0001-views-handle-role-requests.patch
mellon/views.py | ||
---|---|---|
19 | 19 |
from django.utils.encoding import force_text |
20 | 20 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
21 | 21 |
from django.db import transaction |
22 |
from django.utils.six.moves.urllib.parse import urljoin |
|
22 | 23 |
from django.utils.translation import ugettext as _ |
23 | 24 | |
24 | 25 |
from . import app_settings, utils |
... | ... | |
375 | 376 |
request, is_passive=request.GET.get('passive') == '1') |
376 | 377 | |
377 | 378 |
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME)) |
379 |
requested_roles = request.GET.getlist('roles') |
|
378 | 380 |
idp = self.get_idp(request) |
379 | 381 |
if idp is None: |
380 | 382 |
return HttpResponseBadRequest('no idp found') |
... | ... | |
394 | 396 |
authn_request.isPassive = True |
395 | 397 |
# configure requested AuthnClassRef |
396 | 398 |
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF') |
397 |
if authn_classref: |
|
399 |
if requested_roles: |
|
400 |
prefix = 'https://entrouvert.com/authn-class-ref/role-uuid/' # TODO add setting |
|
401 |
authn_classref = tuple(str(urljoin(prefix, role)) for role in requested_roles) |
|
402 |
req_authncontext = lasso.Samlp2RequestedAuthnContext() |
|
403 |
authn_request.requestedAuthnContext = req_authncontext |
|
404 |
req_authncontext.authnContextClassRef = authn_classref |
|
405 |
elif authn_classref: |
|
398 | 406 |
authn_classref = tuple([str(x) for x in authn_classref]) |
399 | 407 |
req_authncontext = lasso.Samlp2RequestedAuthnContext() |
400 | 408 |
authn_request.requestedAuthnContext = req_authncontext |
401 |
- |