Produits Entr'ouvert » Authentic 2

#!/usr/bin/python

import logging

import os

    for pckg in packages:

        name = pckg.get('name')

        if not include_package(name):

            packageroot.remove(pckg)

        else:

            included.append(pckg)

    # create simple regexp from given filter

    for i in range(len(packagefilters)):

def include_package(name):

    for xmlfile in xmlfiles:

        xml = ET.parse(xmlfile)

        filter_xml(xml)

        xml.write(xmlfile + filtersuffix, encoding="UTF-8", xml_declaration=True)

        currfile += 1

else:

        sys.exit(0)

    currfile = 1

    merge_xml(xmlfiles[0], xmlfiles[1], finalxml)

    currfile = 2

    for i in range(totalfiles - 2):

        xmlfile = xmlfiles[i + 2]

        merge_xml(finalxml, xmlfile, finalxml)

        currfile += 1

    tag exists, take 0.0- and add the length of the commit log.

    """

    if os.path.exists('VERSION'):

            return v.read()

    if os.path.exists('.git'):

        p = subprocess.Popen(

    fields = ['parent']

    def get_queryset(self, request):

class RoleChildInline(admin.TabularInline):

    fields = ['child']

    def get_queryset(self, request):

class RoleAttributeInline(admin.TabularInline):

import sys

    __DEFAULTS = dict(

        MANAGED_CONTENT_TYPES=None,

        ROLE_ADMIN_RESTRICT_TO_OU_USERS=False,

        return name, path, args, kwargs

    def to_python(self, value):

        if value is None:

            return False

        return value

    def get_db_prep_value(self, value, connection, prepared=False):

        if value is False:

            return None

        return value

    Role = get_role_model()

    if app_settings.MANAGED_CONTENT_TYPES == ():

    else:

        ou_admin_role = ou.get_admin_role()

from django.conf import settings

from django.db import migrations, models

        ),

        migrations.AlterUniqueTogether(

            name='organizationalunit',

        ),

        migrations.AlterUniqueTogether(

            name='roleattribute',

        ),

        migrations.AlterUniqueTogether(

            name='role',

        ),

    ]

from django.db import migrations, models

from django.db import migrations, models

from authentic2.migrations import CreatePartialIndexes

from django.db import migrations, models

        ),

        migrations.AlterUniqueTogether(

            name='role',

        ),

    ]

from django.db import migrations, models

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

from authentic2.migrations import CreatePartialIndexes

from collections import defaultdict

from django.db import migrations

        children = set()

        for role in duplicates:

            members |= set(role.members.all())

        duplicates[0].members = members

        for parent in parents:

            RoleParenting.objects.get_or_crate(parent=parent, child=duplicates[0], direct=True)

from django.db import migrations, models

    operations = [

        migrations.AlterUniqueTogether(

            name='role',

        ),

    ]

from django.db import migrations, models

    operations = [

        migrations.AlterUniqueTogether(

            name='roleparenting',

        ),

        migrations.AlterIndexTogether(

            name='roleparenting',

        ),

    ]

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

# Generated by Django 1.11.18 on 2019-03-08 10:22

from django.db import migrations, models

from django.db import migrations, models

from authentic2.migrations import CreatePartialIndexes

# Generated by Django 1.11.18 on 2020-03-17 14:14

from django.db import migrations, models

# Generated by Django 1.11.18 on 2020-04-02 09:01

import django.core.validators

from django.db import migrations, models

# Generated by Django 1.11.18 on 2020-05-27 13:22

from django.db import migrations, models

# Generated by Django 1.11.18 on 2020-05-12 08:58

from django.db import migrations

            and self.clean_unused_accounts_alert >= self.clean_unused_accounts_deletion

        ):

            raise ValidationError(_('Deletion alert delay must be less than actual deletion delay.'))

    def get_admin_role(self):

        """Get or create the generic admin role for this organizational

        unit.

        """

        name = _('Managers of "{ou}"').format(ou=self)

        return Role.objects.get_admin_role(

            instance=self,

            name=name,

        admin_role = self.__class__.objects.get_admin_role(

            self,

            name=_('Managers of role "{role}"').format(role=str(self)),

            permissions=(view_user_perm,),

            self_administered=True,

            update_name=True,

        errors = {}

        with errorcollector(errors):

        exclude = exclude or []

        # Service roles can only be part of the same ou as the service

        if self.service:

            self.ou = self.service.ou

        self.get_admin_role(create=False)

        return result

        verbose_name_plural = _('role parenting relations')

    def __str__(self):

class RoleAttribute(models.Model):

class CleanupAdminMixin(admin.ModelAdmin):

    def get_actions(self, request):

        if hasattr(self.model.objects.none(), 'cleanup'):

            actions['cleanup_action'] = cleanup_action, 'cleanup_action', cleanup_action.short_description

        return actions

        `self.value()`.

        """

        if self.value():

        return queryset

        fields = '__all__'

    def __init__(self, *args, **kwargs):

        f = self.fields.get('user_permissions', None)

        if f is not None:

            f.queryset = f.queryset.select_related('content_type')

            )

    def save(self, commit=True):

        user.set_password(self.cleaned_data["password1"])

        if commit:

            user.save()

    actions = UserAdmin.actions + ['mark_as_inactive']

    def get_fieldsets(self, request, obj=None):

        if obj:

            if not request.user.is_superuser:

                fieldsets[2][1]['fields'] = filter(lambda x: x != 'is_superuser', fieldsets[2][1]['fields'])

            qs = models.Attribute.objects.all()

        else:

            qs = models.Attribute.objects.filter(required=True)

        fields = list(set(fields) - set(non_model_fields))

        kwargs['fields'] = fields

    @transaction.atomic

    def mark_as_inactive(self, request, queryset):

class AttributeForm(forms.ModelForm):

    def __init__(self, *args, **kwargs):

        choices = self.kind_choices()

        self.fields['kind'].choices = choices

        self.fields['kind'].widget = forms.Select(choices=choices)

    default_code = 'conflict'

    _lookup_object = None

    def get_object(self):

        if self._lookup_object is not None:

            return self._lookup_object

    def _get_lookup_keys(self, name):

        return self.request.GET.getlist(name)

            self._lookup_object = self._lookup_instance(update_or_create_keys)

            if self._lookup_object is not None:

                return self.partial_update(request, *args, **kwargs)

User = get_user_model()

    def get_serializer(self, *args, **kwargs):

        # if the serializer is a ListSerializer, we modify the child

        if hasattr(serializer, 'child'):

            hooks.call_hooks('api_modify_serializer', self, serializer.child)

    def get_object(self):

        hooks.call_hooks('api_modify_view_before_get_object', self)

class DjangoPermission(permissions.BasePermission):

        return self

    def handle_exception(self, exc):

        if hasattr(exc, 'detail'):

            exc.detail = {

                'result': 0,

                'errors': exc.detail,

            }

        else:

            response.data = {

                'result': 0,

                'errors': response.data,

        return data

    def post(self, request, format=None):

        serializer = self.get_serializer(data=request.data)

        if serializer.is_valid():

    hashed_password = serializers.CharField(max_length=128, required=False)

    def __init__(self, *args, **kwargs):

        for at in Attribute.objects.all():

            if at.name in self.fields:

        password = validated_data.pop('password', None)

        hashed_password = validated_data.pop('hashed_password', None)

        self.check_perm('custom_user.add_user', validated_data.get('ou'))

        # prevent update on a get_or_create

        if not getattr(instance, '_a2_created', True):

            return instance

            self.check_perm('custom_user.change_user', validated_data.get('ou'))

        if validated_data.get('email') != instance.email and not validated_data.get('email_verified'):

            instance.email_verified = False

        for key, value in attributes.items():

            if is_verified.get(key):

                setattr(instance.verified_attributes, key, value)

        return self.context['request'].user

    def __init__(self, instance=None, **kwargs):

        if self.instance:

            self.fields['ou'].read_only = True

        ou = validated_data.get('ou')

        # Creating roles also means being allowed to within the OU:

        if not self.user.has_ou_perm('a2_rbac.add_role', ou):

    def update(self, instance, validated_data):

        # Check role-updating permissions:

        if not self.user.has_perm('a2_rbac.change_role', obj=instance):

        return instance

    def partial_update(self, instance, validated_data):

        # Check role-updating permissions:

        if not self.user.has_perm('a2_rbac.change_role', obj=instance):

        return instance

    class Meta:

    def __init__(self, *args, **kwargs):

        self.bound = kwargs.pop('bound')

        assert self.bound in ['upper', 'lesser']

    def strptime(self, value, format):

        try:

        except (NonExistentTimeError, AmbiguousTimeError):

            parsed = parse_datetime(value)

            possible = sorted(

            raise NotImplementedError

    def filter(self, qs, value):

class UsersFilter(FilterSet):

    def check_perm(self, perm, ou):

        if ou:

            if not self.request.user.has_ou_perm(perm, ou):

        else:

            if not self.request.user.has_perm(perm):

    def perform_create(self, serializer):

        super().perform_create(serializer)

    def perform_destroy(self, instance):

        self.check_perm('custom_user.delete_user', instance.ou)

        self.request.journal.record('manager.user.deletion', target_user=instance, api=True)

    class SynchronizationSerializer(serializers.Serializer):

        known_uuids = serializers.ListField(child=serializers.CharField())

    def perform_destroy(self, instance):

        if not self.request.user.has_perm(perm='a2_rbac.delete_role', obj=instance):

        self.request.journal.record('manager.role.deletion', role=instance, api=True)

    def perform_create(self, serializer):

        super().perform_create(serializer)

class RolesMembersAPI(UsersAPI):

    def initial(self, request, *args, **kwargs):

        Role = get_role_model()

        self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])

    permission_classes = (permissions.IsAuthenticated,)

    def initial(self, request, *args, **kwargs):

        Role = get_role_model()

        User = get_user_model()

        self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])

    def get(self, request, *args, **kwargs):

        if not request.user.has_perm('a2_rbac.view_role', obj=self.role):

        if self.request.GET.get('nested', 'false').lower() in ('true', '1'):

            qs = self.role.all_members()

        else:

    def post(self, request, *args, **kwargs):

        if not request.user.has_perm('a2_rbac.manage_members_role', obj=self.role):

        self.role.members.add(self.member)

        request.journal.record('manager.role.membership.grant', role=self.role, member=self.member, api=True)

        return Response(

    def delete(self, request, *args, **kwargs):

        if not request.user.has_perm('a2_rbac.manage_members_role', obj=self.role):

        self.role.members.remove(self.member)

        request.journal.record(

            'manager.role.membership.removal', role=self.role, member=self.member, api=True

    http_method_names = ['post', 'put', 'patch', 'delete']

    def initial(self, request, *args, **kwargs):

        Role = get_role_model()

        User = get_user_model()

        self.role = get_object_or_404(Role, uuid=kwargs['role_uuid'])

        perm = 'a2_rbac.manage_members_role'

        authorized = request.user.has_perm(perm, obj=self.role)

        if not authorized:

        if not isinstance(request.data, dict):

            raise ValidationError(_('Payload must be a dictionary'))

from django.utils.translation import ugettext_lazy as _

    SENTINEL = object()

    def __init__(self, default=SENTINEL, definition='', names=None):

        return self.default != self.SENTINEL

    def __init__(self, defaults):

        self.defaults = defaults

from django.conf import settings

from django.db import migrations, models

        ),

        migrations.AlterUniqueTogether(

            name='useraliasinsource',

        ),

        migrations.AddField(

            model_name='attributeitem',

from django.conf import settings

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

from django.db import migrations, models

    def __init__(self, **kwargs):

        self.allow_blank = kwargs.pop('allow_blank', False)

        self.trim_whitespace = kwargs.pop('trim_whitespace', True)

    def run_validation(self, data=empty):

        # Test for the empty string here so that it does not get validated,

            if not self.allow_blank:

                self.fail('blank')

            return ''

class BirthdateWidget(DateWidget):

        options['startDate'] = '1900-01-01'

        attrs['min'] = '1900-01-01'

        attrs['max'] = (datetime.date.today() - datetime.timedelta(days=1)).isoformat()

def validate_birthdate(value):

    def __init__(self, *args, **kwargs):

        kwargs['max_length'] = 30

        kwargs.setdefault('help_text', _('ex.: 0699999999, +33 6 99 99 99 99'))

    def clean(self, value):

        if value not in self.empty_values:

class FrPostcodeField(forms.CharField):

    def __init__(self, *args, **kwargs):

        kwargs.setdefault('help_text', _('ex.: 13260'))

    def clean(self, value):

        if value not in self.empty_values:

            value = value.strip()

            validate_fr_postcode(value)

    default_validators = [validate_fr_postcode]

    def __init__(self, name):

        self.name = name

    default_validators = [validate_siret]

    def to_python(self, value):

        value = only_digits(value)

        return value

    """

    for source in get_sources():

        for instance in source.get_instances(ctx):

def get_attributes(ctx):

    """

    source_and_instances = []

    for source in get_sources():

    source_and_instances = topological_sort(source_and_instances, ctx)

    ctx = ctx.copy()

    for source, instance in source_and_instances:

import abc

    """

    Base class for attribute sources

    """

from ...decorators import to_list

@to_list

from ...decorators import to_list

UNEXPECTED_KEYS_ERROR = '{0}: unexpected key(s) {1} in configuration'

MISSING_KEYS_ERROR = '{0}: missing key(s) {1} in configuration'

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

    def get_apps(self):

        return [__name__]

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

# Generated by Django 1.11.20 on 2019-06-14 12:38

from django.db import migrations

from django.core import validators

from django.db import migrations, models

from django.utils import timezone

import django.core.validators

from django.db import migrations, models

from django.conf import settings

from django.db import migrations

import django.core.validators

import django.utils.timezone

from django.db import migrations, models

import django.contrib.auth.models

import django.core.validators

from django.db import migrations, models

from authentic2_idp_oidc.models import OIDCClient

    """Fake user class to return in case OIDC authentication"""

    def __init__(self, oidc_client):

        except OIDCClient.DoesNotExist:

            pass

        # try BasicAuthentication

            # compatibility with DRF 3.4

logger = logging.getLogger(__name__)

    def __init__(self, show_condition=None, **kwargs):

        self.show_condition = show_condition

        if self.block.get('keep_password_in_session', False):

            self.keep_password_in_session(password)

        if self.block['keep_password']:

                self._changed = True

        else:

                self.set_unusable_password()

                self._changed = True

            self._current_password = new_password

        self.keep_password_in_session(new_password)

        if self.block['keep_password']:

        else:

            self.set_unusable_password()

        if hasattr(self, 'keep_pk'):

            pk = self.pk

            self.pk = self.keep_pk

        if hasattr(self, 'keep_pk'):

            self.pk = pk

        return self.block.get('user_can_change_password', False)

    _DEFAULTS = {

        'basedn': '',

        'binddn': '',

        # 1.1 is special attribute meaning, "no attribute requested"

        results = conn.search_s(group_base_dn, ldap.SCOPE_SUBTREE, block['group_filter'], ['1.1'])

        results = cls.normalize_ldap_results(results)

    def authenticate(self, request=None, username=None, password=None, realm=None, ou=None):

        if username is None or password is None:

                            log.debug(

                                '[%s] looking up dn for username %r using query %r', ldap_uri, username, query

                            )

                            results = self.normalize_ldap_results(results)

                            # remove search references

                            results = [result for result in results if result[0] is not None]

                                try:

                                    self.bind(block, conn)

                                except Exception:

                                    raise ldap.SERVER_DOWN

                            break

                        except ldap.INVALID_CREDENTIALS as e:

            for key in at_mapping:

                if at_mapping[key] != 'dn':

                    attributes.add(at_mapping[key])

    @classmethod

    def get_ppolicy_attributes(cls, block, conn, dn):

        def get_attributes(dn, attributes):

            try:

            except ldap.LDAPError as e:

                log.error('[%s] unable to retrieve attributes of dn %r: %r', ldap_uri, dn, e)

                return {}

                decoded.append((attribute, urllib.parse.unquote(value)))

            else:

                decoded.append((attribute, force_text(value)))

    def build_external_id(self, external_id_tuple, attributes):

        """Build the exernal id for the user, use attribute that eventually

            msgid = conn.search_ext(*args, serverctrls=[pg_ctrl], **kwargs)

            result_type, data, msgid, serverctrls = conn.result3(msgid)

            pg_ctrl.cookie = serverctrls[0].cookie

    @classmethod

    def get_users(cls):

        for block in cls.get_config():

            conn = cls.get_connection(block)

            if conn is None:

                continue

            cls.check_group_to_role_mappings(block)

            user_basedn = force_text(block.get('user_basedn') or block['basedn'])

    @classmethod

    def ad_encoding(cls, s):

        '''Encode a string for AD consumption as a password'''

    @classmethod

    def modify_password(cls, conn, block, dn, old_password, new_password):

                yield conn

            else:

                if block['replicas']:

                else:

    @classmethod

    def bind(cls, block, conn, credentials=()):

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import functools

def upn(username, realm):

    '''Build an UPN from a username and a realm'''

PROXY_USER_MODEL = None

from .utils.views import csrf_token_check

    """Move CSRF token validation inside the form validation.

    This mixin must always be the leftest one and if your class override

    @method_decorator(csrf_exempt)

    @method_decorator(ensure_csrf_cookie)

    def dispatch(self, *args, **kwargs):

    def form_valid(self, *args, **kwargs):

        for form in args:

                csrf_token_check(self.request, form)

        if not form.is_valid():

            return self.form_invalid(form)

    def get_success_url(self):

        if REDIRECT_FIELD_NAME in self.request.GET:

            return self.request.GET[REDIRECT_FIELD_NAME]

                },

                status=303,

            )

    def get_template_names(self):

        if hasattr(self, 'template_names'):

            return self.template_names

    def get_form(self):

        hooks.call_hooks('front_modify_form', self, form)

        return form

    import lasso

except ImportError:

        def __getattr__(self, key):

            if key[0].isupper():

                return ''

from .models import Service

    '''Provide access to all federations of the current user'''

    def __init__(self, request):

                    d['provider'] = provider

                    d['links'].append(link)

            return d

__AUTHENTIC2_DISTRIBUTION = None

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import csv

import io

        return attr.s(func, **kwargs)

    def __init__(self, fd):

        self.fd = fd

    next = __next__

    def __init__(self, fd, dialect='excel', **kwargs):

        self.reader = csv.reader(UTF8Recoder(fd), dialect=dialect, **kwargs)

    next = __next__

    rows = None

    error = None

    error_description = None

            input_fd = io.StringIO(fd_or_str)

        elif not hasattr(fd_or_str, 'read1'):

            try:

            except Exception:

                try:

                    fd_or_str.seek(0)

                    input_fd.seek(0)

            if not hasattr(input_fd, 'readable'):

            return io.TextIOWrapper(input_fd, encoding=encoding)

        def parse_csv(input_fd):

@attrs

    column = attrib()

    name = attrib(default='')

    field = attrib(default=False, converter=bool)

@attrs

    code = attrib()

    description = attrib(default='', cmp=False)

SOURCE_NAME = '_source_name'

SOURCE_ID = '_source_id'

ROLE_NAME = '_role_name'

ROLE_SLUG = '_role_slug'

PASSWORD_HASH = 'password_hash'

@attrs

    line = attrib()

    cells = attrib(default=[])

    errors = attrib(default=[])

@attrs

    line = attrib()

    header = attrib()

    value = attrib(default=None)

    pass

    csv_importer = None

    errors = None

    headers = None

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import getpass

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from django.core.management.base import BaseCommand

import django.utils.timezone

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

class ThirdPartyAlterField(migrations.AlterField):

    def __init__(self, *args, **kwargs):

        self.app_label = kwargs.pop('app_label')

    def state_forwards(self, app_label, state):

    def database_forwards(self, app_label, schema_editor, from_state, to_state):

        if hasattr(from_state, 'clear_delayed_apps_cache'):

            from_state.clear_delayed_apps_cache()

    def database_backwards(self, app_label, schema_editor, from_state, to_state):

        self.database_forwards(app_label, schema_editor, from_state, to_state)

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

from django.conf import settings

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

import django.utils.timezone

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations

import datetime

from django.db import migrations, models

from django.db import migrations, models

from django.db import migrations

from django.db import migrations, models

# Generated by Django 1.11.12 on 2018-09-25 09:07

from django.db import migrations, models

# Generated by Django 1.11.18 on 2020-03-05 15:45

from django.db import migrations, models

# Generated by Django 1.11.18 on 2020-03-17 14:16

from django.db import migrations, models

# Generated by Django 1.11.29 on 2020-04-21 13:38

from django.db import migrations, models

# Generated by Django 1.11.29 on 2020-11-02 21:52

from django.contrib.auth.models import AbstractUser

from django.db import migrations

# Generated by Django 1.11.29 on 2021-02-09 09:37

from django.db import migrations, models

# authentic2 - versatile identity manager

# Copyright (C) 2010-2019 Entr'ouvert

#

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import base64

import datetime

            yield value

    def __init__(self, owner, verified=None):

        self.__dict__['owner'] = owner

        self.__dict__['verified'] = verified

        return None