0001-misc-add-journal-event-type-for-access-denied-event-.patch
| src/authentic2/journal_event_types.py | ||
|---|---|---|
| 329 | 329 |
return _('unauthorization of single sign on with "{service}"').format(service=service_name)
|
| 330 | 330 | |
| 331 | 331 | |
| 332 |
class UserServiceSSODenied(EventTypeWithService): |
|
| 333 |
name = 'user.service.sso.denial' |
|
| 334 |
label = _('was denied single-sign-on')
|
|
| 335 | ||
| 336 |
@classmethod |
|
| 337 |
def record(cls, user, session, service, **kwargs): |
|
| 338 |
super().record(user=user, session=session, service=service, data=kwargs) |
|
| 339 | ||
| 340 |
@classmethod |
|
| 341 |
def get_message(cls, event, context): |
|
| 342 |
service_name = cls.get_service_name(event) |
|
| 343 |
return _('was denied single sign on with "{service}"').format(service=service_name)
|
|
| 344 | ||
| 345 | ||
| 332 | 346 |
class UserEmailChangeRequest(EventTypeDefinition): |
| 333 | 347 |
name = 'user.email.change.request' |
| 334 | 348 |
label = _('email change request')
|
| src/authentic2/utils/misc.py | ||
|---|---|---|
| 1082 | 1082 | |
| 1083 | 1083 |
def unauthorized_view(request, service): |
| 1084 | 1084 |
context = {'callback_url': service.unauthorized_url or reverse('auth_homepage')}
|
| 1085 |
request.journal.record('user.service.sso.denial', service=service)
|
|
| 1085 | 1086 |
return render(request, 'authentic2/unauthorized.html', context=context) |
| 1086 | 1087 | |
| 1087 | 1088 | |
| tests/test_idp_cas.py | ||
|---|---|---|
| 27 | 27 |
from authentic2_idp_cas import constants |
| 28 | 28 |
from authentic2_idp_cas.models import Attribute, Service, Ticket |
| 29 | 29 | |
| 30 |
from .utils import Authentic2TestCase |
|
| 30 |
from .utils import Authentic2TestCase, assert_event
|
|
| 31 | 31 | |
| 32 | 32 |
CAS_NAMESPACES = {
|
| 33 | 33 |
'cas': constants.CAS_NAMESPACE, |
| ... | ... | |
| 138 | 138 |
follow=False, |
| 139 | 139 |
) |
| 140 | 140 |
response = client.get(response.url) |
| 141 |
assert_event( |
|
| 142 |
'user.service.sso.denial', |
|
| 143 |
session=client.session, |
|
| 144 |
user=self.user, |
|
| 145 |
service=self.service, |
|
| 146 |
) |
|
| 141 | 147 |
self.assertIn('https://casclient.com/loser/', force_text(response.content))
|
| 142 | 148 | |
| 143 | 149 |
def test_role_access_control_granted(self): |
| tests/test_idp_saml2.py | ||
|---|---|---|
| 612 | 612 |
scenario.launch_authn_request() |
| 613 | 613 |
scenario.login(user=user) |
| 614 | 614 |
assert scenario.idp_response.pyquery('a[href="%s"]' % 'https://whatever.com/loser/').text() == 'Back'
|
| 615 |
utils.assert_event( |
|
| 616 |
'user.service.sso.denial', |
|
| 617 |
session=app.session, |
|
| 618 |
user=user, |
|
| 619 |
service=scenario.sp.provider, |
|
| 620 |
) |
|
| 615 | 621 | |
| 616 | 622 | |
| 617 | 623 |
def test_sso_redirect_artifact_login_hints(app, user, keys): |
| 618 |
- |
|