From 22d3ff6cd4406de99241fa661b54e12189013a8e Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 8 Jul 2015 00:33:26 +0000
Subject: [PATCH] Add Ipsilon OpenID API Extension

---
 roles/ipsilon/files/api.py                 | 98 ++++++++++++++++++++++
 roles/ipsilon/tasks/main.yml               |  5 ++
 roles/ipsilon/templates/configuration.conf |  2 +-
 3 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 roles/ipsilon/files/api.py

diff --git a/roles/ipsilon/files/api.py b/roles/ipsilon/files/api.py
new file mode 100644
index 0000000000..dd0f8b05c0
--- /dev/null
+++ b/roles/ipsilon/files/api.py
@@ -0,0 +1,98 @@
+# Copyright (C) 2015 Patrick Uiterwijk, for license see COPYING
+
+from __future__ import absolute_import
+
+from ipsilon.providers.openid.extensions.common import OpenidExtensionBase
+import ipsilon.root
+from ipsilon.util.page import Page
+from ipsilon.util.user import User
+
+import json
+import inspect
+
+
+class OpenidExtension(OpenidExtensionBase):
+
+    def __init__(self, *pargs):
+        super(OpenidExtension, self).__init__('API')
+
+    def enable(self):
+        # This is the most ugly hack in my history of python...
+        # But I need to find the root object, and that is not passed into
+        #  the OpenID extension system anywhere...
+        root_obj = inspect.stack()[5][0].f_locals['self']
+        root_obj.api = APIPage(root_obj)
+
+
+class APIPage(Page):
+    def __init__(self, root_obj):
+        ipsilon.root.sites['api'] = dict()
+        ipsilon.root.sites['api']['template_env'] = \
+            ipsilon.root.sites['default']['template_env']
+        super(APIPage, self).__init__(ipsilon.root.sites['api'])
+        self.v1 = APIV1Page(root_obj)
+
+
+class APIV1Page(Page):
+    def __init__(self, root_obj):
+        ipsilon.root.sites['api_v1'] = dict()
+        ipsilon.root.sites['api_v1']['template_env'] = \
+            ipsilon.root.sites['default']['template_env']
+        super(APIV1Page, self).__init__(ipsilon.root.sites['api_v1'])
+        self.root_obj = root_obj
+
+    def root(self, *args, **kwargs):
+        return json.dumps(self._perform_call(kwargs))
+
+    def _perform_call(self, arguments):
+        fas = self.root_obj.login.fas.lm
+        openid = self.root_obj.openid
+
+        openid_request = None
+        try:
+            openid_request = openid.cfg.server.decodeRequest(arguments)
+        except Exception, ex:
+            print 'Error during openid decoding: %s' % ex
+            return {'success': False,
+                    'status': 400,
+                    'message': 'Invalid request'
+                    }
+        if not openid_request:
+            print 'No OpenID request parsed'
+            return {'success': False,
+                    'status': 400,
+                    'message': 'Invalid request'
+                    }
+        if not arguments['auth_module'] == 'fedoauth.auth.fas.Auth_FAS':
+            print 'Unknown auth module selected'
+            return {'success': False,
+                    'status': 400,
+                    'message': 'Unknown authentication module'
+                    }
+        username = arguments['username']
+        password = arguments['password']
+        user = None
+        userdata = None
+        try:
+            _, user = fas.fpc.login(username, password)
+            userdata = fas.page.make_userdata(user.user)
+        except Exception, ex:
+            print 'Error during auth: %s' % ex
+            pass
+
+        if user is None or userdata is None:
+            print 'No user or data: %s, %s' % (user, userdata)
+            return {'success': False,
+                    'status': 400,
+                    'message': 'Authentication failed'}
+
+        us_obj = User(username)
+        fake_session = lambda: None
+        setattr(fake_session, 'get_user', lambda *args: us_obj)
+        setattr(fake_session, 'get_user_attrs', lambda *args: userdata)
+
+        openid_response = openid._response(openid_request, fake_session)
+        openid_response = openid.cfg.server.signatory.sign(openid_response).fields.toPostArgs()
+        return {'success': True,
+                'response': openid_response}
+
diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 0ea6fac2c3..ad00d60565 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -18,6 +18,11 @@
   tags:
   - packages
 
+- name: Copy OpenID API extension
+  copy: src=api.py
+        dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openid/extensions/api.py
+        owner=root group=root mode=0644
+
 - name: copy ipsilon templates
   copy: src=templates/
         dest=/usr/share/ipsilon/templates-fedora
diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index c64a69559d..3ed8e4eeeb 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -35,5 +35,5 @@ openid trusted roots=http://jenkins.cloud.fedoraproject.org/securityRealm/finish
 {% endif %}
 openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}
 openid untrusted roots=
-openid enabled extensions=Teams,Attribute Exchange,CLAs,Simple Registration
+openid enabled extensions=Teams,Attribute Exchange,CLAs,Simple Registration,API