0001-saml-add-login-hint-extension-on-backoffice-access-4.patch

Voir les différences: en ligne côte à côte

Subject: [PATCH] saml: add login-hint extension on backoffice access (#42193)

 tests/test_saml_auth.py | 23 +++++++++++++++++++++++
 wcs/qommon/saml2.py     | 13 +++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

         assert ':next_url>http://example.net/backoffice/<' in request.getOriginalXmlnode()
     def test_saml_login_hint(pub):
         resp = get_app(pub).get('/login/')
         assert resp.status_int == 302
         assert resp.location.startswith('http://sso.example.net/saml2/sso')
         request = lasso.Samlp2AuthnRequest()
         request.initFromQuery(urlparse.urlparse(resp.location).query)
         assert 'login-hint' not in request.getOriginalXmlnode()
         resp = get_app(pub).get('/backoffice/')
         assert resp.status_int == 302
         assert resp.location.startswith('http://example.net/login/?next=')
         resp = resp.follow()
         assert resp.location.startswith('http://sso.example.net/saml2/sso')
         request = lasso.Samlp2AuthnRequest()
         request.initFromQuery(urlparse.urlparse(resp.location).query)
         assert ':login-hint>backoffice<' in request.getOriginalXmlnode()
         resp = get_app(pub).get('http://example.net/login/?next=/backoffice/')
         request = lasso.Samlp2AuthnRequest()
         request.initFromQuery(urlparse.urlparse(resp.location).query)
         assert ':login-hint>backoffice<' in request.getOriginalXmlnode()
     def test_saml_register(pub):
         get_app(pub).get('/register/', status=404)
         pub.cfg['saml_identities'] = {'identity-creation': 'self'}

                 login.msgRelayState = get_request().form.get('next')
             next_url = login.msgRelayState or get_publisher().get_frontoffice_url()
             parsed_url = urlparse.urlparse(next_url)
             request = get_request()
             scheme = parsed_url.scheme or request.get_scheme()
             netloc = parsed_url.netloc or request.get_server()
             next_url = urlparse.urlunsplit((scheme, netloc, parsed_url.path, parsed_url.query,
                                              parsed_url.fragment))
             samlp_extensions = '''<samlp:Extensions
                             xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                             xmlns:eo="https://www.entrouvert.com/">
                           <eo:next_url>%s</eo:next_url>
                        </samlp:Extensions>''' % escape(next_url)
                           <eo:next_url>%s</eo:next_url>''' % escape(next_url)
             # set login-hint only if backoffice is accessed
             if next_url.startswith(get_publisher().get_backoffice_url()):
                 samlp_extensions += '<eo:login-hint>backoffice</eo:login-hint>'
             samlp_extensions += '</samlp:Extensions>'
             # work around lasso bug https://dev.entrouvert.org/issues/23001
             if hasattr(lasso.Samlp2Extensions, 'any'):
                 login.request.extensions = lasso.Node.newFromXmlNode(samlp_extensions)
+    -

Produits Entr'ouvert » w.c.s.