0001-do-not-crash-if-no-idp-is-found-19260.patch

Benjamin Dauvergne, 07 juin 2019 10:24

Voir les différences: en ligne côte à côte

Subject: [PATCH] do not crash if no idp is found (#19260)

Also improve logging of no idp situation in default backend.

 mellon/backends.py | 10 +++++++++-
 mellon/views.py    |  8 +++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import logging
     from django.contrib.auth.backends import ModelBackend
     from . import utils
     logger = logging.getLogger(__name__)
     class SAMLBackend(ModelBackend):
         def authenticate(self, saml_attributes, request=None):
             # without an issuer we can do nothing
             if 'issuer' not in saml_attributes:
                 return
                 logger.debug('no idp in saml_attributes')
                 return None
             idp = utils.get_idp(saml_attributes['issuer'])
             if not idp:
                 logger.debug('unknown idp %s', saml_attributes['issuer'])
                 return None
             adapters = utils.get_adapters(idp)
             for adapter in adapters:
                 if not hasattr(adapter, 'authorize'):

                 for idp in utils.get_idps():
                     return idp
                 else:
                     return None
                     return {}
             else:
                 return utils.get_idp(entity_id)
-...
             '''show error message to user after a login failure'''
             login = self.profile
             idp = utils.get_idp(login.remoteProviderId)
             if not idp:
                 return HttpResponseBadRequest(
                     'entity id %r is unknown' % login.remoteProviderId)
             error_url = utils.get_setting(idp, 'ERROR_URL')
             error_redirect_after_timeout = utils.get_setting(idp, 'ERROR_REDIRECT_AFTER_TIMEOUT')
             if error_url:
-...
                     'no entity id found for this artifact %r' % artifact)
             idp = utils.get_idp(login.remoteProviderId)
             if not idp:
                 self.log.warning('entity id %r is unknown', login.remoteProviderId)
                 return HttpResponseBadRequest(
                     'entity id %r is unknown' % login.remoteProviderId)
             verify_ssl_certificate = utils.get_setting(
-...
             next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
             idp = self.get_idp(request)
             if idp is None:
             if not idp:
                 return HttpResponseBadRequest('no idp found')
             self.profile = login = utils.create_login(request)
             self.log.debug('authenticating to %r', idp['ENTITY_ID'])
+    -

Projet

Général

Profil

Produits Entr'ouvert » django-mellon

0001-do-not-crash-if-no-idp-is-found-19260.patch