0001-add-kwargs-template_base-to-LoginView-35083.patch
| mellon/templates/mellon/base.html | ||
|---|---|---|
| 1 |
{% extends "base.html" %}
|
|
| 1 |
{% extends template_base|default:"base.html" %}
|
|
| 2 | 2 | |
| 3 | 3 |
{% block extra_scripts %}
|
| 4 | 4 |
{% block mellon_extra_scripts %}
|
| mellon/views.py | ||
|---|---|---|
| 128 | 128 | |
| 129 | 129 | |
| 130 | 130 |
class LoginView(ProfileMixin, LogMixin, View): |
| 131 |
@property |
|
| 132 |
def template_base(self): |
|
| 133 |
return self.kwargs.get('template_base', 'base.html')
|
|
| 134 | ||
| 131 | 135 |
def get_idp(self, request): |
| 132 | 136 |
entity_id = request.POST.get('entityID') or request.GET.get('entityID')
|
| 133 | 137 |
if not entity_id: |
| ... | ... | |
| 186 | 190 |
next_url = error_url or self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL)) |
| 187 | 191 |
return render(request, 'mellon/authentication_failed.html', |
| 188 | 192 |
{
|
| 193 |
'template_base': self.template_base, |
|
| 189 | 194 |
'debug': settings.DEBUG, |
| 190 | 195 |
'reason': reason, |
| 191 | 196 |
'status_codes': status_codes, |
| ... | ... | |
| 253 | 258 |
self.log.warning('user %s (NameID is %r) is inactive, login refused', user,
|
| 254 | 259 |
attributes['name_id_content']) |
| 255 | 260 |
return render(request, 'mellon/inactive_user.html', {
|
| 261 |
'template_base': self.template_base, |
|
| 256 | 262 |
'user': user, |
| 257 | 263 |
'saml_attributes': attributes}) |
| 258 | 264 |
else: |
| 259 | 265 |
self.log.warning('no user found for NameID %r', attributes['name_id_content'])
|
| 260 |
return render(request, 'mellon/user_not_found.html', |
|
| 261 |
{'saml_attributes': attributes})
|
|
| 266 |
return render(request, 'mellon/user_not_found.html', {
|
|
| 267 |
'template_base': self.template_base, |
|
| 268 |
'saml_attributes': attributes |
|
| 269 |
}) |
|
| 262 | 270 |
request.session['lasso_session_dump'] = login.session.dump() |
| 263 | 271 | |
| 264 | 272 |
return HttpResponseRedirect(next_url) |
| ... | ... | |
| 379 | 387 |
url = app_settings.DISCOVERY_SERVICE_URL |
| 380 | 388 |
params = {
|
| 381 | 389 |
# prevent redirect loops with the discovery service |
| 382 |
'entityID': request.build_absolute_uri(reverse('mellon_metadata')),
|
|
| 390 |
'entityID': request.build_absolute_uri( |
|
| 391 |
reverse('mellon_metadata')),
|
|
| 383 | 392 |
'return': return_url, |
| 384 | 393 |
} |
| 385 | 394 |
if is_passive: |
| tests/templates/theme.html | ||
|---|---|---|
| 1 |
<html> |
|
| 2 |
<body> |
|
| 3 |
<p>Theme is ok</p> |
|
| 4 |
{% block content %}
|
|
| 5 |
{% endblock %}
|
|
| 6 |
</body> |
|
| 7 |
</html> |
|
| tests/test_sso_slo.py | ||
|---|---|---|
| 23 | 23 | |
| 24 | 24 |
import lasso |
| 25 | 25 | |
| 26 |
import pytest |
|
| 26 | 27 |
from pytest import fixture |
| 27 | 28 | |
| 28 | 29 |
import django |
| ... | ... | |
| 224 | 225 |
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text |
| 225 | 226 | |
| 226 | 227 | |
| 228 |
@pytest.mark.urls('urls_tests_template_base')
|
|
| 229 |
def test_template_base(db, app, idp, caplog, sp_settings): |
|
| 230 |
response = app.get(reverse('mellon_login'))
|
|
| 231 |
url, body, relay_state = idp.process_authn_request_redirect( |
|
| 232 |
response['Location'], |
|
| 233 |
auth_result=False, |
|
| 234 |
msg='User is not allowed to login') |
|
| 235 |
response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
|
|
| 236 |
assert 'Theme is ok' in response.text |
|
| 237 | ||
| 238 | ||
| 239 |
def test_no_template_base(db, app, idp, caplog, sp_settings): |
|
| 240 |
response = app.get(reverse('mellon_login'))
|
|
| 241 |
url, body, relay_state = idp.process_authn_request_redirect( |
|
| 242 |
response['Location'], |
|
| 243 |
auth_result=False, |
|
| 244 |
msg='User is not allowed to login') |
|
| 245 |
response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
|
|
| 246 |
assert 'Theme is ok' not in response.text |
|
| 247 | ||
| 248 | ||
| 227 | 249 |
def test_sso_request_denied_artifact(db, app, caplog, sp_settings, idp_metadata, idp_private_key, rf): |
| 228 | 250 |
sp_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact' |
| 229 | 251 |
request = rf.get('/')
|
| tests/urls_tests.py | ||
|---|---|---|
| 13 | 13 |
# You should have received a copy of the GNU Affero General Public License |
| 14 | 14 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 15 | 15 | |
| 16 |
import django |
|
| 17 | ||
| 18 | 16 |
from django.conf.urls import url, include |
| 19 | 17 |
from django.http import HttpResponse |
| 20 | 18 | |
| tests/urls_tests_template_base.py | ||
|---|---|---|
| 1 |
# django-mellon - SAML2 authentication for Django |
|
| 2 |
# Copyright (C) 2014-2019 Entr'ouvert |
|
| 3 |
# This program is free software: you can redistribute it and/or modify |
|
| 4 |
# it under the terms of the GNU Affero General Public License as |
|
| 5 |
# published by the Free Software Foundation, either version 3 of the |
|
| 6 |
# License, or (at your option) any later version. |
|
| 7 | ||
| 8 |
# This program is distributed in the hope that it will be useful, |
|
| 9 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 10 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 11 |
# GNU Affero General Public License for more details. |
|
| 12 | ||
| 13 |
# You should have received a copy of the GNU Affero General Public License |
|
| 14 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
| 15 | ||
| 16 |
from django.conf.urls import url, include |
|
| 17 |
from django.http import HttpResponse |
|
| 18 | ||
| 19 | ||
| 20 |
def homepage(request): |
|
| 21 |
return HttpResponse('ok')
|
|
| 22 | ||
| 23 |
urlpatterns = [ |
|
| 24 |
url('^', include('mellon.urls'), kwargs={'template_base': 'theme.html'}),
|
|
| 25 |
url('^$', homepage, name='homepage'),
|
|
| 26 |
] |
|
| 0 |
- |
|