0001-Model-Data-migrations-of-LibertyServiceProvider-to-L.patch
src/authentic2/idp/saml/backend.py | ||
---|---|---|
19 | 19 |
self.logger = logging.getLogger(__name__) |
20 | 20 | |
21 | 21 |
def service_list(self, request): |
22 |
q = models.LibertyServiceProvider.objects.filter(enabled = True) \
|
|
22 |
q = models.LibertyProvider.objects.filter(enabled = True) \ |
|
23 | 23 |
.select_related() |
24 | 24 |
ls = [] |
25 | 25 |
sessions = models.LibertySession.objects.filter( |
... | ... | |
36 | 36 |
sp_options_policy__idp_initiated_sso=True)) |
37 | 37 |
queries.append(q.filter(sp_options_policy__enabled=True, |
38 | 38 |
sp_options_policy__accept_slo=True, |
39 |
liberty_provider__entity_id__in=sessions_eids))
|
|
39 |
entity_id__in=sessions_eids)) |
|
40 | 40 |
if default_policy and default_policy.idp_initiated_sso: |
41 | 41 |
queries.append(q.filter(sp_options_policy__isnull=True)) |
42 | 42 |
if default_policy and default_policy.accept_slo: |
43 | 43 |
queries.append(q.filter(sp_options_policy__isnull=True, |
44 |
liberty_provider__entity_id__in=sessions_eids))
|
|
44 |
entity_id__in=sessions_eids)) |
|
45 | 45 |
qs = reduce(operator.__or__, queries) |
46 |
for service_provider in qs: |
|
47 |
liberty_provider = service_provider.liberty_provider |
|
46 |
for liberty_provider in qs: |
|
48 | 47 |
policy = common.get_sp_options_policy(liberty_provider) |
49 | 48 |
if policy: |
50 | 49 |
actions = [] |
... | ... | |
134 | 133 |
'url': url, |
135 | 134 |
} |
136 | 135 |
qs = models.LibertyProvider.objects |
137 |
qs = qs.filter(service_provider__users_can_manage_federations=True)
|
|
138 |
qs = qs.exclude(service_provider__libertyfederation__in=federations)
|
|
136 |
qs = qs.filter(users_can_manage_federations=True) |
|
137 |
qs = qs.exclude(libertyfederation__in=federations) |
|
139 | 138 |
qs = qs.select_related() |
140 | 139 |
for liberty_provider in qs: |
141 | 140 |
url = reverse('a2-idp-saml2-idp-sso') |
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
48 | 48 |
LibertySession, LibertyFederation, |
49 | 49 |
nameid2kwargs, saml2_urn_to_nidformat, |
50 | 50 |
nidformat_to_saml2_urn, save_key_values, get_and_delete_key_values, |
51 |
LibertyProvider, LibertyServiceProvider, SAMLAttribute, NAME_ID_FORMATS)
|
|
51 |
LibertyProvider, SAMLAttribute, NAME_ID_FORMATS) |
|
52 | 52 |
from authentic2.saml.common import redirect_next, asynchronous_bindings, \ |
53 | 53 |
soap_bindings, load_provider, get_saml2_request_message, \ |
54 | 54 |
error_page, set_saml2_response_responder_status_code, \ |
... | ... | |
381 | 381 |
kwargs['name_id_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
382 | 382 |
if kwargs.get('name_id_sp_name_qualifier') == login.remoteProviderId: |
383 | 383 |
kwargs['name_id_sp_name_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
384 |
service_provider = LibertyServiceProvider.objects \
|
|
385 |
.get(liberty_provider__entity_id=login.remoteProviderId)
|
|
384 |
service_provider = LibertyProvider.objects \ |
|
385 |
.get(entity_id=login.remoteProviderId) |
|
386 | 386 |
federation, new = LibertyFederation.objects.get_or_create( |
387 | 387 |
sp=service_provider, |
388 | 388 |
user=request.user, **kwargs) |
... | ... | |
774 | 774 |
try: |
775 | 775 |
LibertyFederation.objects.get( |
776 | 776 |
user=request.user, |
777 |
sp__liberty_provider__entity_id=login.remoteProviderId)
|
|
777 |
sp__entity_id=login.remoteProviderId) |
|
778 | 778 |
logger.debug('consent already ' |
779 | 779 |
'given (existing federation) for %s' % login.remoteProviderId) |
780 | 780 |
consent_obtained = True |
src/authentic2/saml/admin.py | ||
---|---|---|
13 | 13 |
except ImportError: |
14 | 14 |
from django.contrib.contenttypes.generic import GenericTabularInline |
15 | 15 | |
16 |
from authentic2.saml.models import (LibertyProvider, LibertyServiceProvider,
|
|
17 |
SPOptionsIdPPolicy, LibertyFederation,
|
|
18 |
KeyValue, LibertySession, SAMLAttribute)
|
|
16 |
from authentic2.saml.models import (LibertyProvider, SPOptionsIdPPolicy,
|
|
17 |
LibertyFederation, KeyValue,
|
|
18 |
LibertySession, SAMLAttribute) |
|
19 | 19 | |
20 | 20 |
from authentic2.decorators import to_iter |
21 | 21 |
from authentic2.attributes_ng.engine import get_attribute_names |
... | ... | |
24 | 24 | |
25 | 25 |
logger = logging.getLogger(__name__) |
26 | 26 | |
27 |
class LibertyServiceProviderInline(admin.StackedInline): |
|
28 |
model = LibertyServiceProvider |
|
29 | 27 | |
30 | 28 |
class TextAndFileWidget(forms.widgets.MultiWidget): |
31 | 29 |
def __init__(self, attrs=None): |
... | ... | |
145 | 143 |
readonly_fields = ('entity_id','protocol_conformance','entity_id_sha1','federation_source') |
146 | 144 |
fieldsets = ( |
147 | 145 |
(None, { |
148 |
'fields' : ('name', 'slug', 'ou', 'entity_id', 'entity_id_sha1','federation_source') |
|
146 |
'fields' : ('name', 'slug', 'ou', 'entity_id', 'entity_id_sha1','federation_source', 'enabled', )
|
|
149 | 147 |
}), |
150 | 148 |
(_('Metadata files'), { |
151 | 149 |
'fields': ('metadata_url', 'metadata', 'public_key', 'ssl_certificate', 'ca_cert_chain') |
152 | 150 |
}), |
151 |
(_('Policy'), { |
|
152 |
'fields': ('enable_following_sp_options_policy', 'sp_options_policy', |
|
153 |
'users_can_manage_federations') |
|
154 |
}), |
|
153 | 155 |
) |
154 | 156 |
inlines = [ |
155 |
LibertyServiceProviderInline, |
|
156 | 157 |
SAMLAttributeInlineAdmin, |
157 | 158 |
] |
158 | 159 |
actions = [ update_metadata ] |
159 | 160 |
prepopulated_fields = {'slug': ('name',)} |
160 | 161 |
list_filter = ( |
161 |
'service_provider__sp_options_policy',
|
|
162 |
'service_provider__enabled',
|
|
162 |
'sp_options_policy', |
|
163 |
'enabled', |
|
163 | 164 |
) |
164 | 165 | |
165 | 166 |
def get_urls(self): |
src/authentic2/saml/common.py | ||
---|---|---|
15 | 15 |
from django.core.exceptions import ValidationError |
16 | 16 | |
17 | 17 |
from authentic2.saml.models import (LibertyFederation, LibertyProvider, |
18 |
LibertyServiceProvider, SPOptionsIdPPolicy)
|
|
18 |
SPOptionsIdPPolicy) |
|
19 | 19 |
from authentic2.saml import models |
20 | 20 |
from authentic2.saml import saml2utils |
21 | 21 | |
... | ... | |
338 | 338 |
return None |
339 | 339 |
p.save() |
340 | 340 |
logger.debug('%s saved', p) |
341 |
s = LibertyServiceProvider(liberty_provider=p, enabled=True) |
|
342 |
s.save() |
|
343 | 341 |
return p |
344 | 342 | |
345 | 343 | |
... | ... | |
368 | 366 |
return False |
369 | 367 |
else: |
370 | 368 |
return False |
371 |
try: |
|
372 |
service_provider = liberty_provider.service_provider |
|
373 |
except LibertyServiceProvider.DoesNotExist: |
|
374 |
return False |
|
375 |
if not service_provider.enabled: |
|
369 |
|
|
370 |
if not liberty_provider.enabled: |
|
376 | 371 |
return False |
377 | 372 |
if server: |
378 | 373 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, |
... | ... | |
566 | 561 |
policy = get_sp_options_policy_all() |
567 | 562 |
if policy: |
568 | 563 |
return policy |
569 |
if provider.service_provider.enable_following_sp_options_policy:
|
|
570 |
policy = provider.service_provider.sp_options_policy
|
|
564 |
if provider.enable_following_sp_options_policy: |
|
565 |
policy = provider.sp_options_policy |
|
571 | 566 |
if policy and policy.enabled: |
572 |
return provider.service_provider.sp_options_policy
|
|
567 |
return provider.sp_options_policy |
|
573 | 568 |
return get_sp_options_policy_default() |
574 | 569 | |
575 | 570 |
src/authentic2/saml/forms.py | ||
---|---|---|
6 | 6 |
from django.core.exceptions import ValidationError |
7 | 7 |
from django.utils.translation import ugettext_lazy as _ |
8 | 8 | |
9 |
from .models import LibertyProvider, LibertyServiceProvider
|
|
9 |
from .models import LibertyProvider |
|
10 | 10 | |
11 | 11 |
from authentic2.a2_rbac.utils import get_default_ou |
12 | 12 | |
... | ... | |
26 | 26 |
url = cleaned_data.get('url') |
27 | 27 |
ou = cleaned_data.get('ou') |
28 | 28 |
self.instance = None |
29 |
self.childs = [] |
|
30 | 29 |
if name and slug and url: |
31 | 30 |
try: |
32 | 31 |
content = urllib2.urlopen(url).read().decode('utf-8') |
... | ... | |
40 | 39 |
slug=slug, metadata=content, metadata_url=url, ou=ou) |
41 | 40 |
liberty_provider.full_clean(exclude= |
42 | 41 |
('entity_id', 'protocol_conformance')) |
43 |
self.childs.append(LibertyServiceProvider( |
|
44 |
liberty_provider=liberty_provider, |
|
45 |
enabled=True)) |
|
46 | 42 |
except ValidationError, e: |
47 | 43 |
raise |
48 | 44 |
except Exception, e: |
... | ... | |
51 | 47 |
return cleaned_data |
52 | 48 | |
53 | 49 |
def save(self): |
54 |
if not self.instance is None: |
|
55 |
self.instance.save() |
|
56 |
for child in self.childs: |
|
57 |
child.liberty_provider = self.instance |
|
58 |
child.save() |
|
50 |
self.instance.save() |
|
59 | 51 |
return self.instance |
src/authentic2/saml/management/commands/sync-metadata.py | ||
---|---|---|
186 | 186 |
provider.save() |
187 | 187 |
options['count'] = options.get('count', 0) + 1 |
188 | 188 |
if sp: |
189 |
service_provider, created = LibertyServiceProvider.objects.get_or_create(
|
|
190 |
liberty_provider=provider, defaults={'enabled': not options['create-disabled']})
|
|
189 |
provider.enabled = options['create-disabled']
|
|
190 |
provider.save()
|
|
191 | 191 |
if sp_policy: |
192 |
service_provider.sp_options_policy = sp_policy
|
|
193 |
service_provider.save()
|
|
192 |
provider.sp_options_policy = sp_policy |
|
193 |
provider.save()
|
|
194 | 194 |
pks = [] |
195 | 195 |
if options['load_attribute_consuming_service']: |
196 | 196 |
load_acs(tree, provider, pks, verbosity) |
... | ... | |
221 | 221 | |
222 | 222 | |
223 | 223 |
class Command(BaseCommand): |
224 |
'''Load SAMLv2 metadata file into the LibertyProvider, LibertyServiceProvider
|
|
224 |
'''Load SAMLv2 metadata file into the LibertyProvider, |
|
225 | 225 |
and LibertyIdentityProvider files''' |
226 | 226 |
can_import_django_settings = True |
227 | 227 |
output_transaction = True |
src/authentic2/saml/migrations/0017_auto_20151208_1537.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 |
import django.db.models.deletion |
|
6 | ||
7 | ||
8 |
class Migration(migrations.Migration): |
|
9 | ||
10 |
dependencies = [ |
|
11 |
('saml', '0016_auto_20150915_2041'), |
|
12 |
] |
|
13 | ||
14 |
operations = [ |
|
15 |
migrations.AddField( |
|
16 |
model_name='libertyprovider', |
|
17 |
name='enable_following_sp_options_policy', |
|
18 |
field=models.BooleanField(default=False, verbose_name='The following options policy will apply except if a policy for all service provider is defined.'), |
|
19 |
preserve_default=True, |
|
20 |
), |
|
21 |
migrations.AddField( |
|
22 |
model_name='libertyprovider', |
|
23 |
name='enabled', |
|
24 |
field=models.BooleanField(default=False, db_index=True, verbose_name='Enabled'), |
|
25 |
preserve_default=True, |
|
26 |
), |
|
27 |
migrations.AddField( |
|
28 |
model_name='libertyprovider', |
|
29 |
name='sp_options_policy', |
|
30 |
field=models.ForeignKey(related_name='sp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
31 |
preserve_default=True, |
|
32 |
), |
|
33 |
migrations.AddField( |
|
34 |
model_name='libertyprovider', |
|
35 |
name='users_can_manage_federations', |
|
36 |
field=models.BooleanField(default=True, db_index=True, verbose_name='users can manage federation'), |
|
37 |
preserve_default=True, |
|
38 |
), |
|
39 |
migrations.AlterField( |
|
40 |
model_name='libertyserviceprovider', |
|
41 |
name='sp_options_policy', |
|
42 |
field=models.ForeignKey(related_name='old_isp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
43 |
preserve_default=True, |
|
44 |
), |
|
45 |
] |
src/authentic2/saml/migrations/0018_auto_20151208_1542.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 | ||
6 |
def noop(apps, schema_editor): |
|
7 |
pass |
|
8 | ||
9 |
def liberty_service_provider_data_to_liberty_provider(apps, schema_editor): |
|
10 |
LibertyProvider = apps.get_model('saml','LibertyProvider') |
|
11 |
LibertyServiceProvider = apps.get_model('saml','LibertyServiceProvider') |
|
12 | ||
13 |
for lsp in LibertyServiceProvider.objects.all(): |
|
14 |
lp = lsp.liberty_provider |
|
15 | ||
16 |
lp.enabled = lsp.enabled |
|
17 |
lp.enable_following_sp_options_policy = lsp.enable_following_sp_options_policy |
|
18 |
lp.sp_options_policy = lsp.sp_options_policy |
|
19 |
lp.users_can_manage_federations = lsp.users_can_manage_federations |
|
20 |
lp.save() |
|
21 | ||
22 | ||
23 |
class Migration(migrations.Migration): |
|
24 | ||
25 |
dependencies = [ |
|
26 |
('saml', '0017_auto_20151208_1537'), |
|
27 |
] |
|
28 | ||
29 |
operations = [ |
|
30 |
migrations.RunPython(liberty_service_provider_data_to_liberty_provider), |
|
31 |
migrations.RunPython(noop) |
|
32 |
] |
src/authentic2/saml/migrations/0019_libertyfederation_nsp.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 | ||
6 | ||
7 |
class Migration(migrations.Migration): |
|
8 | ||
9 |
dependencies = [ |
|
10 |
('saml', '0018_auto_20151208_1542'), |
|
11 |
] |
|
12 | ||
13 |
operations = [ |
|
14 |
migrations.AddField( |
|
15 |
model_name='libertyfederation', |
|
16 |
name='nsp', |
|
17 |
field=models.ForeignKey(blank=True, to='saml.LibertyProvider', null=True), |
|
18 |
preserve_default=True, |
|
19 |
), |
|
20 |
] |
src/authentic2/saml/migrations/0020_auto_20151221_1108.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 | ||
6 |
def noop(apps, schema_editor): |
|
7 |
pass |
|
8 | ||
9 |
def liberty_federation_sp_to_nsp(apps, schema_editor): |
|
10 |
LibertyFederation = apps.get_model('saml','LibertyFederation') |
|
11 |
LibertyProvider = apps.get_model('saml','LibertyProvider') |
|
12 |
for liberty_federation in LibertyFederation.objects.all(): |
|
13 |
liberty_provider = LibertyProvider.objects.get(pk=liberty_federation.sp.pk) |
|
14 |
liberty_federation.nsp = liberty_provider |
|
15 |
liberty_federation.save() |
|
16 | ||
17 | ||
18 |
class Migration(migrations.Migration): |
|
19 | ||
20 |
dependencies = [ |
|
21 |
('saml', '0019_libertyfederation_nsp'), |
|
22 |
] |
|
23 | ||
24 |
operations = [ |
|
25 |
migrations.RunPython(liberty_federation_sp_to_nsp), |
|
26 |
migrations.RunPython(noop) |
|
27 |
] |
src/authentic2/saml/migrations/0021_auto_20151221_1149.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 | ||
6 | ||
7 |
class Migration(migrations.Migration): |
|
8 | ||
9 |
dependencies = [ |
|
10 |
('saml', '0020_auto_20151221_1108'), |
|
11 |
] |
|
12 | ||
13 |
operations = [ |
|
14 |
migrations.RemoveField( |
|
15 |
model_name='libertyserviceprovider', |
|
16 |
name='liberty_provider', |
|
17 |
), |
|
18 |
migrations.RemoveField( |
|
19 |
model_name='libertyserviceprovider', |
|
20 |
name='sp_options_policy', |
|
21 |
), |
|
22 |
migrations.RemoveField( |
|
23 |
model_name='libertyfederation', |
|
24 |
name='nsp', |
|
25 |
), |
|
26 |
migrations.AlterField( |
|
27 |
model_name='libertyfederation', |
|
28 |
name='sp', |
|
29 |
field=models.ForeignKey(blank=True, to='saml.LibertyProvider', null=True), |
|
30 |
preserve_default=True, |
|
31 |
), |
|
32 |
migrations.DeleteModel( |
|
33 |
name='LibertyServiceProvider', |
|
34 |
), |
|
35 |
] |
src/authentic2/saml/models.py | ||
---|---|---|
319 | 319 |
ssl_certificate = models.TextField(blank=True) |
320 | 320 |
ca_cert_chain = models.TextField(blank=True) |
321 | 321 |
federation_source = models.CharField(max_length=64, blank=True, null=True) |
322 |
enabled = models.BooleanField(verbose_name = _('Enabled'), |
|
323 |
default=False, db_index=True) |
|
324 |
enable_following_sp_options_policy = models.BooleanField(verbose_name = \ |
|
325 |
_('The following options policy will apply except if a policy for all service provider is defined.'), |
|
326 |
default=False) |
|
327 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
|
328 |
related_name="sp_options_policy", |
|
329 |
verbose_name=_('service provider options policy'), blank=True, |
|
330 |
null=True, |
|
331 |
on_delete=models.SET_NULL) |
|
332 |
users_can_manage_federations = models.BooleanField( |
|
333 |
verbose_name=_('users can manage federation'), |
|
334 |
default=True, |
|
335 |
blank=True, |
|
336 |
db_index=True) |
|
322 | 337 | |
323 | 338 |
attributes = GenericRelation(SAMLAttribute) |
324 | 339 | |
... | ... | |
379 | 394 |
except ObjectDoesNotExist: |
380 | 395 |
raise RuntimeError('Default %s is missing' % model) |
381 | 396 | |
382 |
# TODO: The IdP must look to the preferred binding order for sso in the SP metadata (AssertionConsumerService) |
|
383 |
# expect if the protocol for response is defined in the request (ProtocolBinding attribute) |
|
384 |
class LibertyServiceProvider(models.Model): |
|
385 |
liberty_provider = models.OneToOneField(LibertyProvider, |
|
386 |
primary_key = True, related_name = 'service_provider') |
|
387 |
enabled = models.BooleanField(verbose_name = _('Enabled'), |
|
388 |
default=False, db_index=True) |
|
389 |
enable_following_sp_options_policy = models.BooleanField(verbose_name = \ |
|
390 |
_('The following options policy will apply except if a policy for all service provider is defined.'), |
|
391 |
default=False) |
|
392 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
|
393 |
related_name="sp_options_policy", |
|
394 |
verbose_name=_('service provider options policy'), blank=True, |
|
395 |
null=True, |
|
396 |
on_delete=models.SET_NULL) |
|
397 |
users_can_manage_federations = models.BooleanField( |
|
398 |
verbose_name=_('users can manage federation'), |
|
399 |
default=True, |
|
400 |
blank=True, |
|
401 |
db_index=True) |
|
402 | ||
403 |
objects = managers.GetByLibertyProviderManager() |
|
404 | ||
405 |
def natural_key(self): |
|
406 |
return (self.liberty_provider.slug,) |
|
407 | ||
408 |
def __unicode__(self): |
|
409 |
return unicode(self.liberty_provider) |
|
410 | ||
411 |
class Meta: |
|
412 |
verbose_name = _('SAML service provider') |
|
413 |
verbose_name_plural = _('SAML service providers') |
|
414 | ||
415 | 397 | |
416 | 398 |
LIBERTY_SESSION_DUMP_KIND_SP = 0 |
417 | 399 |
LIBERTY_SESSION_DUMP_KIND_IDP = 1 |
... | ... | |
462 | 444 |
it IdP or SP""" |
463 | 445 |
user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, blank=True, |
464 | 446 |
on_delete=models.SET_NULL) |
465 |
sp = models.ForeignKey('LibertyServiceProvider', null=True, blank=True)
|
|
447 |
sp = models.ForeignKey('LibertyProvider', null=True, blank=True) |
|
466 | 448 |
name_id_format = models.CharField(max_length = 100, |
467 | 449 |
verbose_name = "NameIDFormat", blank=True, null=True) |
468 | 450 |
name_id_content = models.CharField(max_length = 100, |
tests/test_idp_saml2.py | ||
---|---|---|
99 | 99 |
metadata=sp_meta) |
100 | 100 |
self.liberty_provider.clean() |
101 | 101 |
self.liberty_provider.save() |
102 |
self.liberty_service_provider = saml_models.LibertyServiceProvider \ |
|
103 |
.objects.create( |
|
104 |
liberty_provider=self.liberty_provider, |
|
105 |
enabled=True) |
|
106 | 102 |
self.default_sp_options_idp_policy = saml_models.SPOptionsIdPPolicy \ |
107 | 103 |
.objects.create( |
108 | 104 |
name='Default', |
109 |
- |