Add separate script to supply any site configured OpenID 2.0 discovery information as needed by the relying party verification mechanism. Deprecate old inline module execution way to extract the same as it's ugly and fragile. Minor polish on readconfval, which was used as a template for genoiddiscovery script.

jonasbardino · jonasbardino · commit 3d08f1300900 · 2024-06-17T13:59:45.000Z
git-svn-id: svn+ssh://svn.code.sf.net/p/migrid/code/trunk@6057 b75ad72c-e7d7-11dd-a971-7dbc132099af
diff --git a/mig/server/genoiddiscovery.py b/mig/server/genoiddiscovery.py
@@ -0,0 +1,113 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# --- BEGIN_HEADER ---
+#
+# genoiddiscovery - Helper to easily generate openid discovery info xml
+# Copyright (C) 2003-2024  The MiG Project by the Science HPC Center at UCPH
+#
+# This file is part of MiG.
+#
+# MiG is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MiG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# -- END_HEADER ---
+#
+
+"""Helper to generate the discovery information for the OpenID 2.0 relying
+party verification mechanism. Please refer to the generate_openid_discovery_doc
+helper function for details.
+"""
+
+from __future__ import print_function
+from __future__ import absolute_import
+
+import getopt
+import os
+import sys
+
+from mig.shared.conf import get_configuration_object
+from mig.shared.httpsclient import generate_openid_discovery_doc
+
+
+def usage(name='genoiddiscovery.py'):
+    """Usage help"""
+
+    print("""Generate OpenID 2.0 discovery information for this site.
+Usage:
+%(name)s [OPTIONS] NAME
+Where OPTIONS may be one or more of:
+   -c CONF_FILE        Use CONF_FILE as server configuration
+   -f                  Force operations to continue past errors
+   -h                  Show this help
+   -v                  Verbose output
+""" % {'name': name})
+
+
+if '__main__' == __name__:
+    args = sys.argv[1:]
+    conf_path = None
+    force = False
+    verbose = False
+    opt_args = 'c:fhv'
+    try:
+        (opts, args) = getopt.getopt(args, opt_args)
+    except getopt.GetoptError as err:
+        print('Error: ', err.msg)
+        usage()
+        sys.exit(1)
+
+    for (opt, val) in opts:
+        if opt == '-c':
+            conf_path = val
+        elif opt == '-f':
+            force = True
+        elif opt == '-h':
+            usage()
+            sys.exit(0)
+        elif opt == '-v':
+            verbose = True
+        else:
+            print('Error: %s not supported!' % opt)
+
+    if conf_path and not os.path.isfile(conf_path):
+        print('Failed to read configuration file: %s' % conf_path)
+        sys.exit(1)
+
+    if verbose:
+        if conf_path:
+            print('using configuration in %s' % conf_path)
+        else:
+            print('using configuration from MIG_CONF (or default)')
+
+    if args:
+        print('Got unexpected non-option arguments!')
+        usage()
+        sys.exit(1)
+
+    if verbose:
+        print("""OpenID discovery information XML which may be pasted into
+state/wwwpublic/oiddiscover.xml if site uses OpenId but doesn't enable the
+SID vhost:
+""")
+    retval = 42
+    try:
+        configuration = get_configuration_object(skip_log=True)
+        print(generate_openid_discovery_doc(configuration))
+        retval = 0
+    except Exception as err:
+        print(err)
+        sys.exit(1)
+
+    sys.exit(retval)
diff --git a/mig/server/readconfval.py b/mig/server/readconfval.py
@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # readconfval - Helper to easily lookup specific configuration values
-# Copyright (C) 2003-2023  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2024  The MiG Project lead by Brian Vinter
 #
 # This file is part of MiG.
 #
@@ -29,6 +29,7 @@
 active MiGserver.conf . Used for extracting e.g. core paths in init scripts and
 other components outside the actual python code.
 """
+
 from __future__ import print_function
 from __future__ import absolute_import
 
@@ -39,7 +40,7 @@
 from mig.shared.conf import get_configuration_object
 
 
-def usage(name='chkenabled.py'):
+def usage(name='readconfval.py'):
     """Usage help"""
 
     print("""Lookup a evaluated configuration value using MiGserver.conf.
@@ -58,7 +59,6 @@ def usage(name='chkenabled.py'):
     conf_path = None
     force = False
     verbose = False
-    feature = 'UNSET'
     opt_args = 'c:fhv'
     try:
         (opts, args) = getopt.getopt(args, opt_args)
diff --git a/mig/shared/httpsclient.py b/mig/shared/httpsclient.py
@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # httpsclient - Shared functions for all HTTPS clients
-# Copyright (C) 2003-2022  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2024  The MiG Project lead by Brian Vinter
 #
 # This file is part of MiG.
 #
@@ -624,8 +624,15 @@ def generate_openid_discovery_doc(configuration):
 
 
 if __name__ == "__main__":
+    import time
     from mig.shared.conf import get_configuration_object
     conf = get_configuration_object()
+    print()
+    print("*** DEPRECATION WARNING ***")
+    print("Please use dedicated mig/server/genoiddiscovery.py instead of %s!"
+          % __file__)
+    print()
+    time.sleep(30)
     print("""OpenID discovery infomation XML which may be pasted into
 state/wwwpublic/oiddiscover.xml if site uses OpenId but doesn't enable the
 SID vhost:
