0001-root-implement-automatic-tryauth-12867.patch
tests/test_saml_auth.py | ||
---|---|---|
443 | 443 |
saml2.slo_idp(urlparse.urlparse(logout.msgUrl).query) |
444 | 444 |
assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo_return?SAMLResponse=') |
445 | 445 |
assert req.session is None |
446 | ||
447 | ||
448 |
def test_opened_session_cookie(pub): |
|
449 |
app = get_app(pub) |
|
450 |
app.set_cookie('IDP_OPENED_SESSION', '1') |
|
451 |
resp = app.get('/') |
|
452 |
assert resp.status_int == 200 |
|
453 |
pub.site_options.set('options', 'idp_session_cookie_name', 'IDP_OPENED_SESSION') |
|
454 |
with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd: |
|
455 |
pub.site_options.write(fd) |
|
456 | ||
457 |
resp = app.get('/?parameter=value') |
|
458 |
assert resp.status_int == 302 |
|
459 |
assert resp.location == 'http://example.net/login/?ReturnUrl=http%3A//example.net/%3Fparameter%3Dvalue&IsPassive=true' |
|
460 |
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name |
|
461 |
assert cookie_name in app.cookies |
|
462 | ||
463 | ||
464 |
def test_no_opened_session_cookie(pub): |
|
465 |
app = get_app(pub) |
|
466 |
resp = app.get('/') |
|
467 |
assert resp.status_int == 200 |
|
468 |
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name |
|
469 |
assert cookie_name not in app.cookies |
wcs/root.py | ||
---|---|---|
21 | 21 | |
22 | 22 |
from django.utils.six.moves.urllib import parse as urllib |
23 | 23 | |
24 |
from quixote import get_publisher, get_response, get_session, redirect, get_session_manager |
|
24 |
from quixote import get_publisher, get_response, get_session, redirect, get_session_manager, get_request
|
|
25 | 25 |
from quixote.directory import Directory |
26 | 26 |
from quixote.html import htmltext, TemplateIO |
27 | 27 |
from quixote.util import StaticDirectory |
... | ... | |
343 | 343 |
except errors.TraversalError: |
344 | 344 |
pass |
345 | 345 | |
346 |
return root.RootDirectory()._q_traverse(path) |
|
346 |
output = root.RootDirectory()._q_traverse(path) |
|
347 |
return self.automatic_sso(output) |
|
348 | ||
349 |
def automatic_sso(self, output): |
|
350 |
request = get_request() |
|
351 |
response = get_response() |
|
352 | ||
353 |
publisher = get_publisher() |
|
354 |
OPENED_SESSION_COOKIE = publisher.get_site_option('idp_session_cookie_name') |
|
355 |
PASSIVE_TRIED_COOKIE = '%s-passive-auth-tried' % publisher.config.session_cookie_name |
|
356 |
if OPENED_SESSION_COOKIE not in request.cookies and PASSIVE_TRIED_COOKIE in request.cookies: |
|
357 |
response.expire_cookie(PASSIVE_TRIED_COOKIE) |
|
358 |
return output |
|
359 |
elif OPENED_SESSION_COOKIE in request.cookies and PASSIVE_TRIED_COOKIE not in request.cookies: |
|
360 |
ident_methods = get_cfg('identification', {}).get('methods', []) |
|
361 |
idps = get_cfg('idp', {}) |
|
362 |
if request.user: |
|
363 |
return output |
|
364 |
if len(idps) != 1: |
|
365 |
return output |
|
366 |
if ident_methods and 'idp' not in ident_methods: |
|
367 |
return output |
|
368 |
response.set_cookie(PASSIVE_TRIED_COOKIE, '1') |
|
369 |
url = request.get_url() |
|
370 |
query = request.get_query() |
|
371 |
if query: |
|
372 |
url += '?' + query |
|
373 |
return root.tryauth(url) |
|
374 |
else: |
|
375 |
return output |
|
347 | 376 | |
348 | 377 |
def _q_lookup(self, component): |
349 | 378 |
# is this a category ? |
350 |
- |