0001-misc-add-journal-event-type-for-access-denied-event-.patch
src/authentic2/journal_event_types.py | ||
---|---|---|
329 | 329 |
return _('unauthorization of single sign on with "{service}"').format(service=service_name) |
330 | 330 | |
331 | 331 | |
332 |
class UserServiceSSODenied(EventTypeWithService): |
|
333 |
name = 'user.service.sso.denial' |
|
334 |
label = _('was denied single-sign-on') |
|
335 | ||
336 |
@classmethod |
|
337 |
def record(cls, user, session, service, **kwargs): |
|
338 |
super().record(user=user, session=session, service=service, data=kwargs) |
|
339 | ||
340 |
@classmethod |
|
341 |
def get_message(cls, event, context): |
|
342 |
service_name = cls.get_service_name(event) |
|
343 |
return _('was denied single sign on with "{service}"').format(service=service_name) |
|
344 | ||
345 | ||
332 | 346 |
class UserEmailChangeRequest(EventTypeDefinition): |
333 | 347 |
name = 'user.email.change.request' |
334 | 348 |
label = _('email change request') |
src/authentic2/utils/misc.py | ||
---|---|---|
1082 | 1082 | |
1083 | 1083 |
def unauthorized_view(request, service): |
1084 | 1084 |
context = {'callback_url': service.unauthorized_url or reverse('auth_homepage')} |
1085 |
request.journal.record('user.service.sso.denial', service=service) |
|
1085 | 1086 |
return render(request, 'authentic2/unauthorized.html', context=context) |
1086 | 1087 | |
1087 | 1088 |
tests/test_idp_cas.py | ||
---|---|---|
27 | 27 |
from authentic2_idp_cas import constants |
28 | 28 |
from authentic2_idp_cas.models import Attribute, Service, Ticket |
29 | 29 | |
30 |
from .utils import Authentic2TestCase |
|
30 |
from .utils import Authentic2TestCase, assert_event
|
|
31 | 31 | |
32 | 32 |
CAS_NAMESPACES = { |
33 | 33 |
'cas': constants.CAS_NAMESPACE, |
... | ... | |
138 | 138 |
follow=False, |
139 | 139 |
) |
140 | 140 |
response = client.get(response.url) |
141 |
assert_event( |
|
142 |
'user.service.sso.denial', |
|
143 |
session=client.session, |
|
144 |
user=self.user, |
|
145 |
service=self.service, |
|
146 |
) |
|
141 | 147 |
self.assertIn('https://casclient.com/loser/', force_text(response.content)) |
142 | 148 | |
143 | 149 |
def test_role_access_control_granted(self): |
tests/test_idp_saml2.py | ||
---|---|---|
612 | 612 |
scenario.launch_authn_request() |
613 | 613 |
scenario.login(user=user) |
614 | 614 |
assert scenario.idp_response.pyquery('a[href="%s"]' % 'https://whatever.com/loser/').text() == 'Back' |
615 |
utils.assert_event( |
|
616 |
'user.service.sso.denial', |
|
617 |
session=app.session, |
|
618 |
user=user, |
|
619 |
service=scenario.sp.provider, |
|
620 |
) |
|
615 | 621 | |
616 | 622 | |
617 | 623 |
def test_sso_redirect_artifact_login_hints(app, user, keys): |
618 |
- |