0003-use-force_str-only-when-necessary-64309.patch
| mellon/adapters.py | ||
|---|---|---|
| 32 | 32 |
from django.contrib.auth.models import Group |
| 33 | 33 |
from django.core.exceptions import FieldDoesNotExist, PermissionDenied |
| 34 | 34 |
from django.core.files.storage import default_storage |
| 35 |
from django.utils.encoding import force_text |
|
| 36 | 35 |
from django.utils.translation import gettext as _ |
| 37 | 36 | |
| 38 | 37 |
from . import app_settings, models, models_utils, utils |
| ... | ... | |
| 276 | 275 |
realm = utils.get_setting(idp, 'REALM') |
| 277 | 276 |
username_template = utils.get_setting(idp, 'USERNAME_TEMPLATE') |
| 278 | 277 |
try: |
| 279 |
username = force_text(username_template).format(realm=realm, attributes=saml_attributes, idp=idp)[
|
|
| 278 |
username = username_template.format(realm=realm, attributes=saml_attributes, idp=idp)[
|
|
| 280 | 279 |
: self.user_class._meta.get_field('username').max_length
|
| 281 | 280 |
] |
| 282 | 281 |
except ValueError: |
| ... | ... | |
| 476 | 475 |
attribute_set = False |
| 477 | 476 |
for field, tpl in attribute_mapping.items(): |
| 478 | 477 |
try: |
| 479 |
value = force_text(tpl).format(realm=realm, attributes=saml_attributes, idp=idp)
|
|
| 478 |
value = tpl.format(realm=realm, attributes=saml_attributes, idp=idp)
|
|
| 480 | 479 |
except ValueError: |
| 481 | 480 |
logger.warning('mellon: invalid attribute mapping template %r', tpl)
|
| 482 | 481 |
except (AttributeError, KeyError, IndexError, ValueError) as e: |
| mellon/utils.py | ||
|---|---|---|
| 27 | 27 |
from django.contrib import auth |
| 28 | 28 |
from django.template.loader import render_to_string |
| 29 | 29 |
from django.urls import reverse |
| 30 |
from django.utils.encoding import force_text
|
|
| 30 |
from django.utils.encoding import force_str
|
|
| 31 | 31 |
from django.utils.timezone import get_default_timezone, is_aware, make_aware, make_naive, now |
| 32 | 32 | |
| 33 | 33 |
from . import app_settings |
| ... | ... | |
| 213 | 213 | |
| 214 | 214 |
def make_session_dump(lasso_name_id, indexes): |
| 215 | 215 |
session_infos = [] |
| 216 |
name_id = force_text(lasso_name_id.content)
|
|
| 217 |
name_id_format = force_text(lasso_name_id.format)
|
|
| 218 |
name_qualifier = lasso_name_id.nameQualifier and force_text(lasso_name_id.nameQualifier)
|
|
| 219 |
sp_name_qualifier = lasso_name_id.spNameQualifier and force_text(lasso_name_id.spNameQualifier)
|
|
| 216 |
name_id = force_str(lasso_name_id.content)
|
|
| 217 |
name_id_format = force_str(lasso_name_id.format)
|
|
| 218 |
name_qualifier = lasso_name_id.nameQualifier and force_str(lasso_name_id.nameQualifier)
|
|
| 219 |
sp_name_qualifier = lasso_name_id.spNameQualifier and force_str(lasso_name_id.spNameQualifier)
|
|
| 220 | 220 |
for index in indexes: |
| 221 | 221 |
issuer = index.saml_identifier.issuer.entity_id |
| 222 | 222 |
session_infos.append( |
| mellon/views.py | ||
|---|---|---|
| 32 | 32 |
from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseRedirect |
| 33 | 33 |
from django.shortcuts import render, resolve_url |
| 34 | 34 |
from django.urls import reverse |
| 35 |
from django.utils.encoding import force_str, force_text
|
|
| 35 |
from django.utils.encoding import force_str |
|
| 36 | 36 |
from django.utils.http import urlencode |
| 37 | 37 |
from django.utils.translation import gettext as _ |
| 38 | 38 |
from django.views.decorators.csrf import csrf_exempt |
| ... | ... | |
| 264 | 264 | |
| 265 | 265 |
if login.nameIdentifier: |
| 266 | 266 |
name_id = login.nameIdentifier |
| 267 |
name_id_format = force_text(name_id.format or lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED)
|
|
| 267 |
name_id_format = force_str(name_id.format or lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED)
|
|
| 268 | 268 |
attributes.update( |
| 269 | 269 |
{'name_id_content': lasso_decode(name_id.content), 'name_id_format': name_id_format}
|
| 270 | 270 |
) |
| 271 | 271 |
if name_id.nameQualifier: |
| 272 |
attributes['name_id_name_qualifier'] = force_text(name_id.nameQualifier)
|
|
| 272 |
attributes['name_id_name_qualifier'] = force_str(name_id.nameQualifier)
|
|
| 273 | 273 |
if name_id.spNameQualifier: |
| 274 |
attributes['name_id_sp_name_qualifier'] = force_text(name_id.spNameQualifier)
|
|
| 274 |
attributes['name_id_sp_name_qualifier'] = force_str(name_id.spNameQualifier)
|
|
| 275 | 275 |
authn_statement = login.assertion.authnStatement[0] |
| 276 | 276 |
if authn_statement.authnInstant: |
| 277 | 277 |
attributes['authn_instant'] = utils.iso8601_to_datetime(authn_statement.authnInstant) |
| ... | ... | |
| 663 | 663 |
except lasso.Error as e: |
| 664 | 664 |
return HttpResponseBadRequest('error processing logout request: %r' % e)
|
| 665 | 665 | |
| 666 |
entity_id = force_text(logout.remoteProviderId)
|
|
| 667 |
session_indexes = {force_text(sessionIndex) for sessionIndex in logout.request.sessionIndexes}
|
|
| 666 |
entity_id = force_str(logout.remoteProviderId)
|
|
| 667 |
session_indexes = {force_str(sessionIndex) for sessionIndex in logout.request.sessionIndexes}
|
|
| 668 | 668 | |
| 669 | 669 |
saml_identifier = ( |
| 670 | 670 |
models.UserSAMLIdentifier.objects.filter( |
| 671 |
name_id=force_text(logout.nameIdentifier.content),
|
|
| 671 |
name_id=force_str(logout.nameIdentifier.content),
|
|
| 672 | 672 |
issuer=models_utils.get_issuer(entity_id), |
| 673 | 673 |
) |
| 674 | 674 |
.select_related('user', 'issuer')
|
| ... | ... | |
| 708 | 708 |
except lasso.Error as e: |
| 709 | 709 |
return HttpResponseBadRequest('error processing logout request: %r' % e)
|
| 710 | 710 |
if logout.msgBody: |
| 711 |
return HttpResponse(force_text(logout.msgBody), content_type='text/xml')
|
|
| 711 |
return HttpResponse(force_str(logout.msgBody), content_type='text/xml')
|
|
| 712 | 712 |
else: |
| 713 | 713 |
return HttpResponseRedirect(logout.msgUrl) |
| 714 | 714 | |
| tests/test_sso_slo.py | ||
|---|---|---|
| 210 | 210 |
if body: |
| 211 | 211 |
logout.processResponseMsg(force_str(body)) |
| 212 | 212 |
else: |
| 213 |
logout.processResponseMsg(force_str(url.split('?', 1)[-1]))
|
|
| 213 |
logout.processResponseMsg(url.split('?', 1)[-1])
|
|
| 214 | 214 | |
| 215 | 215 |
def process_logout_request_redirect(self, url): |
| 216 | 216 |
logout = lasso.Logout(self.server) |
| ... | ... | |
| 346 | 346 |
app.cookiejar.clear() |
| 347 | 347 | |
| 348 | 348 |
url, body, relay_state = idp.init_slo(method=lasso.HTTP_METHOD_SOAP) |
| 349 |
response = app.post(url, params=body, headers={'Content-Type': force_str('text/xml')})
|
|
| 349 |
response = app.post(url, params=body, headers={'Content-Type': 'text/xml'})
|
|
| 350 | 350 |
assert Session.objects.count() == 1 |
| 351 | 351 |
idp.check_slo_return(body=response.content) |
| 352 | 352 | |
| ... | ... | |
| 424 | 424 |
# idp logout |
| 425 | 425 |
app.cookiejar.clear() |
| 426 | 426 |
url, body, relay_state = idp.init_slo(method=lasso.HTTP_METHOD_SOAP, full=True) |
| 427 |
response = app.post(url, params=body, headers={'Content-Type': force_str('text/xml')})
|
|
| 427 |
response = app.post(url, params=body, headers={'Content-Type': 'text/xml'})
|
|
| 428 | 428 |
assert Session.objects.count() == 0 |
| 429 | 429 |
idp.check_slo_return(body=response.content) |
| 430 | 430 | |
| ... | ... | |
| 677 | 677 |
assert 'MELLON_PASSIVE_TRIED' not in app.cookies |
| 678 | 678 |
# webtest-lint is against unicode |
| 679 | 679 |
app.set_cookie('IDP_SESSION', '1')
|
| 680 |
response = app.get('/', headers={'Accept': force_str('text/html')}, status=302)
|
|
| 680 |
response = app.get('/', headers={'Accept': 'text/html'}, status=302)
|
|
| 681 | 681 |
assert urlparse.urlparse(response.location).path == '/login/' |
| 682 | 682 |
assert urlparse.parse_qs(urlparse.urlparse(response.location).query, keep_blank_values=True) == {
|
| 683 | 683 |
'next': ['http://testserver/'], |
| ... | ... | |
| 695 | 695 | |
| 696 | 696 |
# check passive authentication is tried again |
| 697 | 697 |
app.set_cookie('IDP_SESSION', '1')
|
| 698 |
response = app.get('/', headers={'Accept': force_str('text/html')}, status=302)
|
|
| 698 |
response = app.get('/', headers={'Accept': 'text/html'}, status=302)
|
|
| 699 | 699 |
assert urlparse.urlparse(response.location).path == '/login/' |
| 700 | 700 |
assert urlparse.parse_qs(urlparse.urlparse(response.location).query, keep_blank_values=True) == {
|
| 701 | 701 |
'next': ['http://testserver/'], |
| ... | ... | |
| 709 | 709 |
assert 'MELLON_PASSIVE_TRIED' not in app.cookies |
| 710 | 710 |
# webtest-lint is against unicode |
| 711 | 711 |
app.set_cookie('IDP_SESSION', '1')
|
| 712 |
app.get('/?no-passive-auth', headers={'Accept': force_str('text/html')}, status=200)
|
|
| 712 |
app.get('/?no-passive-auth', headers={'Accept': 'text/html'}, status=200)
|
|
| 713 | 713 | |
| 714 | 714 | |
| 715 | 715 |
def test_sso_user_change(db, app, idp, caplog, sp_settings): |
| tests/test_views.py | ||
|---|---|---|
| 22 | 22 |
import lasso |
| 23 | 23 |
import pytest |
| 24 | 24 |
from django.urls import reverse |
| 25 |
from django.utils.encoding import force_text
|
|
| 25 |
from django.utils.encoding import force_str
|
|
| 26 | 26 |
from django.utils.http import urlencode |
| 27 | 27 |
from httmock import HTTMock |
| 28 | 28 |
from utils import error_500, html_response |
| ... | ... | |
| 271 | 271 |
def artifact(): |
| 272 | 272 |
entity_id = b'http://idp5/metadata' |
| 273 | 273 |
token = b'x' * 20 |
| 274 |
return force_text(base64.b64encode(b'\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token))
|
|
| 274 |
return force_str(base64.b64encode(b'\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token))
|
|
| 275 | 275 | |
| 276 | 276 | |
| 277 | 277 |
def test_error_500_on_artifact_resolve(private_settings, client, caplog, artifact): |
| 278 |
- |
|