__init__.py 2.12 KB
Newer Older
1
# copyright 2019-2022 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
Aurelien Lubert's avatar
Aurelien Lubert committed
2
3
4
5
6
7
8
9
10
11
12
13
# contact http://www.logilab.fr -- mailto:contact@logilab.fr
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
14
15
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
Aurelien Lubert's avatar
Aurelien Lubert committed
16

17
18
19
20
import logging

logger = logging.getLogger(__name__)

21
22
23
24
25
26
27
28
29
30
31

def includeme(config):
    """ Activate the SAML authenticate cube
    """
    from cubicweb_saml.pconfig import SAMLAuthenticationPolicy

    if config.registry.get('cubicweb.authpolicy') is None:
        raise ValueError("saml: the default cubicweb auth policy should be "
                         "available via the 'cubicweb.authpolicy' registry "
                         "config entry")

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
    cubicweb_sources = config.registry['cubicweb.config'].read_sources_file()

    if 'saml' not in cubicweb_sources:
        logger.warning(
            "saml: 'saml' section is missing in cubicweb sources file")

    elif 'saml-metadata-uri' not in cubicweb_sources['saml']:
        logger.warning(
            "saml: 'saml-metadata-uri' option is missing")

    elif not cubicweb_sources['saml']['saml-metadata-uri']:
        logger.warning(
            "saml: 'saml-metadata-uri' option is empty")

    else:
        settings = config.get_settings()
48

49
        policy = SAMLAuthenticationPolicy(
50
51
52
            settings.get('cubicweb.auth.authtkt.session.secret'),
            settings.get('cubicweb.auth.authtkt.persistent.secret',
                         'notsosecret'))
53

54
        config.registry['cubicweb.authpolicy']._policies.append(policy)
55

56
57
        config.add_route('saml', '/saml')
        config.scan('cubicweb_saml.pconfig')