]>
jfr.im git - irc/quakenet/qwebirc.git/blob - qwebirc/authgateengine.py
1 from authgate
import twisted
as authgate
2 from twisted
.web
import resource
, server
, static
3 import config
, urlparse
, urllib
, rijndael
, ciphers
, hashlib
, re
7 class AuthgateEngine(resource
.Resource
):
10 def __init__(self
, prefix
):
11 self
.__prefix
= prefix
13 def deleteCookie(self
, request
, key
):
14 request
.addCookie(key
, "", path
="/", expires
="Sat, 29 Jun 1996 01:44:48 GMT")
16 def render_GET(self
, request
):
17 if request
.args
.get("logout"):
18 self
.deleteCookie(request
, "user")
20 a
= authgate(request
, config
.AUTHGATEDOMAIN
)
22 ticket
= a
.login_required(accepting
=lambda x
: True)
23 except a
.redirect_exception
, e
:
26 # only used for informational purposes, the backend stores this seperately
27 # so if the user changes it just their front end will be messed up!
28 request
.addCookie("user", ticket
.username
, path
="/")
30 qt
= ticket
.get("qticket")
32 getSessionData(request
)["qticket"] = decodeQTicket(qt
)
34 location
= request
.getCookie("redirect")
38 self
.deleteCookie(request
, "redirect")
39 _
, _
, path
, params
, query
, _
= urlparse
.urlparse(urllib
.unquote(location
))
40 location
= urlparse
.urlunparse(("", "", path
, params
, query
, ""))
42 request
.redirect(location
)
45 return server
.NOT_DONE_YET
47 def decodeQTicket(qticket
, p
=re
.compile("\x00*$"), cipher
=rijndael
.rijndael(hashlib
.sha256(config
.QTICKETKEY
).digest()[:16])):
50 if l
< BLOCK_SIZE
* 2 or l
% BLOCK_SIZE
!= 0:
51 raise Exception("Bad qticket.")
53 iv
, data
= data
[:16], data
[16:]
54 cbc
= ciphers
.CBC(cipher
, iv
)
56 # technically this is a flawed padding algorithm as it allows chopping at BLOCK_SIZE, we don't
57 # care about that though!
58 b
= range(0, l
-BLOCK_SIZE
, BLOCK_SIZE
)
59 for i
, v
in enumerate(b
):
60 q
= cbc
.decrypt(data
[v
:v
+BLOCK_SIZE
])
62 print repr(q
), re
.sub(p
, "", q
)
63 yield re
.sub(p
, "", q
)
67 return "".join(decrypt(qticket
))
69 def getSessionData(request
):
70 return authgate
.get_session_data(request
)
72 def login_optional(request
):
73 return authgate(request
, config
.AUTHGATEDOMAIN
).login_optional()