0001-use-unicode_literals-34008.patch
| mellon/adapters.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
import logging |
| 2 | 4 |
import uuid |
| 3 | 5 |
from xml.etree import ElementTree as ET |
| ... | ... | |
| 56 | 58 |
response.raise_for_status() |
| 57 | 59 |
except requests.exceptions.RequestException as e: |
| 58 | 60 |
self.logger.error( |
| 59 |
u'retrieval of metadata URL %r failed with error %s for %d-th idp',
|
|
| 61 |
'retrieval of metadata URL %r failed with error %s for %d-th idp', |
|
| 60 | 62 |
idp['METADATA_URL'], e, i) |
| 61 | 63 |
continue |
| 62 | 64 |
idp['METADATA'] = response.text |
| ... | ... | |
| 64 | 66 |
if idp['METADATA'].startswith('/'):
|
| 65 | 67 |
idp['METADATA'] = open(idp['METADATA']).read() |
| 66 | 68 |
else: |
| 67 |
self.logger.error(u'missing METADATA or METADATA_URL in %d-th idp', i)
|
|
| 69 |
self.logger.error('missing METADATA or METADATA_URL in %d-th idp', i)
|
|
| 68 | 70 |
continue |
| 69 | 71 |
if 'ENTITY_ID' not in idp: |
| 70 | 72 |
try: |
| 71 | 73 |
doc = ET.fromstring(idp['METADATA']) |
| 72 | 74 |
except (TypeError, ET.ParseError): |
| 73 |
self.logger.error(u'METADATA of %d-th idp is invalid', i)
|
|
| 75 |
self.logger.error('METADATA of %d-th idp is invalid', i)
|
|
| 74 | 76 |
continue |
| 75 | 77 |
if doc.tag != '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF:
|
| 76 |
self.logger.error(u'METADATA of %d-th idp has no EntityDescriptor root tag', i)
|
|
| 78 |
self.logger.error('METADATA of %d-th idp has no EntityDescriptor root tag', i)
|
|
| 77 | 79 |
continue |
| 78 | 80 | |
| 79 | 81 |
if not 'entityID' in doc.attrib: |
| 80 | 82 |
self.logger.error( |
| 81 |
u'METADATA of %d-th idp has no entityID attribute on its root tag', i)
|
|
| 83 |
'METADATA of %d-th idp has no entityID attribute on its root tag', i) |
|
| 82 | 84 |
continue |
| 83 | 85 |
idp['ENTITY_ID'] = doc.attrib['entityID'] |
| 84 | 86 |
yield idp |
| ... | ... | |
| 101 | 103 |
username = force_text(username_template).format( |
| 102 | 104 |
realm=realm, attributes=saml_attributes, idp=idp)[:30] |
| 103 | 105 |
except ValueError: |
| 104 |
self.logger.error(u'invalid username template %r', username_template)
|
|
| 106 |
self.logger.error('invalid username template %r', username_template)
|
|
| 105 | 107 |
except (AttributeError, KeyError, IndexError) as e: |
| 106 | 108 |
self.logger.error( |
| 107 |
u'invalid reference in username template %r: %s', username_template, e)
|
|
| 109 |
'invalid reference in username template %r: %s', username_template, e) |
|
| 108 | 110 |
except Exception as e: |
| 109 |
self.logger.exception(u'unknown error when formatting username')
|
|
| 111 |
self.logger.exception('unknown error when formatting username')
|
|
| 110 | 112 |
else: |
| 111 | 113 |
return username |
| 112 | 114 | |
| ... | ... | |
| 220 | 222 |
self.logger.debug('looking for users by attribute %r and user field %r with value %r: not found',
|
| 221 | 223 |
saml_attribute, user_field, value) |
| 222 | 224 |
continue |
| 223 |
self.logger.info(u'looking for user by attribute %r and user field %r with value %r: found %s',
|
|
| 225 |
self.logger.info('looking for user by attribute %r and user field %r with value %r: found %s',
|
|
| 224 | 226 |
saml_attribute, user_field, value, display_truncated_list(users_found)) |
| 225 | 227 |
users.update(users_found) |
| 226 | 228 |
if len(users) == 1: |
| 227 | 229 |
user = list(users)[0] |
| 228 |
self.logger.info(u'looking for user by attributes %r: found user %s',
|
|
| 230 |
self.logger.info('looking for user by attributes %r: found user %s',
|
|
| 229 | 231 |
lookup_by_attributes, user) |
| 230 | 232 |
return user |
| 231 | 233 |
elif len(users) > 1: |
| 232 |
self.logger.warning(u'looking for user by attributes %r: too many users found(%d), failing',
|
|
| 234 |
self.logger.warning('looking for user by attributes %r: too many users found(%d), failing',
|
|
| 233 | 235 |
lookup_by_attributes, len(users)) |
| 234 | 236 |
return None |
| 235 | 237 | |
| ... | ... | |
| 254 | 256 |
try: |
| 255 | 257 |
value = force_text(tpl).format(realm=realm, attributes=saml_attributes, idp=idp) |
| 256 | 258 |
except ValueError: |
| 257 |
self.logger.warning(u'invalid attribute mapping template %r', tpl)
|
|
| 259 |
self.logger.warning('invalid attribute mapping template %r', tpl)
|
|
| 258 | 260 |
except (AttributeError, KeyError, IndexError, ValueError) as e: |
| 259 | 261 |
self.logger.warning( |
| 260 |
u'invalid reference in attribute mapping template %r: %s', tpl, e)
|
|
| 262 |
'invalid reference in attribute mapping template %r: %s', tpl, e) |
|
| 261 | 263 |
else: |
| 262 | 264 |
model_field = user._meta.get_field(field) |
| 263 | 265 |
if hasattr(model_field, 'max_length'): |
| ... | ... | |
| 266 | 268 |
old_value = getattr(user, field) |
| 267 | 269 |
setattr(user, field, value) |
| 268 | 270 |
attribute_set = True |
| 269 |
self.logger.info(u'set field %s of user %s to value %r (old value %r)', field,
|
|
| 271 |
self.logger.info('set field %s of user %s to value %r (old value %r)', field,
|
|
| 270 | 272 |
user, value, old_value) |
| 271 | 273 |
if attribute_set: |
| 272 | 274 |
user.save() |
| ... | ... | |
| 320 | 322 |
groups.append(group) |
| 321 | 323 |
for group in Group.objects.filter(pk__in=[g.pk for g in groups]).exclude(user=user): |
| 322 | 324 |
self.logger.info( |
| 323 |
u'adding group %s (%s) to user %s (%s)', group, group.pk, user, user.pk)
|
|
| 325 |
'adding group %s (%s) to user %s (%s)', group, group.pk, user, user.pk) |
|
| 324 | 326 |
User.groups.through.objects.get_or_create(group=group, user=user) |
| 325 | 327 |
qs = User.groups.through.objects.exclude( |
| 326 | 328 |
group__pk__in=[g.pk for g in groups]).filter(user=user) |
| 327 | 329 |
for rel in qs: |
| 328 |
self.logger.info(u'removing group %s (%s) from user %s (%s)', rel.group,
|
|
| 330 |
self.logger.info('removing group %s (%s) from user %s (%s)', rel.group,
|
|
| 329 | 331 |
rel.group.pk, rel.user, rel.user.pk) |
| 330 | 332 |
qs.delete() |
| mellon/backends.py | ||
|---|---|---|
| 13 | 13 |
# You should have received a copy of the GNU Affero General Public License |
| 14 | 14 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 15 | 15 | |
| 16 |
from __future__ import unicode_literals |
|
| 17 | ||
| 16 | 18 |
from django.contrib.auth.backends import ModelBackend |
| 17 | 19 | |
| 18 | 20 |
from . import utils |
| mellon/middleware.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
from django.utils.http import urlencode |
| 2 | 4 |
from django.http import HttpResponseRedirect |
| 3 | 5 |
from django.core.urlresolvers import reverse |
| mellon/models.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
from django.db import models |
| 2 | 4 |
from django.utils.translation import ugettext_lazy as _ |
| 3 | 5 |
from django.conf import settings |
| mellon/urls.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
from django.conf.urls import url |
| 2 | 4 |
import django |
| 3 | 5 | |
| mellon/utils.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
import logging |
| 2 | 4 |
import datetime |
| 3 | 5 |
import importlib |
| ... | ... | |
| 83 | 85 |
try: |
| 84 | 86 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp['METADATA']) |
| 85 | 87 |
except lasso.Error as e: |
| 86 |
logger.error(u'bad metadata in idp %r', idp['ENTITY_ID'])
|
|
| 87 |
logger.debug(u'lasso error: %s', e)
|
|
| 88 |
logger.error('bad metadata in idp %r', idp['ENTITY_ID'])
|
|
| 89 |
logger.debug('lasso error: %s', e)
|
|
| 88 | 90 |
continue |
| 89 | 91 |
cache[root] = server |
| 90 | 92 |
settings._MELLON_SERVER_CACHE = cache |
| mellon/views.py | ||
|---|---|---|
| 1 |
from __future__ import unicode_literals |
|
| 2 | ||
| 1 | 3 |
import logging |
| 2 | 4 |
import requests |
| 3 | 5 |
import lasso |
| ... | ... | |
| 99 | 101 | |
| 100 | 102 |
def show_message_status_is_not_success(self, profile, prefix): |
| 101 | 103 |
status_codes, idp_message = utils.get_status_codes_and_message(profile) |
| 102 |
args = [u'%s: status is not success codes: %r', prefix, status_codes]
|
|
| 104 |
args = ['%s: status is not success codes: %r', prefix, status_codes] |
|
| 103 | 105 |
if idp_message: |
| 104 |
args[0] += u' message: %s'
|
|
| 106 |
args[0] += ' message: %s' |
|
| 105 | 107 |
args.append(idp_message) |
| 106 | 108 |
self.log.warning(*args) |
| 107 | 109 | |
| ... | ... | |
| 276 | 278 |
try: |
| 277 | 279 |
login.initRequest(message, method) |
| 278 | 280 |
except lasso.ProfileInvalidArtifactError: |
| 279 |
self.log.warning(u'artifact is malformed %r', artifact)
|
|
| 280 |
return HttpResponseBadRequest(u'artifact is malformed %r' % artifact)
|
|
| 281 |
self.log.warning('artifact is malformed %r', artifact)
|
|
| 282 |
return HttpResponseBadRequest('artifact is malformed %r' % artifact)
|
|
| 281 | 283 |
except lasso.ServerProviderNotFoundError: |
| 282 | 284 |
self.log.warning('no entity id found for artifact %s', artifact)
|
| 283 | 285 |
return HttpResponseBadRequest( |
| ... | ... | |
| 406 | 408 |
# lasso>2.5.1 introduced a better API |
| 407 | 409 |
if hasattr(authn_request.extensions, 'any'): |
| 408 | 410 |
authn_request.extensions.any = ( |
| 409 |
'<eo:next_url xmlns:eo="https://www.entrouvert.com/">%s</eo:next_url>' % eo_next_url,) |
|
| 411 |
str('<eo:next_url xmlns:eo="https://www.entrouvert.com/">%s</eo:next_url>' % eo_next_url),
|
|
| 412 |
) |
|
| 410 | 413 |
else: |
| 411 | 414 |
authn_request.extensions.setOriginalXmlnode( |
| 412 |
'''<samlp:Extensions |
|
| 415 |
str('''<samlp:Extensions
|
|
| 413 | 416 |
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" |
| 414 | 417 |
xmlns:eo="https://www.entrouvert.com/"> |
| 415 | 418 |
<eo:next_url>%s</eo:next_url> |
| 416 |
</samlp:Extensions>''' % eo_next_url |
|
| 419 |
</samlp:Extensions>''' % eo_next_url)
|
|
| 417 | 420 |
) |
| 418 | 421 |
self.set_next_url(next_url) |
| 419 | 422 |
self.add_login_hints(idp, authn_request, request=request, next_url=next_url) |
| ... | ... | |
| 483 | 486 |
self.log.warning('error validating logout request: %r' % e)
|
| 484 | 487 |
issuer = request.session.get('mellon_session', {}).get('issuer')
|
| 485 | 488 |
if issuer == logout.remoteProviderId: |
| 486 |
self.log.info(u'user logged out by IdP SLO request')
|
|
| 489 |
self.log.info('user logged out by IdP SLO request')
|
|
| 487 | 490 |
auth.logout(request) |
| 488 | 491 |
try: |
| 489 | 492 |
logout.buildResponseMsg() |
| ... | ... | |
| 520 | 523 |
# set next_url after local logout, as the session is wiped by auth.logout |
| 521 | 524 |
if logout: |
| 522 | 525 |
self.set_next_url(next_url) |
| 523 |
self.log.info(u'user logged out, SLO request sent to IdP')
|
|
| 526 |
self.log.info('user logged out, SLO request sent to IdP')
|
|
| 524 | 527 |
else: |
| 525 | 528 |
self.log.warning('logout refused referer %r is not of the same origin', referer)
|
| 526 | 529 |
return HttpResponseRedirect(next_url) |
| 527 |
- |
|