0002-root-implement-automatic-tryauth-12867.patch
tests/test_saml_auth.py | ||
---|---|---|
479 | 479 |
saml2.slo_idp(urlparse.urlparse(logout.msgUrl).query) |
480 | 480 |
assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo_return?SAMLResponse=') |
481 | 481 |
assert req.session is None |
482 | ||
483 | ||
484 |
def test_opened_session_cookie(pub): |
|
485 |
app = get_app(pub) |
|
486 |
app.set_cookie('A2_OPENED_SESSION', '1') |
|
487 |
resp = app.get('/') |
|
488 |
assert resp.status_int == 302 |
|
489 |
assert resp.location.startswith('http://example.net/login/?ReturnUrl=http%3A//example.net/') |
|
490 |
assert 'PASSIVE_TRIED_COOKIE' in app.cookies |
|
491 | ||
492 | ||
493 |
def test_no_opened_session_cookie(pub): |
|
494 |
app = get_app(pub) |
|
495 |
resp = app.get('/') |
|
496 |
assert resp.status_int == 200 |
|
497 |
assert 'PASSIVE_TRIED_COOKIE' not in app.cookies |
wcs/root.py | ||
---|---|---|
339 | 339 |
except errors.TraversalError: |
340 | 340 |
pass |
341 | 341 | |
342 |
return forms.root.RootDirectory()._q_traverse(path) |
|
342 |
output = forms.root.RootDirectory()._q_traverse(path) |
|
343 |
return self.automatic_sso(output) |
|
344 | ||
345 |
def automatic_sso(self, output): |
|
346 |
request = get_request() |
|
347 |
response = get_response() |
|
348 | ||
349 |
OPENED_SESSION_COOKIE = 'A2_OPENED_SESSION' |
|
350 |
PASSIVE_TRIED_COOKIE = 'PASSIVE_TRIED_COOKIE' |
|
351 |
if OPENED_SESSION_COOKIE not in request.cookies and PASSIVE_TRIED_COOKIE in request.cookies: |
|
352 |
response.expire_cookie(PASSIVE_TRIED_COOKIE) |
|
353 |
return output |
|
354 |
elif OPENED_SESSION_COOKIE in request.cookies and PASSIVE_TRIED_COOKIE not in request.cookies: |
|
355 |
ident_methods = get_cfg('identification', {}).get('methods', []) |
|
356 |
idps = get_cfg('idp', {}) |
|
357 |
if request.user: |
|
358 |
return output |
|
359 |
if len(idps) != 1: |
|
360 |
return output |
|
361 |
if ident_methods != ['idp']: |
|
362 |
return output |
|
363 |
response.set_cookie(PASSIVE_TRIED_COOKIE, '1') |
|
364 |
url = request.get_url() |
|
365 |
query = request.get_query() |
|
366 |
if query: |
|
367 |
url += '?' + query |
|
368 |
return forms.root.tryauth(url) |
|
369 |
else: |
|
370 |
return output |
|
343 | 371 | |
344 | 372 |
def _q_lookup(self, component): |
345 | 373 |
# is this a category ? |
346 |
- |