0002-views-handle-authentication-levels-requests-and-resp.patch

Valentin Deniaud, 16 avril 2019 14:07

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/2] views: handle authentication levels requests and
 responses

 README                 |  9 +++++++++
 mellon/app_settings.py |  1 +
 mellon/views.py        | 14 +++++++++++++-
 3 files changed, 23 insertions(+), 1 deletion(-)

     must be obtained from your identity provider but SHOULD come from the
     SAML 2.0 specification.
     MELLON_AUTHN_CLASSREF_LEVELS
     ----------------------------
     When working with an idp which provides authentication levels, this
     should be the URI it is expecting as a class reference, to which
     will be appended the authentication level passed as a GET parameter
     to LOGIN_URL.
     MELLON_GROUP_ATTRIBUTE
     ----------------------

mellon/app_settings.py
39	39	'LOGOUT_URL': 'mellon_logout',
40	40	'ARTIFACT_RESOLVE_TIMEOUT': 10.0,
41	41	'LOGIN_HINTS': [],
	42	'AUTHN_CLASSREF_LEVELS': 'https://entrouvert.org/auth-level/',
42	43	}
43	44
44	45	@property

             if user is not None:
                 if user.is_active:
                     utils.login(request, user)
                     class_ref = attributes['authn_context_class_ref']
                     idp = self.get_idp(request)
                     authn_classref_levels = utils.get_setting(idp, 'AUTHN_CLASSREF_LEVELS')
                     if authn_classref_levels and class_ref.startswith(authn_classref_levels):
                         request.session['auth_level'] = int(class_ref.split('/')[-1])
                     self.log.info('user %s (NameID is %r) logged in using SAML', user,
                                   attributes['name_id_content'])
                     request.session['mellon_session'] = utils.flatten_datetime(attributes)
-...
                     request, is_passive=request.GET.get('passive') == '1')
             next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
             requested_auth_level = request.GET.get('auth_level')
             idp = self.get_idp(request)
             if idp is None:
                 return HttpResponseBadRequest('no idp found')
-...
                     authn_request.isPassive = True
                 # configure requested AuthnClassRef
                 authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
                 if authn_classref:
                 authn_classref_levels = utils.get_setting(idp, 'AUTHN_CLASSREF_LEVELS')
                 if requested_auth_level and authn_classref_levels:
                     authn_classref = (authn_classref_levels + str(requested_auth_level),)
                     req_authncontext = lasso.Samlp2RequestedAuthnContext()
                     authn_request.requestedAuthnContext = req_authncontext
                     req_authncontext.authnContextClassRef = authn_classref
                 elif authn_classref:
                     authn_classref = tuple([str(x) for x in authn_classref])
                     req_authncontext = lasso.Samlp2RequestedAuthnContext()
                     authn_request.requestedAuthnContext = req_authncontext
+    -

Projet

Général

Profil

Produits Entr'ouvert » django-mellon

0002-views-handle-authentication-levels-requests-and-resp.patch