0001-root-implement-automatic-tryauth-12867.patch
| tests/test_saml_auth.py | ||
|---|---|---|
| 443 | 443 |
saml2.slo_idp(urlparse.urlparse(logout.msgUrl).query) |
| 444 | 444 |
assert req.response.headers['location'].startswith('http://sso.example.net/saml2/slo_return?SAMLResponse=')
|
| 445 | 445 |
assert req.session is None |
| 446 | ||
| 447 | ||
| 448 |
def test_opened_session_cookie(pub): |
|
| 449 |
app = get_app(pub) |
|
| 450 |
app.set_cookie('IDP_OPENED_SESSION', '1')
|
|
| 451 |
resp = app.get('/')
|
|
| 452 |
assert resp.status_int == 200 |
|
| 453 |
pub.site_options.set('options', 'idp_session_cookie_name', 'IDP_OPENED_SESSION')
|
|
| 454 |
with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd: |
|
| 455 |
pub.site_options.write(fd) |
|
| 456 | ||
| 457 |
resp = app.get('/?parameter=value')
|
|
| 458 |
assert resp.status_int == 302 |
|
| 459 |
assert resp.location == 'http://example.net/login/?ReturnUrl=http%3A//example.net/%3Fparameter%3Dvalue&IsPassive=true' |
|
| 460 |
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name |
|
| 461 |
assert cookie_name in app.cookies |
|
| 462 | ||
| 463 | ||
| 464 |
def test_no_opened_session_cookie(pub): |
|
| 465 |
app = get_app(pub) |
|
| 466 |
resp = app.get('/')
|
|
| 467 |
assert resp.status_int == 200 |
|
| 468 |
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name |
|
| 469 |
assert cookie_name not in app.cookies |
|
| wcs/root.py | ||
|---|---|---|
| 21 | 21 | |
| 22 | 22 |
from django.utils.six.moves.urllib import parse as urllib |
| 23 | 23 | |
| 24 |
from quixote import get_publisher, get_response, get_session, redirect, get_session_manager |
|
| 24 |
from quixote import get_publisher, get_response, get_session, redirect, get_session_manager, get_request
|
|
| 25 | 25 |
from quixote.directory import Directory |
| 26 | 26 |
from quixote.html import htmltext, TemplateIO |
| 27 | 27 |
from quixote.util import StaticDirectory |
| ... | ... | |
| 343 | 343 |
except errors.TraversalError: |
| 344 | 344 |
pass |
| 345 | 345 | |
| 346 |
return root.RootDirectory()._q_traverse(path) |
|
| 346 |
output = root.RootDirectory()._q_traverse(path) |
|
| 347 |
return self.automatic_sso(output) |
|
| 348 | ||
| 349 |
def automatic_sso(self, output): |
|
| 350 |
request = get_request() |
|
| 351 |
response = get_response() |
|
| 352 | ||
| 353 |
publisher = get_publisher() |
|
| 354 |
OPENED_SESSION_COOKIE = publisher.get_site_option('idp_session_cookie_name')
|
|
| 355 |
PASSIVE_TRIED_COOKIE = '%s-passive-auth-tried' % publisher.config.session_cookie_name |
|
| 356 |
if OPENED_SESSION_COOKIE not in request.cookies and PASSIVE_TRIED_COOKIE in request.cookies: |
|
| 357 |
response.expire_cookie(PASSIVE_TRIED_COOKIE) |
|
| 358 |
return output |
|
| 359 |
elif OPENED_SESSION_COOKIE in request.cookies and PASSIVE_TRIED_COOKIE not in request.cookies: |
|
| 360 |
ident_methods = get_cfg('identification', {}).get('methods', [])
|
|
| 361 |
idps = get_cfg('idp', {})
|
|
| 362 |
if request.user: |
|
| 363 |
return output |
|
| 364 |
if len(idps) != 1: |
|
| 365 |
return output |
|
| 366 |
if ident_methods and 'idp' not in ident_methods: |
|
| 367 |
return output |
|
| 368 |
response.set_cookie(PASSIVE_TRIED_COOKIE, '1') |
|
| 369 |
url = request.get_url() |
|
| 370 |
query = request.get_query() |
|
| 371 |
if query: |
|
| 372 |
url += '?' + query |
|
| 373 |
return root.tryauth(url) |
|
| 374 |
else: |
|
| 375 |
return output |
|
| 347 | 376 | |
| 348 | 377 |
def _q_lookup(self, component): |
| 349 | 378 |
# is this a category ? |
| 350 |
- |
|