0001-views-handle-role-requests.patch
| mellon/views.py | ||
|---|---|---|
| 19 | 19 |
from django.utils.encoding import force_text |
| 20 | 20 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
| 21 | 21 |
from django.db import transaction |
| 22 |
from django.utils.six.moves.urllib.parse import urljoin |
|
| 22 | 23 |
from django.utils.translation import ugettext as _ |
| 23 | 24 | |
| 24 | 25 |
from . import app_settings, utils |
| ... | ... | |
| 375 | 376 |
request, is_passive=request.GET.get('passive') == '1')
|
| 376 | 377 | |
| 377 | 378 |
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME)) |
| 379 |
requested_roles = request.GET.getlist('roles')
|
|
| 378 | 380 |
idp = self.get_idp(request) |
| 379 | 381 |
if idp is None: |
| 380 | 382 |
return HttpResponseBadRequest('no idp found')
|
| ... | ... | |
| 394 | 396 |
authn_request.isPassive = True |
| 395 | 397 |
# configure requested AuthnClassRef |
| 396 | 398 |
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF') |
| 397 |
if authn_classref: |
|
| 399 |
if requested_roles: |
|
| 400 |
prefix = 'https://entrouvert.com/authn-class-ref/role-uuid/' # TODO add setting |
|
| 401 |
authn_classref = tuple(str(urljoin(prefix, role)) for role in requested_roles) |
|
| 402 |
req_authncontext = lasso.Samlp2RequestedAuthnContext() |
|
| 403 |
authn_request.requestedAuthnContext = req_authncontext |
|
| 404 |
req_authncontext.authnContextClassRef = authn_classref |
|
| 405 |
elif authn_classref: |
|
| 398 | 406 |
authn_classref = tuple([str(x) for x in authn_classref]) |
| 399 | 407 |
req_authncontext = lasso.Samlp2RequestedAuthnContext() |
| 400 | 408 |
authn_request.requestedAuthnContext = req_authncontext |
| 401 |
- |
|