Commit 64cd4730 authored by Antony Chazapis's avatar Antony Chazapis

Initial commit. Move from pithos repository.

parents
docs/build
*.db
*.pyc
.DS_Store
Copyright 2011 GRNET S.A. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above
copyright notice, this list of conditions and the following
disclaimer.
2. Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials
provided with the distribution.
THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and
documentation are those of the authors and should not be
interpreted as representing official policies, either expressed
or implied, of GRNET S.A.
global-include */templates/* */fixtures/* */static/*
global-exclude */.DS_Store
include astakos/settings.d/*
prune docs
prune other
README
======
Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/).
Learn more about Astakos at: http://code.grnet.gr/projects/astakos
Consult LICENSE for licensing information.
Documentation
-------------
All docs are in the docs/source directory. The .rst files are perfectly readable in source form.
To build the documentation you need to have Sphinx (http://sphinx.pocoo.org/) installed.
On a typical debian-based Linux system run:
apt-get install python-django python-django-south python-setuptools python-sphinx python-httplib2
Then run:
python setup.py build_sphinx
The documentation will be built in the docs/build/html directory.
Also run:
python setup.py build_sphinx -b text
Then find the plain text version of the docs in docs/build/text.
Running the server
------------------
Make sure you have all required packages installed:
apt-get install python-django python-setuptools python-sphinx python-httplib2
Then run:
python manage.py syncdb
python manage.py migrate im
python manage.py loaddata admin_user
python manage.py runserver
Go to:
http://127.0.0.1:8000/im/admin?user=admin&token=0000
This server is useful during development, but should not be used for deployment.
To deploy Astakos using Apache, take a look at the Administrator Guide in docs.
UPGRADE
=======
0.7.9 -> 0.7.10
---------------
* Update settings.py (BACKEND_*, SERVICE_NAME, *_EMAIL, *_TARGET, IM_*)
* Update 'attributes' table in mysql (backend):
mysql> update attributes set `key`='ETag' where `key`='hash';
* Upgrade 'im_user' table (im app):
ALTER TABLE im_user ADD COLUMN 'password' VARCHAR(255);
0.7.10 -> 0.8.0
---------------
* Upgrade 'public' table in mysql (backend):
* Run: mysqldump pithosdb public > public-table.sql
* mysql> drop table public;
* Update the codebase and run the server so the new public table is created
* From the sql dump above, take the row:
INSERT INTO `public` VALUES (...);
Rewrite as:
INSERT INTO `public`(`path`) VALUES (...);
And execute in the database
* Create settings.local with local setting overrides
* Install python-django-south
* Setup south:
python manage.py syncdb
python manage.py migrate im 0001 --fake
python manage.py migrate im
0.8.0 -> 0.8.1
--------------
* Reset 'policy' table in mysql (backend):
mysql> update policy set `value`='auto' where `key`='versioning';
0.8.1 -> 0.8.2
--------------
* Add the 'X-Forwarded-Protocol' header directive in the apache configuration, as described in the admin guide
* Update 'attributes' table in mysql (backend):
mysql> CREATE TABLE `attributes_new` (
`serial` int(11) NOT NULL,
`domain` varchar(255) COLLATE utf8_bin NOT NULL,
`key` varchar(255) COLLATE utf8_bin NOT NULL,
`value` varchar(255) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`serial`,`domain`,`key`),
CONSTRAINT FOREIGN KEY (`serial`) REFERENCES `versions` (`serial`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
mysql> insert into attributes_new select `serial`, 'pithos', `key`, `value` from attributes;
mysql> drop table attributes;
mysql> alter table attributes_new rename to attributes;
* Update 'versions' table in mysql (backend):
mysql> create temporary table tmp_uuids as select distinct node, uuid() as `uuid` from versions;
mysql> alter table versions add column `uuid` varchar(64) DEFAULT '' NOT NULL after `muser`;
mysql> update versions v, tmp_uuids u set v.`uuid` = u.`uuid` where v.`node` = u.`node`;
mysql> create index idx_versions_node_uuid on versions(uuid);
# Copyright (c) Django Software Foundation and individual contributors.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# 3. Neither the name of Django nor the names of its contributors may be used
# to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
VERSION = (0, 1, 0, 'alpha', 0)
def get_version():
version = '%s.%s' % (VERSION[0], VERSION[1])
if VERSION[2]:
version = '%s.%s' % (version, VERSION[2])
if VERSION[3:] == ('alpha', 0):
version = '%s pre-alpha' % version
else:
if VERSION[3] != 'final':
version = '%s %s %s' % (version, VERSION[3], VERSION[4])
return version
# Copyright 2011 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from traceback import format_exc
from time import time, mktime
from django.conf import settings
from django.http import HttpResponse
from django.utils import simplejson as json
from astakos.im.faults import BadRequest, Unauthorized, ServiceUnavailable
from astakos.im.models import User
import datetime
def render_fault(request, fault):
if settings.DEBUG or settings.TEST:
fault.details = format_exc(fault)
request.serialization = 'text'
data = '\n'.join((fault.message, fault.details)) + '\n'
response = HttpResponse(data, status=fault.code)
return response
def update_response_headers(response):
response['Content-Type'] = 'application/json; charset=UTF-8'
response['Content-Length'] = len(response.content)
def authenticate(request):
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503)
# badRequest (400)
# unauthorised (401)
try:
if request.method != 'GET':
raise BadRequest('Method not allowed.')
x_auth_token = request.META.get('HTTP_X_AUTH_TOKEN')
if not x_auth_token:
return render_fault(request, BadRequest('Missing X-Auth-Token'))
try:
user = User.objects.get(auth_token=x_auth_token)
except User.DoesNotExist, e:
return render_fault(request, Unauthorized('Invalid X-Auth-Token'))
# Check if the is active.
if user.state != 'ACTIVE':
return render_fault(request, Unauthorized('User inactive'))
# Check if the token has expired.
if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
return render_fault(request, Unauthorized('Authentication expired'))
response = HttpResponse()
response.status=204
user_info = user.__dict__
for k,v in user_info.items():
if isinstance(v, datetime.datetime):
user_info[k] = v.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
user_info.pop('_state')
response.content = json.dumps(user_info)
update_response_headers(response)
return response
except BaseException, e:
fault = ServiceUnavailable('Unexpected error')
return render_fault(request, fault)
# Copyright 2011 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
def camelCase(s):
return s[0].lower() + s[1:]
class Fault(Exception):
def __init__(self, message='', details='', name=''):
Exception.__init__(self, message, details, name)
self.message = message
self.details = details
self.name = name or camelCase(self.__class__.__name__)
class BadRequest(Fault):
code = 400
class Unauthorized(Fault):
code = 401
class ServiceUnavailable(Fault):
code = 503
\ No newline at end of file
[
{
"model": "im.User",
"pk": 1,
"fields": {
"uniq": "admin",
"password": "admin",
"level": 0,
"state": ACTIVE,
"invitations": 10000,
"is_admin": true,
"auth_token": "0000",
"auth_token_created": "2011-09-11 09:17:14",
"auth_token_expires": "2012-09-11 09:17:14",
"created": "2011-09-11",
"updated": "2011-09-11"
}
}
]
[
{
"model": "im.User",
"pk": 1,
"fields": {
"uniq": "test",
"level": 0,
"state": "ACTIVE",
"invitations": 10000,
"auth_token": "0000",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 2,
"fields": {
"uniq": "verigak",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"is_admin": 1,
"auth_token": "0001",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 3,
"fields": {
"uniq": "chazapis",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0002",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 4,
"fields": {
"uniq": "gtsouk",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0003",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 5,
"fields": {
"uniq": "papagian",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0004",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 6,
"fields": {
"uniq": "louridas",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0005",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 7,
"fields": {
"uniq": "chstath",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0006",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 8,
"fields": {
"uniq": "pkanavos",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0007",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 9,
"fields": {
"uniq": "mvasilak",
"level": 1,
"state": "ACTIVE",
"invitations": 3,
"auth_token": "0008",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
},
{
"model": "im.User",
"pk": 10,
"fields": {
"uniq": "διογένης",
"level": 2,
"state": "ACTIVE",
"invitations": 2,
"auth_token": "0009",
"auth_token_created": "2011-04-07 09:17:14",
"auth_token_expires": "2015-04-07 09:17:14",
"created": "2011-02-06",
"updated": "2011-02-06"
}
}
]
# Copyright 2011 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from django import forms
from django.utils.translation import ugettext as _
from django.conf import settings
from astakos.im.models import User
openid_providers = (
('Google','https://www.google.com/accounts/o8/id'),
('Yahoo', 'http://yahoo.com/'),
('AOL','http://openid.aol.com/%s/'),
('OpenID', None),
('MyOpenID','http://%s.myopenid.com/'),
('LiveJournal', 'http://%s.livejournal.com/'),
('Flickr', 'http://flickr.com/%s/'),
('Technorati', 'http://technorati.com/people/technorati/%s/'),
('Wordpress', 'http://%s.wordpress.com/'),
('Blogger', 'http://%s.blogspot.com/'),
('Verisign', 'http://%s.pip.verisignlabs.com/'),
('Vidoop', 'http://%s.myvidoop.com/'),
('ClaimID','http://claimid.com/%s')
)
class RegisterForm(forms.Form):
uniq = forms.CharField(widget=forms.widgets.TextInput())
provider = forms.CharField(widget=forms.TextInput(),
label=u'Identity Provider')
email = forms.EmailField(widget=forms.TextInput(),
label=_('Email address'))
realname = forms.CharField(widget=forms.TextInput(),
label=u'Real Name')
def __init__(self, *args, **kwargs):
super(forms.Form, self).__init__(*args, **kwargs)
#set readonly form fields
self.fields['provider'].widget.attrs['readonly'] = True
def clean_uniq(self):
"""
Validate that the uniq is alphanumeric and is not already
in use.
"""
try:
user = User.objects.get(uniq__iexact=self.cleaned_data['uniq'])
except User.DoesNotExist:
return self.cleaned_data['uniq']
raise forms.ValidationError(_("A user with that uniq already exists."))
class ShibbolethRegisterForm(RegisterForm):
pass
class TwitterRegisterForm(RegisterForm):
pass
class OpenidRegisterForm(RegisterForm):
openidurl = forms.ChoiceField(widget=forms.Select,
choices=((url, l) for l, url in openid_providers))
class LocalRegisterForm(RegisterForm):
""" local signup form"""
password = forms.CharField(widget=forms.PasswordInput(render_value=False),
label=_('Password'))
password2 = forms.CharField(widget=forms.PasswordInput(render_value=False),
label=_('Confirm Password'))
def __init__(self, *args, **kwargs):
super(LocalRegisterForm, self).__init__(*args, **kwargs)
def clean_uniq(self):
"""
Validate that the uniq is alphanumeric and is not already
in use.
"""
try:
user = User.objects.get(uniq__iexact=self.cleaned_data['uniq'])
except User.DoesNotExist:
return self.cleaned_data['uniq']
raise forms.ValidationError(_("A user with that uniq already exists."))
def clean(self):
"""
Verifiy that the values entered into the two password fields
match. Note that an error here will end up in
``non_field_errors()`` because it doesn't apply to a single
field.
"""
if 'password' in self.cleaned_data and 'password2' in self.cleaned_data:
if self.cleaned_data['password'] != self.cleaned_data['password2']:
raise forms.ValidationError(_("The two password fields didn't match."))
return self.cleaned_data
class InvitedRegisterForm(RegisterForm):
inviter = forms.CharField(widget=forms.TextInput(),
label=_('Inviter Real Name'))
def __init__(self, *args, **kwargs):
super(RegisterForm, self).__init__(*args, **kwargs)
#set readonly form fields
self.fields['uniq'].widget.attrs['readonly'] = True
self.fields['inviter'].widget.attrs['readonly'] = True
self.fields['provider'].widget.attrs['provider'] = True
class InvitedLocalRegisterForm(LocalRegisterForm, InvitedRegisterForm):
pass
class InvitedOpenidRegisterForm(OpenidRegisterForm, InvitedRegisterForm):
pass
class InvitedTwitterRegisterForm(TwitterRegisterForm, InvitedRegisterForm):
pass
class InvitedShibbolethRegisterForm(ShibbolethRegisterForm, InvitedRegisterForm):
pass
# Copyright 2011 GRNET S.A. All rights reserved.