0001-misc-make-login_hint-works-without-next-parameter-38.patch
mellon/views.py | ||
---|---|---|
446 | 446 |
</samlp:Extensions>''' % eo_next_url) |
447 | 447 |
) |
448 | 448 |
self.set_next_url(next_url) |
449 |
self.add_login_hints(idp, authn_request, request=request, next_url=next_url) |
|
449 |
self.add_login_hints(idp, authn_request, request=request, next_url=next_url or '/')
|
|
450 | 450 |
login.buildAuthnRequestMsg() |
451 | 451 |
except lasso.Error as e: |
452 | 452 |
return HttpResponseBadRequest('error initializing the authentication request: %r' % e) |
... | ... | |
469 | 469 | |
470 | 470 |
def is_in_backoffice(self, request, next_url): |
471 | 471 |
path = utils.get_local_path(request, next_url) |
472 |
return path.startswith(('/admin/', '/manage/', '/manager/')) |
|
472 |
return path and path.startswith(('/admin/', '/manage/', '/manager/'))
|
|
473 | 473 | |
474 | 474 |
def add_login_hints(self, idp, authn_request, request, next_url=None): |
475 | 475 |
login_hints = utils.get_setting(idp, 'LOGIN_HINTS', []) |
476 | 476 |
hints = [] |
477 | 477 |
for login_hint in login_hints: |
478 | 478 |
if login_hint == 'backoffice': |
479 |
if self.is_in_backoffice(request, next_url): |
|
479 |
if next_url and self.is_in_backoffice(request, next_url):
|
|
480 | 480 |
hints.append('backoffice') |
481 | 481 |
if login_hint == 'always_backoffice': |
482 | 482 |
hints.append('backoffice') |
tests/test_sso_slo.py | ||
---|---|---|
382 | 382 | |
383 | 383 |
def test_sso_slo_pass_login_hints_backoffice(db, app, idp, caplog, sp_settings): |
384 | 384 |
sp_settings.MELLON_LOGIN_HINTS = ['backoffice'] |
385 | ||
386 |
response = app.get(reverse('mellon_login')) |
|
387 |
url, body, relay_state = idp.process_authn_request_redirect(response['Location']) |
|
388 |
root = ET.fromstring(idp.request) |
|
389 |
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint') |
|
390 |
assert len(login_hints) == 0 |
|
391 | ||
385 | 392 |
response = app.get(reverse('mellon_login') + '?next=/whatever/') |
386 | 393 |
url, body, relay_state = idp.process_authn_request_redirect(response['Location']) |
387 | 394 |
root = ET.fromstring(idp.request) |
388 |
- |