0001-root-implement-automatic-tryauth-12867.patch
tests/test_saml_auth.py | ||
---|---|---|
425 | 425 |
saml2.slo_idp(urlparse.urlparse(logout.msgUrl).query) |
426 | 426 |
assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo_return?SAMLResponse=') |
427 | 427 |
assert req.session is None |
428 | ||
429 | ||
430 |
def test_opened_session_cookie(pub): |
|
431 |
app = get_app(pub) |
|
432 |
app.set_cookie('A2_OPENED_SESSION', '1') |
|
433 |
resp = app.get('/') |
|
434 |
assert resp.status_int == 302 |
|
435 |
assert resp.location.startswith('http://example.net/login/?ReturnUrl=http%3A//example.net/') |
|
436 |
assert 'PASSIVE_TRIED_COOKIE' in app.cookies |
|
437 | ||
438 | ||
439 |
def test_no_opened_session_cookie(pub): |
|
440 |
app = get_app(pub) |
|
441 |
resp = app.get('/') |
|
442 |
assert resp.status_int == 200 |
|
443 |
assert 'PASSIVE_TRIED_COOKIE' not in app.cookies |
wcs/root.py | ||
---|---|---|
339 | 339 |
except errors.TraversalError: |
340 | 340 |
pass |
341 | 341 | |
342 |
return forms.root.RootDirectory()._q_traverse(path) |
|
342 |
output = forms.root.RootDirectory()._q_traverse(path) |
|
343 |
return self.automatic_sso(output) |
|
344 | ||
345 |
def automatic_sso(self, output): |
|
346 |
request = get_request() |
|
347 |
response = get_response() |
|
348 | ||
349 |
OPENED_SESSION_COOKIE = 'A2_OPENED_SESSION' |
|
350 |
PASSIVE_TRIED_COOKIE = 'PASSIVE_TRIED_COOKIE' |
|
351 |
if OPENED_SESSION_COOKIE not in request.cookies and PASSIVE_TRIED_COOKIE in request.cookies: |
|
352 |
response.expire_cookie(PASSIVE_TRIED_COOKIE) |
|
353 |
return output |
|
354 |
elif OPENED_SESSION_COOKIE in request.cookies and PASSIVE_TRIED_COOKIE not in request.cookies: |
|
355 |
ident_methods = get_cfg('identification', {}).get('methods', []) |
|
356 |
idps = get_cfg('idp', {}) |
|
357 |
if request.user: |
|
358 |
return output |
|
359 |
if len(idps) != 1: |
|
360 |
return output |
|
361 |
if ident_methods != ['idp']: |
|
362 |
return output |
|
363 |
response.set_cookie(PASSIVE_TRIED_COOKIE, '1') |
|
364 |
url = request.get_url() |
|
365 |
query = request.get_query() |
|
366 |
if query: |
|
367 |
url += '?' + query |
|
368 |
return forms.root.tryauth(url) |
|
369 |
else: |
|
370 |
return output |
|
343 | 371 | |
344 | 372 |
def _q_lookup(self, component): |
345 | 373 |
# is this a category ? |
346 |
- |