Projet

Général

Profil

0004-misc-keep-nameid-attributes-to-rebuild-it-69740.patch

Benjamin Dauvergne, 04 octobre 2022 11:47

Télécharger (5,77 ko)

Voir les différences: 

Subject: [PATCH 4/8] misc: keep nameid attributes to rebuild it (#69740)

Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.

 mellon/adapters.py                          | 14 +++++++--
 mellon/migrations/0006_nameid_attributes.py | 33 +++++++++++++++++++++
 mellon/models.py                            |  5 ++++
 mellon/views.py                             |  7 ++++-
 4 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 mellon/migrations/0006_nameid_attributes.py
mellon/adapters.py
350 350 
            created = True
351 351 
            user = self.create_user(User)
352 352 

  		




  353
  
  
    
        nameid_user = self._link_user(idp, saml_attributes, entity_id, name_id, user)

  		




  
  353
  
    
        nameid_user = self._link_user(idp, saml_attributes, user)

  		




  354
  354
  
    
        if user != nameid_user:

  		




  355
  355
  
    
            logger.info(

  		




  356
  356
  
    
                'mellon: looked up user %s with name_id %s from issuer %s', nameid_user, name_id, entity_id

  		




  ......




  458
  458
  
    
            )

  		




  459
  459
  
    
        return None

  		




  460
  460
  
    

  		




  461
  
  
    
    def _link_user(self, idp, saml_attributes, entity_id, name_id, user):

  		




  
  461
  
    
    def _link_user(self, idp, saml_attributes, user):

  		




  462
  462
  
    
        saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(

  		




  463
  
  
    
            name_id=name_id, issuer=models_utils.get_issuer(entity_id), defaults={'user': user}

  		




  
  463
  
    
            name_id=saml_attributes['name_id_content'],

  		




  
  464
  
    
            issuer=models_utils.get_issuer(saml_attributes['issuer']),

  		




  
  465
  
    
            defaults={

  		




  
  466
  
    
                'user': user,

  		




  
  467
  
    
                'nid_format': saml_attributes['name_id_format'],

  		




  
  468
  
    
                'nid_name_qualifier': saml_attributes.get('name_id_name_qualifier'),

  		




  
  469
  
    
                'nid_sp_name_qualifier': saml_attributes.get('name_id_sp_name_qualifier'),

  		




  
  470
  
    
                'nid_sp_provided_id': saml_attributes.get('name_id_sp_provided_id'),

  		




  
  471
  
    
            },

  		




  464
  472
  
    
        )

  		




  465
  473
  
    
        if created:

  		




  466
  474
  
    
            user.saml_identifier = saml_id

  		












  

    
      mellon/migrations/0006_nameid_attributes.py
    
  





  
  1
  
    
# Generated by Django 2.2.26 on 2022-10-03 10:09

  		




  
  2
  
    

  		




  
  3
  
    
from django.db import migrations, models

  		




  
  4
  
    

  		




  
  5
  
    

  		




  
  6
  
    
class Migration(migrations.Migration):

  		




  
  7
  
    

  		




  
  8
  
    
    dependencies = [

  		




  
  9
  
    
        ('mellon', '0005_drop_rename_issuer'),

  		




  
  10
  
    
    ]

  		




  
  11
  
    

  		




  
  12
  
    
    operations = [

  		




  
  13
  
    
        migrations.AddField(

  		




  
  14
  
    
            model_name='usersamlidentifier',

  		




  
  15
  
    
            name='nid_format',

  		




  
  16
  
    
            field=models.TextField(null=True, verbose_name='NameID Format'),

  		




  
  17
  
    
        ),

  		




  
  18
  
    
        migrations.AddField(

  		




  
  19
  
    
            model_name='usersamlidentifier',

  		




  
  20
  
    
            name='nid_name_qualifier',

  		




  
  21
  
    
            field=models.TextField(null=True, verbose_name='NameID NameQualifier'),

  		




  
  22
  
    
        ),

  		




  
  23
  
    
        migrations.AddField(

  		




  
  24
  
    
            model_name='usersamlidentifier',

  		




  
  25
  
    
            name='nid_sp_name_qualifier',

  		




  
  26
  
    
            field=models.TextField(null=True, verbose_name='NameID SPNameQualifier'),

  		




  
  27
  
    
        ),

  		




  
  28
  
    
        migrations.AddField(

  		




  
  29
  
    
            model_name='usersamlidentifier',

  		




  
  30
  
    
            name='nid_sp_provided_id',

  		




  
  31
  
    
            field=models.TextField(null=True, verbose_name='SAML NameID SPPRovidedID'),

  		




  
  32
  
    
        ),

  		




  
  33
  
    
    ]

  		












  

    
      mellon/models.py
    
  





  32
  32
  
    
    created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True)

  		




  33
  33
  
    
    issuer = models.ForeignKey('mellon.Issuer', verbose_name=_('Issuer'), null=True, on_delete=models.CASCADE)

  		




  34
  34
  
    

  		




  
  35
  
    
    nid_format = models.TextField(verbose_name=_('NameID Format'), null=True)

  		




  
  36
  
    
    nid_name_qualifier = models.TextField(verbose_name=_('NameID NameQualifier'), null=True)

  		




  
  37
  
    
    nid_sp_name_qualifier = models.TextField(verbose_name=_('NameID SPNameQualifier'), null=True)

  		




  
  38
  
    
    nid_sp_provided_id = models.TextField(verbose_name=('SAML NameID SPPRovidedID'), null=True)

  		




  
  39
  
    

  		




  35
  40
  
    
    class Meta:

  		




  36
  41
  
    
        verbose_name = _('user SAML identifier')

  		




  37
  42
  
    
        verbose_name_plural = _('users SAML identifiers')

  		












  

    
      mellon/views.py
    
  





  268
  268
  
    
            name_id = login.nameIdentifier

  		




  269
  269
  
    
            name_id_format = force_str(name_id.format or lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED)

  		




  270
  270
  
    
            attributes.update(

  		




  271
  
  
    
                {'name_id_content': lasso_decode(name_id.content), 'name_id_format': name_id_format}

  		




  
  271
  
    
                {

  		




  
  272
  
    
                    'name_id_content': lasso_decode(name_id.content),

  		




  
  273
  
    
                    'name_id_format': name_id_format,

  		




  
  274
  
    
                }

  		




  272
  275
  
    
            )

  		




  273
  276
  
    
            if name_id.nameQualifier:

  		




  274
  277
  
    
                attributes['name_id_name_qualifier'] = force_str(name_id.nameQualifier)

  		




  275
  278
  
    
            if name_id.spNameQualifier:

  		




  276
  279
  
    
                attributes['name_id_sp_name_qualifier'] = force_str(name_id.spNameQualifier)

  		




  
  280
  
    
            if name_id.spProvidedId:

  		




  
  281
  
    
                attributes['name_id_provided_id'] = force_str(name_id.spProvidedId)

  		




  277
  282
  
    
        authn_statement = login.assertion.authnStatement[0]

  		




  278
  283
  
    
        if authn_statement.authnInstant:

  		




  279
  284
  
    
            attributes['authn_instant'] = utils.iso8601_to_datetime(authn_statement.authnInstant)

  		




  280
  
  
    
-