10 |
10 |
from authentic2 import app_settings
|
11 |
11 |
from authentic2.compat import get_user_model
|
12 |
12 |
from authentic2.compat_lasso import lasso
|
|
13 |
from authentic2.models import Attribute
|
13 |
14 |
from authentic2.saml.models import LibertyProvider, SPOptionsIdPPolicy, SAMLAttribute
|
14 |
15 |
from django.contrib.contenttypes.models import ContentType
|
15 |
16 |
from django.contrib.auth.models import Group
|
... | ... | |
64 |
65 |
user.is_superuser = True
|
65 |
66 |
user.save()
|
66 |
67 |
|
|
68 |
# create/update user attributes
|
|
69 |
fields = []
|
|
70 |
disabled_fields = []
|
|
71 |
for attribute in hobo_environment.get('profile', {}).get('fields'):
|
|
72 |
if attribute['name'] in ('first_name', 'last_name', 'email'):
|
|
73 |
# those fields are hardcoded in the user model
|
|
74 |
continue
|
|
75 |
attr, created = Attribute.objects.get_or_create(name=attribute['name'])
|
|
76 |
for key in ('label', 'description', 'asked_on_registration',
|
|
77 |
'user_editable', 'user_visible', 'kind'):
|
|
78 |
setattr(attr, key, attribute[key])
|
|
79 |
if attribute['disabled']:
|
|
80 |
# don't actively remove attribute, just make sure it never
|
|
81 |
# gets displayed
|
|
82 |
attr.user_visible = False
|
|
83 |
attr.user_editable = False
|
|
84 |
attr.asked_on_registration = False
|
|
85 |
disabled_fields.append(attr.name)
|
|
86 |
else:
|
|
87 |
fields.append(attr.name)
|
|
88 |
attr.save()
|
|
89 |
|
67 |
90 |
# creation of IdpPolicy
|
68 |
91 |
policy, created = SPOptionsIdPPolicy.objects.get_or_create(name='Default')
|
69 |
92 |
if created:
|
... | ... | |
72 |
95 |
policy.accepted_name_id_format = ['username', 'persistent', 'email']
|
73 |
96 |
policy.save()
|
74 |
97 |
|
75 |
|
policy_type = ContentType.objects.get_for_model(SPOptionsIdPPolicy)
|
76 |
|
# create SAML default policy attributes
|
77 |
|
for name in ('username', 'first_name', 'last_name', 'email', 'is_superuser'):
|
78 |
|
SAMLAttribute.objects.get_or_create(name=name,
|
79 |
|
name_format='basic',
|
80 |
|
attribute_name='django_user_%s' % name,
|
81 |
|
object_id=policy.id,
|
82 |
|
content_type=policy_type
|
83 |
|
)
|
84 |
|
SAMLAttribute.objects.get_or_create(name='role',
|
|
98 |
policy_type = ContentType.objects.get_for_model(SPOptionsIdPPolicy)
|
|
99 |
|
|
100 |
# create SAML default policy attributes
|
|
101 |
for name in ['username', 'is_superuser'] + fields + disabled_fields:
|
|
102 |
attribute, created = SAMLAttribute.objects.get_or_create(name=name,
|
85 |
103 |
name_format='basic',
|
86 |
|
attribute_name='django_user_group_names',
|
|
104 |
attribute_name='django_user_%s' % name,
|
87 |
105 |
object_id=policy.id,
|
88 |
106 |
content_type=policy_type
|
|
107 |
)
|
|
108 |
attribute.enabled = not (name in disabled_fields)
|
|
109 |
attribute.save()
|
|
110 |
|
|
111 |
SAMLAttribute.objects.get_or_create(name='role',
|
|
112 |
name_format='basic',
|
|
113 |
attribute_name='django_user_group_names',
|
|
114 |
object_id=policy.id,
|
|
115 |
content_type=policy_type
|
89 |
116 |
)
|
90 |
117 |
|
91 |
118 |
# create or update Service Providers
|