Projet

Général

Profil

0001-root-implement-automatic-tryauth-12867.patch

Benjamin Dauvergne, 04 juin 2019 17:04

Télécharger (2,81 ko)

Voir les différences: 

Subject: [PATCH] root: implement automatic tryauth (#12867)


 tests/test_saml_auth.py | 16 ++++++++++++++++
 wcs/root.py             | 30 +++++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
tests/test_saml_auth.py
425 425 
    saml2.slo_idp(urlparse.urlparse(logout.msgUrl).query)
426 426 
    assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo_return?SAMLResponse=')
427 427 
    assert req.session is None
428 

  		




  
  429
  
    

  		




  
  430
  
    
def test_opened_session_cookie(pub):

  		




  
  431
  
    
    app = get_app(pub)

  		




  
  432
  
    
    app.set_cookie('A2_OPENED_SESSION', '1')

  		




  
  433
  
    
    resp = app.get('/')

  		




  
  434
  
    
    assert resp.status_int == 302

  		




  
  435
  
    
    assert resp.location.startswith('http://example.net/login/?ReturnUrl=http%3A//example.net/')

  		




  
  436
  
    
    assert 'PASSIVE_TRIED_COOKIE' in app.cookies

  		




  
  437
  
    

  		




  
  438
  
    

  		




  
  439
  
    
def test_no_opened_session_cookie(pub):

  		




  
  440
  
    
    app = get_app(pub)

  		




  
  441
  
    
    resp = app.get('/')

  		




  
  442
  
    
    assert resp.status_int == 200

  		




  
  443
  
    
    assert 'PASSIVE_TRIED_COOKIE' not in app.cookies

  		












  

    
      wcs/root.py
    
  





  339
  339
  
    
        except errors.TraversalError:

  		




  340
  340
  
    
            pass

  		




  341
  341
  
    

  		




  342
  
  
    
        return forms.root.RootDirectory()._q_traverse(path)

  		




  
  342
  
    
        output = forms.root.RootDirectory()._q_traverse(path)

  		




  
  343
  
    
        return self.automatic_sso(output)

  		




  
  344
  
    

  		




  
  345
  
    
    def automatic_sso(self, output):

  		




  
  346
  
    
        request = get_request()

  		




  
  347
  
    
        response = get_response()

  		




  
  348
  
    

  		




  
  349
  
    
        OPENED_SESSION_COOKIE = 'A2_OPENED_SESSION'

  		




  
  350
  
    
        PASSIVE_TRIED_COOKIE = 'PASSIVE_TRIED_COOKIE'

  		




  
  351
  
    
        if OPENED_SESSION_COOKIE not in request.cookies and PASSIVE_TRIED_COOKIE in request.cookies:

  		




  
  352
  
    
            response.expire_cookie(PASSIVE_TRIED_COOKIE)

  		




  
  353
  
    
            return output

  		




  
  354
  
    
        elif OPENED_SESSION_COOKIE in request.cookies and PASSIVE_TRIED_COOKIE not in request.cookies:

  		




  
  355
  
    
            ident_methods = get_cfg('identification', {}).get('methods', [])

  		




  
  356
  
    
            idps = get_cfg('idp', {})

  		




  
  357
  
    
            if request.user:

  		




  
  358
  
    
                return output

  		




  
  359
  
    
            if len(idps) != 1:

  		




  
  360
  
    
                return output

  		




  
  361
  
    
            if ident_methods != ['idp']:

  		




  
  362
  
    
                return output

  		




  
  363
  
    
            response.set_cookie(PASSIVE_TRIED_COOKIE, '1')

  		




  
  364
  
    
            url = request.get_url()

  		




  
  365
  
    
            query = request.get_query()

  		




  
  366
  
    
            if query:

  		




  
  367
  
    
                url += '?' + query

  		




  
  368
  
    
            return forms.root.tryauth(url)

  		




  
  369
  
    
        else:

  		




  
  370
  
    
            return output

  		




  343
  371
  
    

  		




  344
  372
  
    
    def _q_lookup(self, component):

  		




  345
  373
  
    
        # is this a category ?

  		




  346
  
  
    
-