Source code for spresso.model.authentication.session
from urllib.parse import quote
from spresso.controller.grant.authentication.config.relying_party import \
RelyingParty
from spresso.model.authentication.tag import Tag
from spresso.model.base import Composition, SettingsMixin, User
from spresso.utils.base import create_nonce, get_url, to_b64
[docs]class Session(SettingsMixin):
"""
Session object, used by the Relying Party. Validates input parameters.
Processes the Tag and generates the login URL.
"""
def __init__(self, user, idp_info, **kwargs):
super(Session, self).__init__(**kwargs)
self.user = user
self.idp_info = idp_info
self.rp_nonce = create_nonce(32)
self.token = create_nonce(32)
self.ia_key = create_nonce(32)
self.tag_key = create_nonce(32)
self.tag_iv = create_nonce(12)
[docs] def validate(self):
"""
Validate the user, the settings and the Well Known info.
"""
self._validate_user()
self._validate_settings()
self._validate_well_known_info()
def _validate_user(self):
if not isinstance(self.user, User) or not self.user.is_valid:
raise ValueError(
"'user' must be of type {0}".format(User.__name__)
)
def _validate_settings(self):
if not isinstance(self.settings, RelyingParty):
raise ValueError(
"'config' must be of type {0}".format(
RelyingParty.__name__
)
)
self.idp_endpoints = self.settings.endpoints_ext.select(
self.user.netloc
)
self.schema = self.settings.json_schemata.get("info").schema
self.scheme = self.settings.scheme
self.rp_origin = get_url(
self.settings.scheme,
self.settings.domain
)
forward = self.settings.fwd_selector.select(self.user.netloc)
self.padding = forward.padding
self.forwarder_domain = forward.domain
def _validate_well_known_info(self):
request_json = Composition()
request_json.from_json(self.idp_info)
self.schema.validate(request_json)
idp_wk = Composition(
public_key=request_json[self.schema.public_key]
)
self.idp_wk = idp_wk
[docs] def get_login_url(self):
"""
Create, encrypt and serialize the Tag. Generate a Login
URL using all information necessary for the login flow.
Returns:
str: The login URL.
"""
tag = self._create_tag()
tag_enc = tag.encrypt(self.padding)
ld_path = self._create_ld_path()
self.tag_enc_json = tag_enc.to_json()
email = self.user.email
ia_key = to_b64(self.ia_key)
login_url = "{}#{}&{}&{}&{}".format(
ld_path,
quote(self.tag_enc_json),
quote(email),
quote(ia_key),
self.forwarder_domain
)
return login_url
def _create_tag(self):
tag = Tag(
rp_origin=self.rp_origin,
rp_nonce=self.rp_nonce,
key=self.tag_key,
iv=self.tag_iv
)
return tag
def _create_ld_path(self):
email_netloc = self.user.netloc
ld_path = get_url(
self.scheme,
email_netloc,
self.idp_endpoints.get("login").path
)
return ld_path