0002-misc-add-support-for-request-based-enable-conditions.patch

Serghei Mihai (congés, retour 15/05), 01 février 2019 16:43

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/2] misc: add support for request based enable conditions on
 authentication frontends (#28215)

 src/authentic2/app_settings.py                |  1 +
 .../auth2_auth/auth2_ssl/app_settings.py      |  1 +
 .../auth2_auth/auth2_ssl/frontends.py         |  9 ++++---
 src/authentic2/auth_frontends.py              | 25 ++++++++++++++++---
 src/authentic2/registration_backend/views.py  |  2 +-
 src/authentic2/utils.py                       |  4 +--
 src/authentic2/views.py                       |  8 +++---
 src/authentic2_auth_oidc/app_settings.py      |  4 +++
 src/authentic2_auth_oidc/auth_frontends.py    | 11 +++++---
 src/authentic2_auth_saml/app_settings.py      |  1 -
 src/authentic2_auth_saml/auth_frontends.py    |  9 ++++---
 tests/test_login.py                           | 20 ++++++++++++++-
 12 files changed, 74 insertions(+), 21 deletions(-)

src/authentic2/app_settings.py
157	157	definition='path of a class to validate passwords'),
158	158	A2_PASSWORD_POLICY_SHOW_LAST_CHAR=Setting(default=False, definition='Show last character in password fields'),
159	159	A2_AUTH_PASSWORD_ENABLE=Setting(default=True, definition='Activate login/password authentication', names=('AUTH_PASSWORD',)),
	160	A2_AUTH_PASSWORD_ENABLE_CONDITION=Setting(default=None, definition='Filters', names=('FRONTEND ENABLE CONDITION',)),
160	161	A2_LOGIN_FAILURE_COUNT_BEFORE_WARNING=Setting(default=0,
161	162	definition='Failure count before logging a warning to '
162	163	'authentic2.user_login_failure. No warning will be send if value is '

src/authentic2/auth2_auth/auth2_ssl/app_settings.py
16	16	CREATE_USERNAME_CALLBACK=None,
17	17	USE_COOKIE=False,
18	18	CREATE_USER=False,
	19	ENABLE_CONDITION=None
19	20	)
20	21
21	22	def __init__(self, prefix):

     from . import views, app_settings
     from authentic2.utils import redirect_to_login
     from authentic2.auth_frontends import BaseFrontend
     class SSLFrontend(object):
         def enabled(self):
             return app_settings.ENABLE
     class SSLFrontend(BaseFrontend):
         def enabled(self, request=None):
             if app_settings.ENABLE:
                 return self.eval_enable_condition(app_settings.ENABLE_CONDITION, request)
             return False
         def id(self):
             return 'ssl'

     import logging
     from django.shortcuts import render
     from django.utils.translation import ugettext as _, ugettext_lazy
     from . import views, app_settings, utils, constants, forms
     class LoginPasswordBackend(object):
     class BaseFrontend(object):
         def eval_enable_condition(self, condition, request, **kwargs):
             if condition:
                 try:
                     context = {'request': request}
                     if kwargs:
                         context.update(kwargs)
                     return eval(condition, context)
                 except Exception, e:
                     logging.getLogger(__name__).warning('filter expression error: %r' % e)
                     return False
             return True
     class LoginPasswordBackend(BaseFrontend):
         submit_name = 'login-password-submit'
         def enabled(self):
             return app_settings.A2_AUTH_PASSWORD_ENABLE
         def enabled(self, request=None):
             if app_settings.A2_AUTH_PASSWORD_ENABLE:
                 return self.eval_enable_condition(app_settings.A2_AUTH_PASSWORD_ENABLE_CONDITION, request)
             return False
         def name(self):
             return ugettext_lazy('Password')

             parameters = {'request': self.request,
                           'context': context}
             blocks = [utils.get_backend_method(backend, 'registration', parameters)
                       for backend in utils.get_backends('AUTH_FRONTENDS')]
                       for backend in utils.get_backends('AUTH_FRONTENDS', self.request)]
             context['frontends'] = collections.OrderedDict((block['id'], block)
                                                            for block in blocks if block)
             return context

         return cls()
     def get_backends(setting_name='IDP_BACKENDS'):
     def get_backends(setting_name='IDP_BACKENDS', request=None):
         '''Return the list of enabled cleaned backends.'''
         backends = []
         for backend_path in getattr(app_settings, setting_name):
-...
                 backend_path, kwargs = backend_path
             backend = load_backend(backend_path)
             # If no enabled method is defined on the backend, backend enabled by default.
             if hasattr(backend, 'enabled') and not backend.enabled():
             if hasattr(backend, 'enabled') and not backend.enabled(request):
                 continue
             kwargs_settings = getattr(app_settings, setting_name + '_KWARGS', {})
             if backend_path in kwargs_settings:

                 redirect_to = settings.LOGIN_REDIRECT_URL
         nonce = request.GET.get(constants.NONCE_FIELD_NAME)
         frontends = utils.get_backends('AUTH_FRONTENDS')
         frontends = utils.get_backends('AUTH_FRONTENDS', request)
         blocks = []
-...
             return super(ProfileView, self).dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             context = super(ProfileView, self).get_context_data(**kwargs)
             frontends = utils.get_backends('AUTH_FRONTENDS')
             request = self.request
             context = super(ProfileView, self).get_context_data(**kwargs)
             frontends = utils.get_backends('AUTH_FRONTENDS', request)
             if request.method == "POST":
                 for frontend in frontends:
                     if 'submit-%s' % frontend.id in request.POST:

         def ENABLE(self):
             return self._setting('ENABLE', True)
         @property
         def IDP_ENABLE_CONDITION(self):
             return self._setting('IDP_ENABLE_CONDITION', None)
     import sys

     from django.shortcuts import render
     from . import app_settings, utils
     from authentic2.auth_frontends import BaseFrontend
     class OIDCFrontend(object):
         def enabled(self):
     class OIDCFrontend(BaseFrontend):
         def enabled(self, request=None):
             return app_settings.ENABLE and utils.has_providers()
         def name(self):
-...
         def login(self, request, *args, **kwargs):
             context = kwargs.get('context', {})
             context['providers'] = utils.get_providers(shown=True)
             providers = utils.get_providers(shown=True)
             if app_settings.IDP_ENABLE_CONDITION is not None:
                 providers = self.eval_enable_condition(app_settings.IDP_ENABLE_CONDITION, request,
                                                        providers=providers)
             context['providers'] = providers
             return render(request, 'authentic2_auth_oidc/login.html', context)

src/authentic2_auth_saml/app_settings.py
19	19	def enable(self):
20	20	return self._setting('ENABLE', False)
21	21
22
23	22	import sys
24	23
25	24	app_settings = AppSettings('A2_AUTH_SAML_')

     from mellon.utils import get_idp, get_idps
     from authentic2.utils import redirect_to_login
     from authentic2.auth_frontends import BaseFrontend
     from . import app_settings
     class SAMLFrontend(object):
     class SAMLFrontend(BaseFrontend):
         id = 'saml'
         def enabled(self):
             return app_settings.enable and list(get_idps())
         def enabled(self, request=None):
             if app_settings.enable:
                 return self.eval_enable_condition(app_settings.enable_condition, request)
             return False
         def name(self):
             return gettext_noop('SAML')

     from django.contrib.auth import get_user_model
     from utils import login
     from utils import login, check_log
     def test_login_inactive_user(db, app):
-...
             login(app, user1)
         assert '_auth_user_id' not in app.session
     def test_login_with_conditionnal_enabled_frontend(db, app, settings, caplog):
         settings.A2_AUTH_PASSWORD_ENABLE_CONDITION = "request.META['REMOTE_ADDR'] in ('127.0.0.1',)"
         response = app.get('/login/')
         assert 'name="login-password-submit"' in response
         # set invalid display condition
         settings.A2_AUTH_PASSWORD_ENABLE_CONDITION = "request.META['REMOTE_ADDR'] in ('0.0.0.0',)"
         response = app.get('/login/')
         # login form must not be displayed
         assert 'name="login-password-submit"' not in response
         assert len(caplog.records) == 0
         # set a condition with error
         with check_log(caplog, 'filter expression error: SyntaxError(\'unexpected EOF while parsing\''):
             settings.A2_AUTH_PASSWORD_ENABLE_CONDITION = "request.META['REMOTE_ADDR'] in "
             response = app.get('/login/')
             assert 'name="login-password-submit"' not in response
     def test_registration_url_on_login_page(db, app):
         response = app.get('/login/?next=/whatever')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0002-misc-add-support-for-request-based-enable-conditions.patch