Projet

Général

Profil

0001-add-MELLON_ASSERTION_CONSUMER_BINDINGS-52063.patch

Benjamin Dauvergne, 05 août 2021 13:41

Télécharger (7,08 ko)

Voir les différences: 

Subject: [PATCH] add MELLON_ASSERTION_CONSUMER_BINDINGS (#52063)

The default value is ['post', 'artifact'].

 README                               |  7 +++++
 mellon/app_settings.py               |  1 +
 mellon/templates/mellon/metadata.xml |  8 +++---
 mellon/utils.py                      |  1 +
 mellon/views.py                      |  8 +++++-
 tests/test_utils.py                  | 42 ++++++++++++++++++++++++++++
 6 files changed, 62 insertions(+), 5 deletions(-)
README
311 311 
Timeout in seconds for HTTP call made to retrieve metadata files. Default is 10
312 312 
seconds.
313 313 

  		




  
  314
  
    
MELLON_ASSERTION_CONSUMER_BINDINGS

  		




  
  315
  
    
----------------------------------

  		




  
  316
  
    

  		




  
  317
  
    
The list of supported assertion consumer bindings. Default is::

  		




  
  318
  
    

  		




  
  319
  
    
    ['post', 'artifact']

  		




  
  320
  
    

  		




  314
  321
  
    
Tests

  		




  315
  322
  
    
=====

  		




  316
  323
  
    

  		












  

    
      mellon/app_settings.py
    
  





  26
  26
  
    
        'CREATE_GROUP': True,

  		




  27
  27
  
    
        'ERROR_URL': None,

  		




  28
  28
  
    
        'ERROR_REDIRECT_AFTER_TIMEOUT': 120,

  		




  
  29
  
    
        'ASSERTION_CONSUMER_BINDINGS': ['post', 'artifact'],

  		




  29
  30
  
    
        'DEFAULT_ASSERTION_CONSUMER_BINDING': 'post',  # or artifact

  		




  30
  31
  
    
        'VERIFY_SSL_CERTIFICATE': True,

  		




  31
  32
  
    
        'OPENED_SESSION_COOKIE_NAME': None,

  		












  

    
      mellon/templates/mellon/metadata.xml
    
  





  32
  32
  
    
   {% for name_id_format in name_id_formats %}

  		




  33
  33
  
    
       <NameIDFormat>{{ name_id_format }}</NameIDFormat>

  		




  34
  34
  
    
   {% endfor %}

  		




  35
  
  
    
   <AssertionConsumerService

  		




  
  35
  
    
{% if 'artifact' in assertion_consumer_bindings %}     <AssertionConsumerService

  		




  36
  36
  
    
     index="0"

  		




  37
  37
  
    
     {% if default_assertion_consumer_binding == "artifact" %}

  		




  38
  38
  
    
     isDefault="true"

  		




  39
  39
  
    
     {% endif %}

  		




  40
  40
  
    
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"

  		




  41
  
  
    
     Location="{{ login_url }}" />

  		




  42
  
  
    
   <AssertionConsumerService

  		




  
  41
  
    
         Location="{{ login_url }}" />

  		




  
  42
  
    
{% endif %}{% if 'post' in assertion_consumer_bindings%}    <AssertionConsumerService

  		




  43
  43
  
    
     index="1"

  		




  44
  44
  
    
     {% if default_assertion_consumer_binding == "post" %}

  		




  45
  45
  
    
     isDefault="true"

  		




  46
  46
  
    
     {% endif %}

  		




  47
  47
  
    
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

  		




  48
  48
  
    
     Location="{{ login_url }}" />

  		




  49
  
  
    
 </SPSSODescriptor>

  		




  
  49
  
    
{% endif %} </SPSSODescriptor>

  		




  50
  50
  
    
 {% if organization and organization.NAMES and organization.DISPLAY_NAMES and organization.URLS %}

  		




  51
  51
  
    
     <Organization>

  		




  52
  52
  
    
     {% for name in organization.NAMES %}

  		












  

    
      mellon/utils.py
    
  





  54
  54
  
    
        'logout_url': request.build_absolute_uri(logout_url),

  		




  55
  55
  
    
        'public_keys': public_keys,

  		




  56
  56
  
    
        'name_id_formats': name_id_formats,

  		




  
  57
  
    
        'assertion_consumer_bindings': app_settings.ASSERTION_CONSUMER_BINDINGS,

  		




  57
  58
  
    
        'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING,

  		




  58
  59
  
    
        'organization': app_settings.ORGANIZATION,

  		




  59
  60
  
    
        'contact_persons': app_settings.CONTACT_PERSONS,

  		












  

    
      mellon/views.py
    
  





  29
  29
  
    
from django.contrib import auth

  		




  30
  30
  
    
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model

  		




  31
  31
  
    
from django.db import transaction

  		




  32
  
  
    
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect

  		




  
  32
  
    
from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseRedirect

  		




  33
  33
  
    
from django.shortcuts import render, resolve_url

  		




  34
  34
  
    
from django.urls import reverse

  		




  35
  35
  
    
from django.utils import six

  		




  ......




  163
  163
  
    
    def post(self, request, *args, **kwargs):

  		




  164
  164
  
    
        '''Assertion consumer'''

  		




  165
  165
  
    
        if 'SAMLart' in request.POST:

  		




  
  166
  
    
            if 'artifact' not in app_settings.ASSERTION_CONSUMER_BINDINGS:

  		




  
  167
  
    
                raise Http404('artifact binding is not supported')

  		




  166
  168
  
    
            return self.continue_sso_artifact(request, lasso.HTTP_METHOD_ARTIFACT_POST)

  		




  167
  169
  
    
        if 'SAMLResponse' not in request.POST:

  		




  
  170
  
    
            if 'post' not in app_settings.ASSERTION_CONSUMER_BINDINGS:

  		




  
  171
  
    
                raise Http404('post binding is not supported')

  		




  168
  172
  
    
            return self.get(request, *args, **kwargs)

  		




  169
  173
  
    
        if not utils.is_nonnull(request.POST['SAMLResponse']):

  		




  170
  174
  
    
            return HttpResponseBadRequest('SAMLResponse contains a null character')

  		




  ......




  462
  466
  
    
    def get(self, request, *args, **kwargs):

  		




  463
  467
  
    
        '''Initialize login request'''

  		




  464
  468
  
    
        if 'SAMLart' in request.GET:

  		




  
  469
  
    
            if 'artifact' not in app_settings.ASSERTION_CONSUMER_BINDINGS:

  		




  
  470
  
    
                raise Http404('artifact binding is not supported')

  		




  465
  471
  
    
            return self.continue_sso_artifact(request, lasso.HTTP_METHOD_ARTIFACT_GET)

  		




  466
  472
  
    

  		




  467
  473
  
    
        # redirect to discovery service if needed

  		












  

    
      tests/test_utils.py
    
  





  112
  112
  
    
        namespaces=ns,

  		




  113
  113
  
    
    )

  		




  114
  114
  
    

  		




  
  115
  
    
    private_settings.MELLON_ASSERTION_CONSUMER_BINDINGS = ['post']

  		




  
  116
  
    
    with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):

  		




  
  117
  
    
        metadata = create_metadata(request)

  		




  
  118
  
    
    assert 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'

  		




  
  119
  
    
    assert_xml_constraints(

  		




  
  120
  
    
        metadata.encode('utf-8'),

  		




  
  121
  
    
        (

  		




  
  122
  
    
            '/sm:EntityDescriptor/sm:SPSSODescriptor',

  		




  
  123
  
    
            1,

  		




  
  124
  
    
            (

  		




  
  125
  
    
                '/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']',

  		




  
  126
  
    
                0,

  		




  
  127
  
    
            ),

  		




  
  128
  
    
            (

  		




  
  129
  
    
                '/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',

  		




  
  130
  
    
                1,

  		




  
  131
  
    
            ),

  		




  
  132
  
    
        ),

  		




  
  133
  
    
        namespaces=ns,

  		




  
  134
  
    
    )

  		




  
  135
  
    

  		




  
  136
  
    
    private_settings.MELLON_ASSERTION_CONSUMER_BINDINGS = ['artifact']

  		




  
  137
  
    
    with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):

  		




  
  138
  
    
        metadata = create_metadata(request)

  		




  
  139
  
    
    assert 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'

  		




  
  140
  
    
    assert_xml_constraints(

  		




  
  141
  
    
        metadata.encode('utf-8'),

  		




  
  142
  
    
        (

  		




  
  143
  
    
            '/sm:EntityDescriptor/sm:SPSSODescriptor',

  		




  
  144
  
    
            1,

  		




  
  145
  
    
            (

  		




  
  146
  
    
                '/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']',

  		




  
  147
  
    
                1,

  		




  
  148
  
    
            ),

  		




  
  149
  
    
            (

  		




  
  150
  
    
                '/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',

  		




  
  151
  
    
                0,

  		




  
  152
  
    
            ),

  		




  
  153
  
    
        ),

  		




  
  154
  
    
        namespaces=ns,

  		




  
  155
  
    
    )

  		




  
  156
  
    

  		




  115
  157
  
    

  		




  116
  158
  
    
def test_iso8601_to_datetime(private_settings):

  		




  117
  159
  
    
    import django.utils.timezone

  		




  118
  
  
    
-