0001-misc-allow-authenticator-autorun-if-only-one-availab.patch
src/authentic2/views.py | ||
---|---|---|
341 | 341 |
return block['response'] |
342 | 342 |
blocks.append(block) |
343 | 343 | |
344 |
# run the only available authenticator if able to autorun |
|
345 |
if len(blocks) == 1: |
|
346 |
block = blocks[0] |
|
347 |
authenticator = block['authenticator'] |
|
348 |
if hasattr(authenticator, 'autorun'): |
|
349 |
return authenticator.autorun(request, block['id']) |
|
350 | ||
344 | 351 |
# Old frontends API |
345 | 352 |
for block in blocks: |
346 | 353 |
fid = block['id'] |
src/authentic2_auth_fc/authenticators.py | ||
---|---|---|
20 | 20 | |
21 | 21 |
from authentic2 import app_settings as a2_app_settings, utils as a2_utils |
22 | 22 |
from authentic2.authenticators import BaseAuthenticator |
23 |
from authentic2.utils import redirect_to_login |
|
23 | 24 | |
24 | 25 |
from . import app_settings |
25 | 26 | |
... | ... | |
39 | 40 |
def id(self): |
40 | 41 |
return 'fc' |
41 | 42 | |
43 |
def autorun(self, request, block_id): |
|
44 |
return redirect_to_login(request, login_url='fc-login-or-link') |
|
45 | ||
42 | 46 |
def login(self, request, *args, **kwargs): |
43 | 47 |
if 'nofc' in request.GET: |
44 | 48 |
return |
src/authentic2_auth_oidc/authenticators.py | ||
---|---|---|
18 | 18 |
from django.shortcuts import render |
19 | 19 | |
20 | 20 |
from . import app_settings, utils |
21 |
from .models import OIDCProvider |
|
21 | 22 |
from authentic2.utils import make_url |
23 |
from authentic2.utils import redirect_to_login |
|
22 | 24 |
from authentic2.authenticators import BaseAuthenticator |
23 | 25 | |
24 | 26 | |
... | ... | |
36 | 38 |
for p in utils.get_providers(shown=True): |
37 | 39 |
yield (p.slug, p) |
38 | 40 | |
41 |
def autorun(self, request, block_id): |
|
42 |
auth_id, instance_slug = block_id.split('_') |
|
43 |
assert auth_id == self.id |
|
44 | ||
45 |
try: |
|
46 |
provider = OIDCProvider.objects.get(slug=instance_slug) |
|
47 |
except OIDCProvider.DoesNotExist(): |
|
48 |
return redirect_to_login(request) |
|
49 |
return redirect_to_login(request, login_url='oidc-login', kwargs={'pk': provider.pk}) |
|
50 | ||
39 | 51 |
def login(self, request, *args, **kwargs): |
40 | 52 |
context = kwargs.get('context', {}) |
41 | 53 |
if kwargs.get('instance'): |
src/authentic2_auth_saml/authenticators.py | ||
---|---|---|
19 | 19 |
from django.shortcuts import render |
20 | 20 |
from mellon.utils import get_idp, get_idps |
21 | 21 | |
22 |
from authentic2.utils import redirect_to_login |
|
23 | 22 |
from authentic2.authenticators import BaseAuthenticator |
23 |
from authentic2.utils import redirect_to_login |
|
24 | 24 | |
25 | 25 |
from . import app_settings |
26 | 26 | |
... | ... | |
38 | 38 |
for idx, idp in enumerate(get_idps()): |
39 | 39 |
yield(idp.get('SLUG') or str(idx), idp) |
40 | 40 | |
41 |
def autorun(self, request, block_id): |
|
42 |
auth_id, instance_slug = block_id.split('_') |
|
43 |
assert auth_id == self.id |
|
44 | ||
45 |
for slug, instance in self.instances(request): |
|
46 |
if slug == instance_slug: |
|
47 |
return redirect_to_login(request, login_url='mellon_login', |
|
48 |
params={'entityID': instance['ENTITY_ID']}) |
|
49 |
return redirect_to_login(request) |
|
50 | ||
51 | ||
41 | 52 |
def login(self, request, *args, **kwargs): |
42 | 53 |
context = kwargs.pop('context', {}) |
43 | 54 |
instance_id = kwargs.get('instance_id') |
tests/auth_fc/test_auth_fc.py | ||
---|---|---|
98 | 98 |
assert 'fc-button' not in response |
99 | 99 | |
100 | 100 | |
101 |
def test_login_autorun(app, fc_settings, settings): |
|
102 |
# hide password block |
|
103 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': 'remote_addr==\'0.0.0.0\''}} |
|
104 |
response = app.get('/login/') |
|
105 |
assert response['Location'] == reverse('fc-login-or-link') |
|
106 | ||
107 | ||
101 | 108 |
@pytest.mark.parametrize('exp', [timestamp_from_datetime(now() + datetime.timedelta(seconds=1000)), |
102 | 109 |
timestamp_from_datetime(now() - datetime.timedelta(seconds=1000))]) |
103 | 110 |
def test_login_simple(app, fc_settings, caplog, hooks, exp): |
tests/test_auth_oidc.py | ||
---|---|---|
471 | 471 |
assert 'My IDP' not in response |
472 | 472 | |
473 | 473 | |
474 |
def test_login_autorun(oidc_provider, app, settings): |
|
475 |
response = app.get('/login/') |
|
476 |
assert 'OIDIDP' in response |
|
477 | ||
478 |
# hide password block |
|
479 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': 'remote_addr==\'0.0.0.0\''}} |
|
480 |
response = app.get('/login/', status=302) |
|
481 |
assert response['Location'] == '/accounts/oidc/login/%s/' % oidc_provider.pk |
|
482 | ||
483 | ||
484 | ||
474 | 485 |
def test_sso(app, caplog, code, oidc_provider, oidc_provider_jwkset, hooks): |
475 | 486 |
OU = get_ou_model() |
476 | 487 |
cassis = OU.objects.create(name='Cassis', slug='cassis') |
tests/test_auth_saml.py | ||
---|---|---|
177 | 177 |
response = app.get('/login/') |
178 | 178 |
assert 'login-saml-0' not in response |
179 | 179 |
assert 'login-saml-1' not in response |
180 | ||
181 | ||
182 |
def test_login_autorun(db, app, settings): |
|
183 |
response = app.get('/login/') |
|
184 | ||
185 |
settings.A2_AUTH_SAML_ENABLE = True |
|
186 |
settings.MELLON_IDENTITY_PROVIDERS = [ |
|
187 |
{"METADATA": os.path.join(os.path.dirname(__file__), 'metadata.xml')} |
|
188 |
] |
|
189 |
# hide password block |
|
190 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': 'remote_addr==\'0.0.0.0\''}} |
|
191 |
response = app.get('/login/', status=302) |
|
192 |
assert '/accounts/saml/login/?entityID=' in response['Location'] |
|
180 |
- |