Projet

Général

Profil

0001-remove-lookup_user-from-Saml2Directory-8627.patch

Thomas Noël, 28 mars 2017 14:57

Télécharger (4,56 ko)

Voir les différences: 

Subject: [PATCH] remove lookup_user from Saml2Directory (#8627)

it's now in w.c.s.

 extra/modules/saml2.py | 68 ++++++++------------------------------------------
 1 file changed, 11 insertions(+), 57 deletions(-)
extra/modules/saml2.py
3 3 
except ImportError:
4 4 
    pass
5 5 

  		




  6
  
  
    
from quixote import get_publisher

  		




  7
  
  
    

  		




  8
  
  
    
from wcs.roles import Role

  		




  9
  
  
    

  		




  10
  6
  
    
from qommon import get_cfg, get_logger

  		




  11
  7
  
    
import qommon.saml2

  		




  12
  8
  
    

  		




  ......




  15
  11
  
    
    def extract_attributes(self, session, login):

  		




  16
  12
  
    
        '''Separate attributes as two dictionaries: one for last value, one for

  		




  17
  13
  
    
           the list of values.'''

  		




  
  14
  
    
        d = {}

  		




  
  15
  
    
        m = {}

  		




  
  16
  
    

  		




  18
  17
  
    
        lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)

  		




  19
  18
  
    
        try:

  		




  20
  19
  
    
            assertion = lasso_session.getAssertions(None)[0]

  		




  21
  20
  
    
        except:

  		




  22
  21
  
    
            get_logger().warn('failed to lookup assertion')

  		




  23
  
  
    
            return user

  		




  
  22
  
    
            return d, m

  		




  24
  23
  
    

  		




  25
  
  
    
        d = {}

  		




  26
  
  
    
        m = {}

  		




  27
  24
  
    
        try:

  		




  28
  25
  
    
            for attribute in assertion.attributeStatement[0].attribute:

  		




  29
  26
  
    
                try:

  		




  ......




  37
  34
  
    
            pass

  		




  38
  35
  
    
        return d, m

  		




  39
  36
  
    

  		




  
  37
  
    
    def fill_user_attributes(self, session, login, user):

  		




  
  38
  
    
        qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user)

  		




  
  39
  
    

  		




  
  40
  
    
        idp = qommon.saml2.get_remote_provider_cfg(login)

  		




  
  41
  
    
        if not idp.get('attribute-mapping'):

  		




  
  42
  
    
            self.legacy_fill_user_attributes(session, login, user)

  		




  
  43
  
    

  		




  40
  44
  
    
    def legacy_fill_user_attributes(self, session, login, user):

  		




  41
  45
  
    
        '''Fill fields using a legacy attribute to field varname mapping'''

  		




  42
  46
  
    
        d, m = self.extract_attributes(session, login)

  		




  ......




  83
  87
  
    
            for field in user.get_formdef().fields:

  		




  84
  88
  
    
                if field.varname in field_varnames:

  		




  85
  89
  
    
                    user.form_data[field.id] = d.get(attribute_key)

  		




  86
  
  
    

  		




  87
  
  
    
    def lookup_user(self, session, login = None, name_id = None):

  		




  88
  
  
    
        user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id)

  		




  89
  
  
    

  		




  90
  
  
    
        if not user:

  		




  91
  
  
    
            user = get_publisher().user_class()

  		




  92
  
  
    
            # already done by parent.lookup_user() for existing users

  		




  93
  
  
    
            self.fill_user_attributes(session, login, user)

  		




  94
  
  
    

  		




  95
  
  
    
        # apply legacy mapping when not configured

  		




  96
  
  
    
        idp = qommon.saml2.get_remote_provider_cfg(login)

  		




  97
  
  
    
        if not idp.get('attribute-mapping'):

  		




  98
  
  
    
            self.legacy_fill_user_attributes(session, login, user)

  		




  99
  
  
    

  		




  100
  
  
    
        if user.form_data:

  		




  101
  
  
    
            user.set_attributes_from_formdata(user.form_data)

  		




  102
  
  
    

  		




  103
  
  
    
        if not (user.name and user.email):

  		




  104
  
  
    
            # we didn't get useful attributes, forget it.

  		




  105
  
  
    
            get_logger().warn('failed to get useful attributes from the assertion')

  		




  106
  
  
    
            return None

  		




  107
  
  
    

  		




  108
  
  
    
        if not login.nameIdentifier.content in user.name_identifiers:

  		




  109
  
  
    
            user.name_identifiers.append(login.nameIdentifier.content)

  		




  110
  
  
    

  		




  111
  
  
    
        if login and login.identity:

  		




  112
  
  
    
            user.lasso_dump = login.identity.dump()

  		




  113
  
  
    

  		




  114
  
  
    
        lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)

  		




  115
  
  
    
        assertion = lasso_session.getAssertions(None)[0]

  		




  116
  
  
    
        for attribute in assertion.attributeStatement[0].attribute:

  		




  117
  
  
    
            if attribute.name == 'verified_attributes':

  		




  118
  
  
    
                verified_attributes = [x.any[0].content for x in attribute.attributeValue]

  		




  119
  
  
    
                if verified_attributes:

  		




  120
  
  
    
                    # XXX: if there are any verified attributes we consider

  		




  121
  
  
    
                    # first and last names are also verified.  This is to work

  		




  122
  
  
    
                    # around the fact that those attributes are handled

  		




  123
  
  
    
                    # differently in authentic and cannot be marked as

  		




  124
  
  
    
                    # verified.

  		




  125
  
  
    
                    verified_attributes.extend(['first_name', 'last_name'])

  		




  126
  
  
    
                verified_fields = []

  		




  127
  
  
    
                if user.get_formdef() and user.get_formdef().fields:

  		




  128
  
  
    
                    for field in user.get_formdef().fields:

  		




  129
  
  
    
                        if field.varname in verified_attributes:

  		




  130
  
  
    
                            verified_fields.append(field.id)

  		




  131
  
  
    
                user.verified_fields = verified_fields

  		




  132
  
  
    
                break

  		




  133
  
  
    

  		




  134
  
  
    
        user.store()

  		




  135
  
  
    
        return user

  		




  136
  
  
    
-