0001-Add-a-model-to-store-user-NameID-mapping-7085.patch
mellon/adapters.py | ||
---|---|---|
4 | 4 |
from django.contrib import auth |
5 | 5 |
from django.contrib.auth.models import Group |
6 | 6 | |
7 |
from . import utils, app_settings |
|
7 |
from . import utils, app_settings, models
|
|
8 | 8 | |
9 | 9 |
log = logging.getLogger(__name__) |
10 | 10 | |
... | ... | |
45 | 45 |
else: |
46 | 46 |
return username |
47 | 47 | |
48 |
def lookup_user(self, idp, saml_attributes): |
|
48 |
def lookup_user_by_name_id(self, idp, saml_attributes): |
|
49 |
User = auth.get_user_model() |
|
50 |
name_id = saml_attributes['name_id_content'] |
|
51 |
issuer = saml_attributes['issuer'] |
|
52 |
try: |
|
53 |
return User.objects.get(saml_identifiers__name_id=name_id, |
|
54 |
saml_identifiers__issuer=issuer) |
|
55 |
except User.DoesNotExist: |
|
56 |
pass |
|
57 | ||
58 |
def lookup_user_by_username(self, idp, saml_attributes): |
|
49 | 59 |
User = auth.get_user_model() |
50 | 60 |
username = self.format_username(idp, saml_attributes) |
51 | 61 |
if not username: |
... | ... | |
60 | 70 |
return |
61 | 71 |
return user |
62 | 72 | |
73 |
def lookup_user(self, idp, saml_attributes): |
|
74 |
lookup_methods = utils.get_setting(idp, 'LOOKUP_METHODS') |
|
75 |
for method in lookup_methods: |
|
76 |
if method == 'name_id': |
|
77 |
user = self.lookup_user_by_name_id(idp, saml_attributes) |
|
78 |
if method == 'username': |
|
79 |
user = self.lookup_user_by_username(idp, saml_attributes) |
|
80 |
if not user is None: |
|
81 |
return user |
|
82 | ||
63 | 83 |
def provision(self, user, idp, saml_attributes): |
84 |
self.provision_name_id(user, idp, saml_attributes) |
|
64 | 85 |
self.provision_attribute(user, idp, saml_attributes) |
65 | 86 |
self.provision_superuser(user, idp, saml_attributes) |
66 | 87 |
self.provision_groups(user, idp, saml_attributes) |
67 | 88 | |
89 |
def provision_name_id(self, user, idp, saml_attributes): |
|
90 |
models.UserSAMLIdentifier.objects.get_or_create( |
|
91 |
user=user, |
|
92 |
issuer=saml_attributes['issuer'], |
|
93 |
name_id=saml_attributes['name_id_content']) |
|
94 | ||
68 | 95 |
def provision_attribute(self, user, idp, saml_attributes): |
69 | 96 |
realm = utils.get_setting(idp, 'REALM') |
70 | 97 |
attribute_mapping = utils.get_setting(idp, 'ATTRIBUTE_MAPPING') |
mellon/app_settings.py | ||
---|---|---|
25 | 25 |
'CREATE_GROUP': True, |
26 | 26 |
'ERROR_URL': None, |
27 | 27 |
'ERROR_REDIRECT_AFTER_TIMEOUT': 120, |
28 |
'LOOKUP_METHODS': ['name_id', 'username'], |
|
28 | 29 |
} |
29 | 30 | |
30 | 31 |
@property |
mellon/migrations/0001_initial.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 |
from django.conf import settings |
|
6 | ||
7 | ||
8 |
class Migration(migrations.Migration): |
|
9 | ||
10 |
dependencies = [ |
|
11 |
migrations.swappable_dependency(settings.AUTH_USER_MODEL), |
|
12 |
] |
|
13 | ||
14 |
operations = [ |
|
15 |
migrations.CreateModel( |
|
16 |
name='UserSAMLIdentifier', |
|
17 |
fields=[ |
|
18 |
('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), |
|
19 |
('issuer', models.TextField(verbose_name='Issuer')), |
|
20 |
('name_id', models.TextField(verbose_name='SAML identifier')), |
|
21 |
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')), |
|
22 |
('user', models.ForeignKey(related_name='saml_identifiers', verbose_name='user', to=settings.AUTH_USER_MODEL)), |
|
23 |
], |
|
24 |
options={ |
|
25 |
'verbose_name': 'user SAML identifier', |
|
26 |
'verbose_name_plural': 'users SAML identifiers', |
|
27 |
}, |
|
28 |
bases=(models.Model,), |
|
29 |
), |
|
30 |
migrations.AlterUniqueTogether( |
|
31 |
name='usersamlidentifier', |
|
32 |
unique_together=set([('issuer', 'name_id')]), |
|
33 |
), |
|
34 |
] |
mellon/models.py | ||
---|---|---|
1 | 1 |
from django.db import models |
2 |
from django.utils.translation import ugettext_lazy as _ |
|
3 |
from django.conf import settings |
|
2 | 4 | |
3 |
# Create your models here. |
|
5 |
class UserSAMLIdentifier(models.Model): |
|
6 |
user = models.ForeignKey( |
|
7 |
verbose_name=_('user'), |
|
8 |
to=settings.AUTH_USER_MODEL, |
|
9 |
related_name='saml_identifiers') |
|
10 |
issuer = models.TextField( |
|
11 |
verbose_name=_('Issuer')) |
|
12 |
name_id = models.TextField( |
|
13 |
verbose_name=_('SAML identifier')) |
|
14 |
created = models.DateTimeField( |
|
15 |
verbose_name=_('created'), |
|
16 |
auto_now_add=True) |
|
17 | ||
18 |
class Meta: |
|
19 |
verbose_name = _('user SAML identifier') |
|
20 |
verbose_name_plural = _('users SAML identifiers') |
|
21 |
unique_together = (('issuer', 'name_id'),) |
|
4 |
- |