Update authentication mechanism for the provbz-auth plugin

README.md

@@ -1,4 +1,4 @@
-SPID authentication plugin for CKAN 2.4. 
+SPID authentication plugin for CKAN 2.10. 
 
 Install
 =======
@@ -16,63 +16,34 @@ or
 Plugin configuration
 ====================
 
-production.ini configuration
+ckan.ini configuration
 ----------------------------
 
 Add ``provbz_auth`` the the ckan.plugins line
 
      ckan.plugins = [...] provbz_auth
-
-Configure external login and logout URLs:
-
-     ckanext.provbzauth.login_url = https://test-data.civis.bz.it/Shibboleth.sso/Login?target=https%3A%2F%2Ftest-data.civis.bz.it&authnContextClassRef=SPID+CNS+PROV.BZ+SIAG.IT+GVCC.NET+lang%3a{{LANG}}
-     ckanext.provbzauth.logout_url = https://test-data.civis.bz.it/Shibboleth.sso/Logout
-
-
-who.ini configuration
----------------------
-
-Add the ``plugin:provbz_auth`` section, customizing the env var names:
-
-    [plugin:provbz_auth]
-    use = ckanext.provbzauth.repoze.ident:make_identification_plugin
-
-    check_auth_key = HTTP_SHIB_ORIGINAL_AUTHENTICATION_INSTANT
-    check_auth_op = not_empty   
-    # check_auth_value=
-
-    eppn = HTTP_SHIB_IDP_UID
-    authtype = HTTP_SHIB_AUTHTYPE
-
-    pm_url = https://test-profilemanager....
-    pm_user = ...
-    pm_pw = ...
-
-
-Add ``provbz_auth`` to the list of the identifier plugins:
-
-    [identifiers]
-    plugins =
-        provbz_auth
-        friendlyform;browser
-        auth_tkt
-
-Add ``ckanext.provbzauth.repoze.auth:ProvbzAuthenticator`` to the list of the authenticator plugins:
-
-    [authenticators]
-    plugins =
-        auth_tkt
-        ckan.lib.authenticator:UsernamePasswordAuthenticator
-        ckanext.provbzauth.repoze.auth:ProvbzAuthenticator
-
-Add ``provbz_auth`` to the list of the challengers plugins:
-
-    [challengers]
-    plugins =
-        provbz_auth
-    #    friendlyform;browser
-    #   basicauth
 
+**Important note**: add the ``provbz_auth`` plugin before the ``provbz`` plugin in order the logout funtionality to be applied in both SSO and CKAN users and not only to CKAN users.
+
+This plugin was implemented using the following SSO API: https://sso.civis.bz.it/swagger/index.html
+Thus, we have to define the following variables in the ckan.ini file:
+
+
+     ## ckanext-provbz-auth
+     ckanext.provbzauth.login_url = https://sso.civis.bz.it/api/Auth/Login
+     ckanext.provbzauth.logout_url = https://sso.civis.bz.it/api/Auth/Logout
+     validateToken = https://sso.civis.bz.it/api/Auth/Validate
+     profile = https://sso.civis.bz.it/api/Auth/Profile
+     targetUrl = http://<mysite>/auth_bz
+     acceptedAuthTypes = SPID CNS PROV.BZ SIAG.IT GVCC.NET
+     serviceUID =
+     authLevel = 0
+     onlyauth = false
+     locale =-it
+     forceLogin  = false
+     returnUrl = http://<mysite>
+
+Please note that the Login service will accept redirection only from enabled/whitelisted hosts. localhost  is always enabled, so you can test your local CKAN instance without any problem.
 
 External configuration
 ----------------------

ckanext/provbzauth/plugin.py

@@ -1,28 +1,29 @@
 '''
 SPID authentication plugin for CKAN
 '''
-
-import logging
-
 import ckan.plugins as plugins
 import ckan.plugins.toolkit as toolkit
 
+import ckanext.provbzauth.views as views
+import logging
+
 # from ckan.lib.plugins import DefaultTranslation  # CKAN 2.5 only
 
 
 log = logging.getLogger(__name__)
 
 
-class ProvBzAuthPlugin(plugins.SingletonPlugin
-     # , DefaultTranslation  # CKAN 2.5 only
-    ):
+class ProvBzAuthPlugin(plugins.SingletonPlugin):
+     # DefaultTranslation  # CKAN 2.5 only
     '''
     ProvBz auth plugin for CKAN
     '''
 
-    plugins.implements(plugins.IRoutes, inherit=True)
+    # Interfaces
+    plugins.implements(plugins.IBlueprint)
     plugins.implements(plugins.IConfigurer)
-    # plugins.implements(plugins.ITranslation)  # CKAN 2.5 only
+    plugins.implements(plugins.IAuthenticator, inherit=True)
+
 
     def update_config(self, config):
         """
@@ -31,6 +32,13 @@ def update_config(self, config):
         toolkit.add_template_directory(config, 'templates')
         toolkit.add_public_directory(config, 'public')
 
+
+    # Implementation of IBlueprints
+    # ------------------------------------------------------------
+    def get_blueprint(self):
+        return views.get_blueprints()
+
+    '''
     def before_map(self, map):
         """
         Override IRoutes.before_map()
@@ -47,3 +55,4 @@ def before_map(self, map):
                     action='external_logout')
 
         return map
+    '''