[0]
+    fs = server.FieldStorage()
+    for name in fs:
+      self.v[name] = fs[name].value
+
    self.cookies = Cookie.SimpleCookie()
-    self.cookies.load(self.server.getenv('HTTP_COOKIE'))
+    # '' default value is needed here - else we die here under WSGI without any exception O_o
+    self.cookies.load(self.server.getenv('HTTP_COOKIE', ''))
    self.user_name = ''
    self.user_url = ''

@ -119,16 +124,16 @@ class GlobalAuthClient:
      'gc_probability'    : 20,
    }

-    for i in gac:
+    for i in self.gac:
      if ga_config.gac.get(i, None) is not None:
        self.gac[i] = ga_config.gac[i]

    self.cache = FileCache(self.gac['cache_dir'])

  def auth(self):
-    if self.gac['fof_sudo_server'] != '':
+    if self.gac['fof_sudo_server']:
      self.auth_fof_sudo()
-    if os.environ['REMOTE_USER'] == '' and self.gac['globalauth_server'] != '':
+    if not self.user_name and self.gac['globalauth_server']:
      self.auth_ga()

  def auth_ga(self):
@ -139,7 +144,9 @@ class GlobalAuthClient:
    if r_id:
      r_id = r_id.value
    ga_id = self.v.get('ga_id', '')
-    if self.v.get('ga_client', None):
+    self.log('vars: '+anyjson.serialize(self.v))
+    self.log('ga_client? '+self.v.get('ga_client', ''))
+    if self.v.get('ga_client', ''):
      self.ga_client(r_id, ga_id)
      return
    r_data = ''
@ -158,7 +165,9 @@ class GlobalAuthClient:

  def ga_client(self, r_id, ga_id):
    ga_key = self.v.get('ga_key', '')
-    if ga_key != '' and ga_key == self.cache.get('K'+ga_id):
+    self.log('vars: '+anyjson.serialize(self.v))
+    self.log('s2s? '+ga_key+' '+self.cache.get('K'+ga_id))
+    if ga_key and ga_key == self.cache.get('K'+ga_id):
      # Server-to-server request
      self.cache.delete('K'+ga_id)
      data = ''
@ -173,7 +182,7 @@ class GlobalAuthClient:
        self.cache.set('D'+ga_id, data)
        self.server.header('text/plain')
        self.server.write('1')
-        raise ServerReturn(200)
+        sys.exit()
    elif ga_key == '' and r_id != ga_id:
      # User redirect with different key
      d = self.cache.get('D'+ga_id)
@ -183,19 +192,15 @@ class GlobalAuthClient:
      if d != '':
        self.setcookie(ga_id)
        self.server.redirect(self.clean_uri())
-        raise ServerReturn(301)
-    self.server.header('text/plain')
+        sys.exit()
+    self.server.header('text/plain', status=404)
    self.server.write('GlobalAuth key doesn\'t match')
-    raise ServerReturn(404)
+    sys.exit()

  def ga_begin(self):
    ga_id = binascii.hexlify(os.urandom(16))
    ga_key = binascii.hexlify(os.urandom(16))
-    url = self.gac['globalauth_server']
-    if url.find('?') != -1:
-      url = url+'&'
-    else:
-      url = url+'?'
+    url = self.add_param(self.gac['globalauth_server'], '')
    try:
      resp = urllib2.urlopen(url+'ga_id='+urllib2.quote(ga_id)+'&ga_key='+urllib2.quote(ga_key))
      resp.read()
@ -204,16 +209,22 @@ class GlobalAuthClient:
    except:
      self.setcookie('nologin')
      self.server.redirect(self.clean_uri())
-      raise ServerReturn(301)
-    return_uri = 'http://'+self.server.getenv('HTTP_HOST')+self.server.getenv('REQUEST_URI')+'?ga_client=1';
-    if self.v:
-      return_uri = return_uri+'&'+urllib.urlencode(self.v)
+      sys.exit()
+    return_uri = 'http://'+self.server.getenv('HTTP_HOST')+self.server.getenv('REQUEST_URI')
+    return_uri = self.add_param(return_uri, 'ga_client=1')
    self.cache.set('K'+ga_id, ga_key)
    url = url+'ga_id='+urllib2.quote(ga_id)+'&ga_url='+urllib2.quote(return_uri)
    if self.v.get('ga_require', '') == '' and not self.gac['ga_always_require']:
      url = url+'&ga_check=1'
    self.server.redirect(url)
-    raise ServerReturn(301)
+    sys.exit()
+
+  def add_param(self, url, param):
+    if url.find('?') != -1:
+      url = url+'&'
+    else:
+      url = url+'?'
+    return url+param

  def auth_fof_sudo(self):
    sudo_id = self.cookies.get(self.gac['fof_sudo_cookie'], '')
@ -255,7 +266,7 @@ class GlobalAuthClient:
    uriargs = self.v.copy()
    for i in [ 'ga_id', 'ga_res', 'ga_key', 'ga_client', 'ga_nologin', 'ga_require' ]:
      uriargs.pop(i, None)
-    uri = 'http://'+self.server.getenv('HTTP_HOST')+self.server.getenv('REQUEST_URI')+'?'+urllib.urlencode(uriargs)
+    uri = 'http://'+self.server.getenv('HTTP_HOST')+self.server.getenv('SCRIPT_NAME')+'?'+urllib.urlencode(uriargs)
    return uri

  def set_user(self, r_data):
--- a/lib/viewvc.py
+++ b/lib/viewvc.py
@ -54,6 +54,8 @@ import vclib
 import vclib.ccvs
 import vclib.svn

+import globalauth
+
 try:
  import idiff
 except (SyntaxError, ImportError):
@ -122,6 +124,14 @@ class Request:
    # check for an authenticated username
    self.username = server.getenv('REMOTE_USER')

+    self.user_url = ''
+    if not self.username:
+      # try to authenticate using SimpleGlobalAuth
+      c = globalauth.GlobalAuthClient(server)
+      c.auth()
+      self.username = c.user_name
+      self.user_url = c.user_url
+
    # repository object cache
    self.all_repos = {}

@ -1609,7 +1619,7 @@ def common_template_data(request, revision=None, mime_type=None):
    'tarball_href' : None,
    'up_href'  : None,
    'username' : request.username,
-    'env_user_url' : os.environ.get('user_url', ''),
+    'user_url' : request.user_url,
    'view'     : _view_codes[request.view_func],
    'view_href' : None,
    'vsn' : __version__,
--- a/templates/classic/include/header.ezt
+++ b/templates/classic/include/header.ezt
@ -13,7 +13,7 @@
 <div class="vc_navheader">
 <table><tr>
 <td><strong>[if-any roots_href]<a href="[roots_href]"><span class="pathdiv">/</span></a>[else]<span class="pathdiv">/</span>[end][if-any nav_path][for nav_path][if-any nav_path.href]<a href="[nav_path.href]">[end][if-index nav_path first][[][nav_path.name]][else][nav_path.name][end][if-any nav_path.href]</a>[end][if-index nav_path last][else]<span class="pathdiv">/</span>[end][end][end]</strong></td>
-<td style="text-align: right;">[if-any username]Logged in as: <strong>[if-any env_user_url]<a href="[env_user_url]">[username]</a>[else][username][end]</strong>[else]<a href="?ga_require=1">Log in</a>[end]</td>
+<td style="text-align: right;">[if-any username]Logged in as: <strong>[if-any user_url]<a href="[user_url]">[username]</a>[else][username][end]</strong>[else]<a href="?ga_require=1">Log in</a>[end]</td>
 </tr></table>
 </div>

--- a/templates/default/include/header.ezt
+++ b/templates/default/include/header.ezt
@ -18,7 +18,7 @@
 <div id="vc_header">

 <div id="vc_topmatter">
-[if-any username]Logged in as: <strong>[username]</strong> |[end]
+[if-any username]Logged in as: <strong>[if-any user_url]<a href="[user_url]">[username]</a>[else][username][end]</strong> |[end]
 <a href="[help_href]">ViewVC Help</a>
 </div>