0001-python3-migrate-authentic-40407.patch
hobo/agent/authentic2/provisionning.py | ||
---|---|---|
1 | 1 |
import json |
2 |
from urlparse import urljoin
|
|
2 |
from django.utils.six.moves.urllib.parse import urljoin
|
|
3 | 3 |
import threading |
4 | 4 |
import copy |
5 | 5 |
import logging |
... | ... | |
8 | 8 |
from django.db import connection |
9 | 9 |
from django.core.urlresolvers import reverse |
10 | 10 |
from django.conf import settings |
11 |
from django.utils.encoding import force_text |
|
11 | 12 | |
12 | 13 |
from django_rbac.utils import get_role_model, get_ou_model, get_role_parenting_model |
13 | 14 |
from hobo.agent.common import notify_agents |
... | ... | |
25 | 26 | |
26 | 27 |
class Provisionning(threading.local): |
27 | 28 |
__slots__ = ['threads'] |
28 |
threads = set() |
|
29 | 29 | |
30 | 30 |
def __init__(self): |
31 |
self.threads = set() |
|
31 | 32 |
self.stack = [] |
32 | 33 | |
33 | 34 |
def start(self): |
... | ... | |
100 | 101 |
def is_forbidden_technical_role(role): |
101 | 102 |
return role.slug.startswith('_') and not role.slug.startswith(tuple(allowed_technical_roles_prefixes)) |
102 | 103 | |
103 |
issuer = unicode(self.get_entity_id())
|
|
104 |
issuer = force_text(self.get_entity_id())
|
|
104 | 105 |
if mode == 'provision': |
105 | 106 | |
106 | 107 |
def user_to_json(ou, service, user, user_roles): |
... | ... | |
151 | 152 |
for rp in RoleParenting.objects.filter(child__in=all_roles): |
152 | 153 |
parents.setdefault(rp.child.id, []).append(rp.parent.id) |
153 | 154 |
Through = Role.members.through |
154 |
for u_id, r_id in Through.objects.filter(role__members__in=users).values_list('user_id',
|
|
155 |
'role_id'):
|
|
155 |
qs = Through.objects.filter(role__members__in=users).values_list('user_id', 'role_id')
|
|
156 |
for u_id, r_id in qs:
|
|
156 | 157 |
user_roles.setdefault(u_id, set()).add(roles[r_id]) |
157 | 158 |
for p_id in parents.get(r_id, []): |
158 | 159 |
user_roles[u_id].add(roles[p_id]) |
... | ... | |
163 | 164 |
ous.setdefault(r.ou, set()).add(user) |
164 | 165 | |
165 | 166 |
if roles_with_attributes: |
166 |
for ou, users in ous.iteritems():
|
|
167 |
for ou, users in ous.items(): |
|
167 | 168 |
for service, audience in self.get_audience(ou): |
168 | 169 |
for user in users: |
169 | 170 |
logger.info(u'provisionning user %s to %s', user, audience) |
... | ... | |
178 | 179 |
} |
179 | 180 |
}) |
180 | 181 |
else: |
181 |
for ou, users in ous.iteritems():
|
|
182 |
for ou, users in ous.items(): |
|
182 | 183 |
audience = [a for service, a in self.get_audience(ou)] |
183 | 184 |
if not audience: |
184 | 185 |
continue |
185 |
logger.info(u'provisionning users %s to %s', |
|
186 |
u', '.join(map(unicode, users)), u', '.join(audience))
|
|
186 |
logger.info(u'provisionning users %s to %s', u', '.join(
|
|
187 |
map(force_text, users)), u', '.join(audience))
|
|
187 | 188 |
notify_agents({ |
188 | 189 |
'@type': 'provision', |
189 | 190 |
'issuer': issuer, |
... | ... | |
197 | 198 |
elif users: |
198 | 199 |
audience = [audience for ou in OU.objects.all() |
199 | 200 |
for s, audience in self.get_audience(ou)] |
200 |
logger.info(u'deprovisionning users %s from %s', u', '.join(map(unicode, users)),
|
|
201 |
u', '.join(audience))
|
|
201 |
logger.info(u'deprovisionning users %s from %s', u', '.join( |
|
202 |
map(force_text, users)), u', '.join(audience))
|
|
202 | 203 |
notify_agents({ |
203 | 204 |
'@type': 'deprovision', |
204 | 205 |
'issuer': issuer, |
... | ... | |
263 | 264 |
}) |
264 | 265 | |
265 | 266 |
global_roles = set(ous.get(None, [])) |
266 |
for ou, ou_roles in ous.iteritems():
|
|
267 |
for ou, ou_roles in ous.items(): |
|
267 | 268 |
sent_roles = set(ou_roles) | global_roles |
268 | 269 |
helper(ou, sent_roles) |
269 | 270 |
hobo/multitenant/settings_loaders.py | ||
---|---|---|
1 | 1 |
import os |
2 | 2 |
import json |
3 | 3 |
import hashlib |
4 |
from importlib import import_module |
|
5 | 4 | |
6 | 5 |
from django.conf import settings |
7 |
from django.utils.encoding import smart_bytes
|
|
6 |
from django.utils.encoding import force_bytes
|
|
8 | 7 |
from django.utils.http import urlencode |
9 | 8 |
from django.utils.six.moves.urllib import parse as urlparse |
10 | 9 | |
... | ... | |
277 | 276 |
return 0 |
278 | 277 | |
279 | 278 |
def update_settings(self, tenant_settings, tenant): |
280 |
domain_hash = hashlib.md5(smart_bytes(tenant.domain_url)).hexdigest()[:6]
|
|
279 |
domain_hash = hashlib.md5(force_bytes(tenant.domain_url)).hexdigest()[:6]
|
|
281 | 280 |
tenant_settings.CSRF_COOKIE_NAME = 'csrftoken-%s' % domain_hash |
282 | 281 |
tenant_settings.SESSION_COOKIE_NAME = 'sessionid-%s' % domain_hash |
283 | 282 |
# unique but common name for authentic opened session cookie name |
284 | 283 |
if getattr(tenant_settings, 'TEMPLATE_VARS', None): |
285 | 284 |
idp_url = tenant_settings.TEMPLATE_VARS.get('idp_url') |
286 | 285 |
if idp_url: |
287 |
idp_hash = hashlib.md5(smart_bytes(idp_url)).hexdigest()[:6]
|
|
286 |
idp_hash = hashlib.md5(force_bytes(idp_url)).hexdigest()[:6]
|
|
288 | 287 |
cookie_name = 'a2-opened-session-%s' % idp_hash |
289 | 288 |
tenant_settings.A2_OPENED_SESSION_COOKIE_NAME = cookie_name |
290 | 289 |
tenant_settings.MELLON_OPENED_SESSION_COOKIE_NAME = cookie_name |
... | ... | |
308 | 307 |
if not getattr(tenant_settings, 'A2_IDP_OIDC_JWKSET', None): |
309 | 308 |
from jwcrypto import jwk |
310 | 309 |
jwkkey = jwk.JWK.from_pem( |
311 |
tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY)
|
|
310 |
force_bytes(tenant_settings.A2_IDP_SAML2_SIGNATURE_PRIVATE_KEY))
|
|
312 | 311 |
jwkset = jwk.JWKSet() |
313 | 312 |
jwkset['keys'].add(jwkkey) |
314 | 313 |
tenant_settings.A2_IDP_OIDC_JWKSET = json.loads(jwkset.export()) |
tests_authentic/test_hobo_deploy.py | ||
---|---|---|
308 | 308 |
] |
309 | 309 |
} |
310 | 310 |
hobo_json_content = json.dumps(env) |
311 |
hobo_json = tempfile.NamedTemporaryFile() |
|
311 |
hobo_json = tempfile.NamedTemporaryFile(mode='w')
|
|
312 | 312 |
hobo_json.write(hobo_json_content) |
313 | 313 |
hobo_json.flush() |
314 | 314 | |
... | ... | |
465 | 465 |
def test_import_template(db, tenant_base): |
466 | 466 |
def with_uuid_removed(input): |
467 | 467 |
if isinstance(input, dict): |
468 |
for key in input.keys():
|
|
468 |
for key in list(input.keys()):
|
|
469 | 469 |
if key == 'uuid': |
470 | 470 |
input.pop('uuid') |
471 |
return {k: with_uuid_removed(v) for k, v in input.iteritems()}
|
|
471 |
return {k: with_uuid_removed(v) for k, v in input.items()} |
|
472 | 472 |
elif isinstance(input, list): |
473 | 473 |
return [with_uuid_removed(e) for e in input] |
474 | 474 |
else: |
475 | 475 |
return input |
476 | 476 | |
477 |
def with_lists_sorted(input): |
|
478 |
if isinstance(input, dict): |
|
479 |
return {k: with_lists_sorted(v) for k, v in input.iteritems()} |
|
480 |
if isinstance(input, list): |
|
481 |
return with_lists_sorted(input.sort()) |
|
477 |
def with_lists_sorted(value): |
|
478 |
if isinstance(value, dict): |
|
479 |
return {k: with_lists_sorted(v) for k, v in value.items()} |
|
480 |
if isinstance(value, list): |
|
481 |
value = [with_lists_sorted(elt) for elt in value] |
|
482 |
value.sort(key=lambda l: sorted(tuple( |
|
483 |
d.items()) if isinstance(d, dict) else d for d in l)) |
|
484 |
return value |
|
482 | 485 |
else: |
483 |
return input
|
|
486 |
return value
|
|
484 | 487 | |
485 | 488 |
call_command('create_tenant', 'authentic.example.net') |
486 | 489 |
tenant = TenantMiddleware.get_tenant_by_hostname('authentic.example.net') |
tests_authentic/test_rest_authentication.py | ||
---|---|---|
1 | 1 |
import pytest |
2 |
import urllib
|
|
2 |
from django.utils.six.moves.urllib import parse as urllib
|
|
3 | 3 | |
4 | 4 |
from rest_framework.exceptions import AuthenticationFailed |
5 | 5 | |
6 |
- |