678c35f Handle user session data for both internal and external authentication

7 files Authored by jdennis 4 years ago , Committed by puiterwijk 4 years ago ,
    Handle user session data for both internal and external authentication
    Ipsilon can authtenticate a user by itself via it's own login
    handlers (classes derived from `LoginManager`) or it can
    capitalize on the authentication provided by the container Ipsilon
    is running in (currently WSGI inside Apache). We refer to the
    later as "external authentication" because it occurs outside of
    Ipsilon. However in both cases there is a common need to execute
    the same code irregardless of where the authntication
    Establish a new mixin class LoginHelper and use it in both the
    LoginManagerBase class and the SAML2 SSO SOAP endpoint handler. The
    SOAP endpoint handler requires extenal authentication.
    LoginHelper.initialize_login_session() performs the common duty of
    establishing a login session and binding user attributes to that
    LoginHelper.get_external_auth_info() determines if external
    authentication has been performed and returns the name of the
    principal and the authentication method.
    Since SSO_SOAP utilizes external login it needs access to the Info
    providers in order to populate the user attributes in the returned
    SAML Assertion. The Info provider should be initialized only once and
    is done via the normal Ipsilon login provider initialization. SSO_SOAP
    obtains a reference to the Info provider bound to the login provider
    by accessing the provider._root.login.info member.
    In order to access the provider it was advantageous to explictily name
    the positional parameters passed to the __init__ calls instead of the
    previous practice of passing parameters anonymously in a *args
    tuple. In this manner the provider parameter is explicit instead
    having used a hardcoded index into the args tuple (e.g. provider =
    args[1]). The result is much cleaner, easier to read and more robust
    Thus the patch also modifies the __init__ argument list to explictly
    pass the site and provider parameters as the first and second
    positional parameters instead of having them be anonymously subsumed
    in the *args parameter. These parameters must always be passed because
    the ProviderPageBase __init__ requires them. Also modify the super
    calls used to initialize the parent class to pass the site and
    provider parameters. Calls to initialize ProviderPageBase only pass
    the site and provider parameters, they do not pass any additional
    anonymous parameters from the subclass.
    Ticket: 191
    Signed-off-by: John Dennis <jdennis@redhat.com>
    Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
file modified
+98 -17
file modified
+28 -27