0004-Add-federation-management-to-profile-page-fixes-5925.patch
authentic2/idp/saml/backend.py | ||
---|---|---|
1 | 1 |
import logging |
2 | 2 |
import urllib |
3 | 3 | |
4 |
from django.utils.translation import ugettext as _ |
|
4 | 5 |
from django.core.urlresolvers import reverse |
5 | 6 |
from django.template.loader import render_to_string |
6 | 7 | |
... | ... | |
8 | 9 |
import authentic2.idp.saml.saml2_endpoints as saml2_endpoints |
9 | 10 |
import authentic2.saml.common as common |
10 | 11 | |
12 |
from authentic2.decorators import to_list |
|
11 | 13 |
from authentic2.utils import Service |
12 | 14 | |
13 | 15 | |
... | ... | |
92 | 94 | |
93 | 95 |
def can_synchronous_logout(self, django_sessions_keys): |
94 | 96 |
return True |
97 | ||
98 |
@to_list |
|
99 |
def federation_management(self, request): |
|
100 |
qs = models.LibertyFederation.objects |
|
101 |
qs = qs.filter(sp__users_can_manage_federations=True) |
|
102 |
qs = qs.filter(user=request.user) |
|
103 |
federations = qs.select_related() |
|
104 |
next_url = request.get_full_path() |
|
105 |
for federation in federations: |
|
106 |
url = reverse('a2-idp-saml2-federation-delete', |
|
107 |
kwargs={'pk': federation.pk}) |
|
108 |
yield { |
|
109 |
'name': federation.sp.liberty_provider.name, |
|
110 |
'hidden_inputs': { |
|
111 |
'next': next_url, |
|
112 |
}, |
|
113 |
'buttons': (('delete', _('Delete')),), |
|
114 |
'url': url, |
|
115 |
} |
|
116 |
qs = models.LibertyProvider.objects |
|
117 |
qs = qs.filter(service_provider__users_can_manage_federations=True) |
|
118 |
qs = qs.exclude(service_provider__libertyfederation__in=federations) |
|
119 |
qs = qs.select_related() |
|
120 |
for liberty_provider in qs: |
|
121 |
url = reverse('a2-idp-saml2-idp-sso') |
|
122 |
yield { |
|
123 |
'name': liberty_provider.name, |
|
124 |
'hidden_inputs': { |
|
125 |
'provider_id': liberty_provider.entity_id, |
|
126 |
'next': next_url, |
|
127 |
}, |
|
128 |
'buttons': (('create', _('Create')),), |
|
129 |
'url': url, |
|
130 |
} |
authentic2/idp/saml/urls.py | ||
---|---|---|
1 | 1 |
from django.conf.urls import patterns, url |
2 | 2 | |
3 |
from . import views |
|
4 | ||
3 | 5 |
urlpatterns = patterns('authentic2.idp.saml.saml2_endpoints', |
4 | 6 |
url(r'^metadata$', 'metadata'), |
5 | 7 |
url(r'^sso$', 'sso'), |
... | ... | |
10 | 12 |
url(r'^slo_return$', 'slo_return'), |
11 | 13 |
url(r'^finish_slo$', 'finish_slo'), |
12 | 14 |
url(r'^artifact$', 'artifact'), |
13 |
url(r'^idp_sso/(.*)$', 'idp_sso'), |
|
15 |
# legacy endpoint, now it's prefered to pass the entity_id in a parameter |
|
16 |
url(r'^idp_sso/(.+)$', |
|
17 |
'idp_sso'), |
|
18 |
url(r'^idp_sso/$', |
|
19 |
'idp_sso', |
|
20 |
name='a2-idp-saml2-idp-sso'), |
|
21 |
url(r'^federations/create/(?P<pk>\d+)/$', |
|
22 |
views.create_federation, |
|
23 |
name='a2-idp-saml2-federation-create'), |
|
24 |
url(r'^federations/(?P<pk>\d+)/delete/$', |
|
25 |
views.delete_federation, |
|
26 |
name='a2-idp-saml2-federation-delete'), |
|
14 | 27 |
) |
authentic2/idp/saml/views.py | ||
---|---|---|
1 |
from django.utils.translation import ugettext as _ |
|
2 |
from django.core.urlresolvers import reverse |
|
3 |
from django.views.generic import DeleteView, View |
|
4 |
from django.http import HttpResponseRedirect |
|
5 | ||
6 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
|
7 |
from django.contrib import messages |
|
8 | ||
9 |
from authentic2.saml.models import LibertyFederation |
|
10 | ||
11 |
class FederationCreateView(View): |
|
12 |
pass |
|
13 | ||
14 |
class FederationDeleteView(DeleteView): |
|
15 |
model = LibertyFederation |
|
16 | ||
17 |
def get_queryset(self): |
|
18 |
qs = super(FederationDeleteView, self).get_queryset() |
|
19 |
return qs.filter(user=self.request.user) |
|
20 | ||
21 |
def delete(self, request, *args, **kwargs): |
|
22 |
# check current user owns this federation |
|
23 |
self.object = self.get_object() |
|
24 |
self.object.user = None |
|
25 |
self.object.save() |
|
26 |
messages.info(request, _('Federation to {0} deleted').format( |
|
27 |
self.object.sp.liberty_provider.name)) |
|
28 |
return HttpResponseRedirect(self.get_success_url()) |
|
29 | ||
30 |
def get_success_url(self): |
|
31 |
return self.request.POST.get(REDIRECT_FIELD_NAME, |
|
32 |
reverse('auth_homepage')) |
|
33 | ||
34 | ||
35 |
delete_federation = FederationDeleteView.as_view() |
|
36 |
create_federation = FederationCreateView.as_view() |
authentic2/templates/idp/account_management.html | ||
---|---|---|
39 | 39 |
{% for html_block in frontends_block %} |
40 | 40 |
{{ html_block|safe }} |
41 | 41 |
{% endfor %} |
42 |
{% if federation_management %} |
|
43 |
<div id="federation-management"> |
|
44 |
<h3>{% trans "Federation management" %} |
|
45 |
<ul> |
|
46 |
{% for federation in federation_management %} |
|
47 |
<li> |
|
48 |
<form method="post" action="{{ federation.url }}"> |
|
49 |
{% csrf_token %} |
|
50 |
<span class="name">{{ federation.name }}</span> |
|
51 |
{% for key, value in federation.hidden_inputs.iteritems %} |
|
52 |
<input type="hidden" name="{{ key }}" value="{{ value }}"/> |
|
53 |
{% endfor %} |
|
54 |
{% for button_nane, button_label in federation.buttons %} |
|
55 |
<button name="{{ button_name }}">{{ button_label }}</button> |
|
56 |
{% endfor %} |
|
57 |
</form> |
|
58 |
</li> |
|
59 |
{% endfor %} |
|
60 |
</ul> |
|
61 |
</div> |
|
62 |
{% endif %} |
|
42 | 63 |
<p><a href="/">{% trans "Back" %}</a></p> |
43 | 64 |
{% endblock %} |
authentic2/views.py | ||
---|---|---|
366 | 366 |
# Credentials management |
367 | 367 |
blocks = [ frontend.profile(request) for frontend in frontends \ |
368 | 368 |
if hasattr(frontend, 'profile') and frontend.enabled() ] |
369 |
idp_backends = utils.get_backends() |
|
370 |
# Get actions for federation management |
|
371 |
federation_management = [] |
|
372 |
if app_settings.A2_PROFILE_CAN_MANAGE_FEDERATION: |
|
373 |
for idp_backend in idp_backends: |
|
374 |
if hasattr(idp_backend, 'federation_management'): |
|
375 |
federation_management.extend(idp_backend.federation_management(request)) |
|
369 | 376 |
ctx.update({ |
370 | 377 |
'frontends_block': blocks, |
371 | 378 |
'profile': profile, |
372 | 379 |
'allow_account_deletion': app_settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT, |
373 | 380 |
'allow_profile_edit': app_settings.A2_PROFILE_CAN_EDIT_PROFILE, |
374 | 381 |
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL, |
382 |
'federation_management': federation_management, |
|
375 | 383 |
}) |
376 | 384 |
return ctx |
377 | 385 | |
378 |
- |