0001-auth_saml-prefer-metadata-file-upload-over-metadata-.patch

Valentin Deniaud, 19 septembre 2022 16:51

Voir les différences: en ligne côte à côte

Subject: [PATCH] auth_saml: prefer metadata file upload over metadata path
 (#67451)

 src/authentic2/apps/authenticators/models.py  | 18 ++++++++++----
 src/authentic2_auth_saml/forms.py             |  5 ++++
 .../0009_samlauthenticator_metadata_file.py   | 22 +++++++++++++++++
 src/authentic2_auth_saml/models.py            | 21 ++++++++++++++--
 tests/test_manager_authenticators.py          | 24 +++++++++++++++----
 5 files changed, 79 insertions(+), 11 deletions(-)
 create mode 100644 src/authentic2_auth_saml/migrations/0009_samlauthenticator_metadata_file.py

     import datetime
     import logging
     import os
     import uuid
     from django.core.exceptions import ValidationError
     from django.db import models
     from django.db.models.fields.files import FieldFile
     from django.shortcuts import render, reverse
     from django.utils.formats import date_format
     from django.utils.html import format_html
     from django.utils.safestring import mark_safe
     from django.utils.text import capfirst
     from django.utils.translation import pgettext_lazy
     from django.utils.translation import ugettext_lazy as _
-...
                 if isinstance(value, datetime.datetime):
                     value = date_format(value, 'DATETIME_FORMAT')
                 yield _('%(field)s: %(value)s') % {
                     'field': capfirst(self._meta.get_field(field).verbose_name),
                     'value': value,
+                }
                 elif isinstance(value, FieldFile):
                     filename = os.path.basename(value.path)
                     value = mark_safe(f'<a href={value.url}>{filename}</a>')
                 yield format_html(
                     _('{field}: {value}'),
                     field=capfirst(self._meta.get_field(field).verbose_name),
                     value=value,
+                )
         def shown(self, ctx=()):
             if not self.show_condition:

                 'attribute_mapping',
+            )
         def __init__(self, *args, **kwargs):
             super().__init__(*args, **kwargs)
             if not self.initial.get('metadata_path'):
                 del self.fields['metadata_path']
     class SAMLAuthenticatorAdvancedForm(forms.ModelForm):
         class Meta:

     # Generated by Django 2.2.26 on 2022-09-19 13:46
     from django.db import migrations, models
     import authentic2_auth_saml.models
     class Migration(migrations.Migration):
         dependencies = [
             ('authentic2_auth_saml', '0008_auto_20220913_1105'),
+        ]
         operations = [
             migrations.AddField(
                 model_name='samlauthenticator',
                 name='metadata_file',
                 field=models.FileField(
                     blank=True, null=True, upload_to=authentic2_auth_saml.models.metadata_directory_path
                 ),
             ),
+        ]

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import uuid
     from django.conf import settings
     from django.contrib.postgres.fields import JSONField
     from django.core.exceptions import ValidationError
-...
     from authentic2.utils.misc import redirect_to_login
     def metadata_directory_path(instance, filename):
         return 'saml_authenticator_%s/%s/metadata.xml' % (instance.pk, uuid.uuid4())
     class SAMLAuthenticator(BaseAuthenticator):
         metadata_url = models.URLField(_('Metadata URL'), max_length=300, blank=True)
         metadata_cache_time = models.PositiveSmallIntegerField(_('Metadata cache time'), default=3600)
         metadata_http_timeout = models.PositiveSmallIntegerField(_('Metadata HTTP timeout'), default=10)
         metadata_file = models.FileField(null=True, blank=True, upload_to=metadata_directory_path)
         metadata_path = models.CharField(
             _('Metadata file path'),
             max_length=300,
-...
         type = 'saml'
         how = ['saml']
         manager_view_template_name = 'authentic2_auth_saml/authenticator_detail.html'
         description_fields = ['show_condition', 'metadata_url', 'metadata_path', 'metadata', 'provision']
         description_fields = [
             'show_condition',
             'metadata_url',
             'metadata_file',
             'metadata_path',
             'metadata',
             'provision',
+        ]
         class Meta:
             verbose_name = _('SAML')
-...
                 if not settings[setting]:
                     del settings[setting]
             if self.metadata_file:
                 settings['METADATA_PATH'] = self.metadata_file.path
             settings['LOOKUP_BY_ATTRIBUTES'] = [lookup.as_dict() for lookup in self.attribute_lookups.all()]
             settings['authenticator'] = self
-...
+            ]
         def clean(self):
             if not (self.metadata or self.metadata_path or self.metadata_url):
             if not (self.metadata or self.metadata_path or self.metadata_url or self.metadata_file):
                 raise ValidationError(_('One of the metadata fields must be filled.'))
         def autorun(self, request, block_id):

     import pytest
     from django import VERSION as DJ_VERSION
     from django.utils.html import escape
     from webtest import Upload
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2.apps.authenticators.models import BaseAuthenticator, LoginPasswordAuthenticator
-...
         authenticator = SAMLAuthenticator.objects.filter(slug='test').get()
         resp = app.get(authenticator.get_absolute_url())
         assert 'Create user if their username does not already exists: True' in resp.text
         assert 'Metadata file path' not in resp.text
         assert 'Metadata file' not in resp.text
         assert 'Enable' not in resp.text
         assert 'configuration is not complete' in resp.text
-...
         resp = resp.form.submit()
         assert 'One of the metadata fields must be filled.' in resp.text
         resp.form['metadata_path'] = '/var/lib/authentic2/metadata.xml'
         resp.form['metadata_file'] = Upload('metadata.xml', b'<xml>some-xml</xml>', 'text/xml')
         resp = resp.form.submit().follow()
         assert 'Metadata file path: /var/lib/authentic2/metadata.xml' in resp.text
         authenticator.refresh_from_db()
         assert 'Metadata file: <a href=%s>metadata.xml</a>' % authenticator.metadata_file.url in resp.text
         resp = resp.click('Enable').follow()
         assert 'Authenticator has been enabled.' in resp.text
-...
         assert 'Metadata cache time' not in resp.text
         assert 'Metadata HTTP timeout' not in resp.text
         resp.form['metadata_path'] = ''
         resp.form['metadata_url'] = 'https://example.com/metadata.xml'
         resp = resp.form.submit().follow()
-...
         assert 'Signing key is missing' not in resp.text
     def test_authenticators_saml_hide_metadata_path(app, superuser):
         authenticator = SAMLAuthenticator.objects.create(slug='idp1')
         resp = login(app, superuser)
         resp = app.get('/manage/authenticators/%s/edit/' % authenticator.pk)
         assert 'metadata_path' not in resp.form.fields
         authenticator.metadata_path = '/var/lib/authentic2/metadata.xml'
         authenticator.save()
         resp = app.get('/manage/authenticators/%s/edit/' % authenticator.pk)
         assert 'metadata_path' in resp.form.fields
     def test_authenticators_saml_attribute_lookup(app, superuser):
         authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1')
         resp = login(app, superuser, path=authenticator.get_absolute_url())
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-auth_saml-prefer-metadata-file-upload-over-metadata-.patch