Produits Entr'ouvert » Authentic 2

    list_select_related = True

    def name(self, obj):

    name.short_description = _('name')

admin.site.register(models.Role, RoleAdmin)

        # do not create scoped admin roles if the model is not scopable

        if not ou_model:

            continue

        slug = '_a2-' + slugify(name)

        name = scoped_name.format(ou=ou)

        ou_slug = slug + '-' + ou.slug

        if app_settings.MANAGED_CONTENT_TYPES == ():

        if ct_tuple not in MANAGED_CT:

            continue

        # General admin role

        slug = '_a2-' + slugify(name)

        if app_settings.MANAGED_CONTENT_TYPES is not None and ct_tuple not in \

                app_settings.MANAGED_CONTENT_TYPES:

        admin_role = self.__class__.objects.get_admin_role(

            self, ou=self.ou,

            name=_('Managers of role "{role}"').format(

            slug='_a2-managers-of-role-{role}'.format(

            permissions=(utils.get_view_user_perm(),),

            self_administered=True)

        return admin_role

from . import app_settings

from .forms import widgets, fields

DEFAULT_TITLE_CHOICES = (

    (pgettext_lazy('title', 'Mrs'), pgettext_lazy('title', 'Mrs')),

        ctx['django_user_' + str(av.attribute.name)] = serialized

        ctx['django_user_' + str(av.attribute.name) + ':verified'] = av.verified

    ctx['django_user_groups'] = [group for group in user.groups.all()]

    if user.username:

        splitted = user.username.rsplit('@', 1)

        ctx['django_user_domain'] = splitted[1] if '@' in user.username else ''

        return u'%s (%s)' % (human_name, short_id)

    def __repr__(self):

    def clean(self):

        pass

        for i, arg in enumerate(args):

            if self.args and i not in self.args:

                continue

        for kw, arg in sorted(kwargs.iteritems(), key=lambda x: x[0]):

            if kw not in self.kwargs:

                continue

        return u'|'.join(parts)

        self.key_prefix = key_prefix

    def key(self, keys):

        key = key.encode('utf-8')

        return '%s%s' % (self.key_prefix or self.KEY_PREFIX, hashlib.md5(key).hexdigest())

        if dic and 'authz' in dic:

	    logger.info('decision is %s', dic['authz'])

            if 'message' in dic:

            if not dic['authz']:

                logger.info('access denied by an external function')

                access_granted = False

            'to the requester')

        set_saml2_response_responder_status_code(login.response,

                lasso.SAML2_STATUS_CODE_REQUEST_DENIED,

        return finish_sso(request, login)

    provider = load_provider(request, login.remoteProviderId,

        request_id = self.DEFAULT_REQUEST_ID

        if not request is None:

            if hasattr(request, 'user') and request.user.is_authenticated():

            ip = request.META.get('REMOTE_ADDR', self.DEFAULT_IP)

            request_id = request.request_id

        record.user = user

            for user in qs:

                o = {}

                for user_attribute, ldap_attribute in MAPPING.iteritems():

                o['objectClass'] = ['inetOrgPerson']

                dn = 'uid=%s,%s' % (escape_dn_chars(o['uid'][0]), attrs['suffix'])

                self.logger.debug(u'sending entry %s %s', dn, o)

    def save(self, commit=True):

        instance = self.instance

        if not instance.slug:

            qs = instance.__class__.objects.all()

            if instance.pk:

                qs = qs.exclude(pk=instance.pk)

            if self.show_all_ou and (len(self.ou_qs) > 1 or self.search_all_ous):

                choices.append(('all', all_ou_label))

            for ou in self.ou_qs:

            if self.search_all_ous:

                choices.append(('none', pgettext('organizational unit', 'None')))

    @property

    def title(self):

    def authorize(self, request, *args, **kwargs):

        super(OrganizationalUnitDetailView, self).authorize(request, *args, **kwargs)

        raise NotImplementedError

    def render(self, value):

class UserResource(ModelResource):

            result.add(role)

            for pr in role.parent_relation.all():

                result.add(pr.parent)

    class Meta:

        model = get_user_model()

    @property

    def title(self):

    def get_table_queryset(self):

        return self.object.authorized_roles.all()

    def get_instance_name(self):

        if hasattr(self, 'get_object'):

        return u''

    def get_context_data(self, **kwargs):

        menu_entries = []

        for entry in self.get_homepage_entries():

            menu_entries.append({

                'slug': entry.get('slug', ''),

            })

        return menu_entries

            with transaction.atomic():

                import_site(json_site, ImportContext())

        except DataImportError as e:

            return self.form_invalid(form)

        return super(SiteImportView, self).form_valid(form)

class RoleLabelMixin(object):

    def label_from_instance(self, obj):

        if obj.ou and utils.get_ou_count() > 1:

            label = u'{ou} - {obj}'.format(

                ou=obj.ou, obj=obj)

        verbose_name_plural = _('password reset')

    def __unicode__(self):

class Service(models.Model):

        return self.name

    def __repr__(self):

    def authorize(self, user):

        if not self.authorized_roles.exists():

    def render(self, name, value, attrs=None):

        if attrs is None:

            attrs = {}

            attrs['rows'] = value.count('\n') + 5

            attrs['cols'] = min(max((len(x) for x in value.split('\n'))), 150)

        return super(TextAndFileWidget, self).render(name, value, attrs)

        return None

    logger.debug('loaded %d bytes', len(metadata))

    try:

    except:

        logging.error('SAML metadata autoload: retrieved metadata for entity '

                      'id %s is not UTF-8', provider_id)

        return (self.liberty_provider.slug,)

    def __unicode__(self):

    class Meta:

        verbose_name = _('SAML service provider')

    # explicitly state that the session has been modified

    request.session.modified = True

    event = {

        'who_id': getattr(request.user, 'pk', None),

        'how': how,

        'when': int(time.time()),

    }

    kwargs = {

        'how': how,

    }

    nonce = nonce or get_nonce(request)

    for value in values:

        if isinstance(value, bool):

            value = str(value).lower()

    return values_set

        return dict((utf8_encode(a), utf8_encode(b)) for a, b in v.iteritems())

    if isinstance(v, (list, tuple)):

        return type(v)(utf8_encode(a) for a in v)

        return v.encode('utf-8')

    return v

                value = filter(None, value)

                value = [html_value(attribute, at_value) for at_value in value]

                if not title:

            else:

                # fallback to model attributes

                try:

                if not isinstance(value, (list, tuple)):

                    value = (value,)

                raw_value = value

            if value or app_settings.A2_PROFILE_DISPLAY_EMPTY_FIELDS:

                profile.append((title, value))

                attributes.append({'attribute': attribute, 'values': raw_value})

                      check_claims={}, algs=algs)

            jwt.claims

            logger.warning(u'auth_oidc: invalid id_token audience %s != provider client_id %s',

                           id_token.aud, provider.client_id)

            return None

REQUIRED_ID_TOKEN_KEYS = set(['iss', 'sub', 'aud', 'exp', 'iat'])

KEY_TYPES = {

    'exp': int,

    'iat': int,

    'auth_time': int,

    # aud and amr havec specific checks

}

            raise ValueError('missing field: %s' % (REQUIRED_ID_TOKEN_KEYS - keys))

        for key in keys:

            if key == 'aud':

                    raise ValueError('invalid aud value: %r' % decoded['aud'])

                                                                decoded['aud']):

                    raise ValueError('invalid aud value: %r' % decoded['aud'])

            elif key == 'amr':

                if not isinstance(decoded['amr'], list):

                    raise ValueError('invalid amr value: %s' % decoded['amr'])

                    raise ValueError('invalid amr value: %s' % decoded['amr'])

            elif key in KEY_TYPES:

                if not isinstance(decoded[key], KEY_TYPES[key]):

            attributes = self.get_attributes(request, st)

            if st.service.identifier_attribute not in attributes:

                self.logger.error('unable to compute an identifier for user %r and service %s',

                return self.validation_failure(request, service, INTERNAL_ERROR)

            # Compute user identifier

            identifier = attribute_values_to_identifier(

    def validation_success(self, request, st, identifier):

        self.logger.info('validation success service: %r ticket: %s '

        return self.real_validation_success(request, st, identifier)

        root = ET.Element(SERVICE_RESPONSE_ELT)

        success = ET.SubElement(root, AUTHENTICATION_SUCCESS_ELT)

        user = ET.SubElement(success, USER_ELT)

        self.provision_pgt(request, st, success)

        self.provision_attributes(request, st, success)

        return HttpResponse(ET.tostring(root, encoding='utf-8'),

        for key, values in values.iteritems():

            for value in values:

                attribute_elt = ET.SubElement(attributes_elt, '{%s}%s' % (CAS_NAMESPACE, key))

    def provision_pgt(self, request, st, success):

def generate_uuid():

def validate_https_url(data):

    def __repr__(self):

        return '<OIDCAuthorization client:%r user:%r scopes:%r>' % (

            self.scopes)

    def __repr__(self):

        return '<OIDCCode uuid:%s client:%s user:%s expired:%s scopes:%s>' % (

            self.uuid,

            self.expired,

            self.scopes)

    def __repr__(self):

        return '<OIDCAccessToken uuid:%s client:%s user:%s expired:%s scopes:%s>' % (

            self.uuid,

            self.expired,

            self.scopes)

def clean_words(data):

    '''Clean and order a list of words'''

def url_domain(url):

    if client.identifier_policy in (client.POLICY_PAIRWISE, client.POLICY_PAIRWISE_REVERSIBLE):

        return make_pairwise_sub(client, user)

    elif client.identifier_policy == client.POLICY_UUID:

    elif client.identifier_policy == client.POLICY_EMAIL:

        return user.email

    else:

                    code.uuid, ' '.join(scopes),

                    client.name)

        params = {

        }

        if state is not None:

            params['state'] = state

    if oidc_code.nonce is not None:

        id_token['nonce'] = oidc_code.nonce

    response = HttpResponse(json.dumps({

        'token_type': 'Bearer',

        'expires_in': expires_in,

        'id_token': utils.make_idtoken(client, id_token),

    def save(self, *args, **kwargs):

        # truncate slug and add a hash if it's too long

        if not self.slug:

        if len(self.slug) > 256:

            self.slug = self.slug[:252] + \

                hashlib.md5(self.slug).hexdigest()[:4]

        return [self.slug]

    def __unicode__(self):

    def export_json(self):

        return {'slug': self.slug, 'name': self.name}

def get_operation(operation_tpl):

    from . import models

    operation, created = models.Operation.objects.get_or_create(

    return operation