Projet

Général

Profil

0001-misc-disable-AuthnRequest-eo-next_url-Extensions-by-.patch

Thomas Noël, 23 novembre 2017 10:25

Télécharger (2,32 ko)

Voir les différences: 

Subject: [PATCH] misc: disable AuthnRequest eo:next_url Extensions by default
 (#20229)


 mellon/app_settings.py |  1 +
 mellon/views.py        | 17 +++++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)
mellon/app_settings.py
13 13 
        'NAME_ID_POLICY_FORMAT': None,
14 14 
        'NAME_ID_POLICY_ALLOW_CREATE': True,
15 15 
        'FORCE_AUTHN': False,
16 
        'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
16 17 
        'ADAPTER': (
17 18 
            'mellon.adapters.DefaultAdapter',
18 19 
        ),
mellon/views.py
363 363 
                authn_request.requestedAuthnContext = req_authncontext
364 364 
                req_authncontext.authnContextClassRef = authn_classref
365 365 

  		




  366
  
  
    
            authn_request.extensions = lasso.Samlp2Extensions()

  		




  367
  
  
    
            authn_request.extensions.setOriginalXmlnode(

  		




  368
  
  
    
                    '''<samlp:Extensions

  		




  369
  
  
    
                            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

  		




  370
  
  
    
                            xmlns:eo="https://www.entrouvert.com/">

  		




  371
  
  
    
                          <eo:next_url>%s</eo:next_url>

  		




  372
  
  
    
                       </samlp:Extensions>''' %

  		




  373
  
  
    
                   escape(request.build_absolute_uri(next_url or '/')))

  		




  
  366
  
    
            if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):

  		




  
  367
  
    
                authn_request.extensions = lasso.Samlp2Extensions()

  		




  
  368
  
    
                authn_request.extensions.setOriginalXmlnode(

  		




  
  369
  
    
                        '''<samlp:Extensions

  		




  
  370
  
    
                                xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

  		




  
  371
  
    
                                xmlns:eo="https://www.entrouvert.com/">

  		




  
  372
  
    
                              <eo:next_url>%s</eo:next_url>

  		




  
  373
  
    
                           </samlp:Extensions>''' %

  		




  
  374
  
    
                       escape(request.build_absolute_uri(next_url or '/')))

  		




  374
  375
  
    
            self.set_next_url(next_url)

  		




  375
  376
  
    
            login.buildAuthnRequestMsg()

  		




  376
  377
  
    
        except lasso.Error, e:

  		




  377
  
  
    
-