Projet

Général

Profil

0001-misc-remove-dead-code-for-authorize_service-signal-6.patch

Benjamin Dauvergne, 07 octobre 2022 15:26

Télécharger (2,81 ko)

Voir les différences: 

Subject: [PATCH 1/3] misc: remove dead code for authorize_service signal
 (#69992)


 src/authentic2/idp/saml/saml2_endpoints.py | 28 ----------------------
 src/authentic2/idp/signals.py              |  6 -----
 2 files changed, 34 deletions(-)
src/authentic2/idp/saml/saml2_endpoints.py
823 823 
    if nid_format == 'transient':
824 824 
        transient = True
825 825 

  		




  826
  
  
    
    decisions = idp_signals.authorize_service.send(

  		




  827
  
  
    
        sender=None, request=request, user=request.user, audience=login.remoteProviderId, attributes={}

  		




  828
  
  
    
    )

  		




  829
  
  
    
    logger.debug('signal authorize_service sent')

  		




  830
  
  
    

  		




  831
  
  
    
    # You don't dream. By default, access granted.

  		




  832
  
  
    
    # We catch denied decisions i.e. dic['authz'] = False

  		




  833
  
  
    
    access_granted = True

  		




  834
  
  
    
    for decision in decisions:

  		




  835
  
  
    
        logger.debug('authorize_service connected to function %s', decision[0].__name__)

  		




  836
  
  
    
        dic = decision[1]

  		




  837
  
  
    
        if dic and 'authz' in dic:

  		




  838
  
  
    
            logger.debug('decision is %s', dic['authz'])

  		




  839
  
  
    
            if 'message' in dic:

  		




  840
  
  
    
                logger.debug('with message %s', dic['message'])

  		




  841
  
  
    
            if not dic['authz']:

  		




  842
  
  
    
                logger.debug('access denied by an external function')

  		




  843
  
  
    
                access_granted = False

  		




  844
  
  
    
        else:

  		




  845
  
  
    
            logger.debug('no function connected to authorize_service')

  		




  846
  
  
    

  		




  847
  
  
    
    if not access_granted:

  		




  848
  
  
    
        logger.debug('access denied, return answer to the requester')

  		




  849
  
  
    
        set_saml2_response_responder_status_code(

  		




  850
  
  
    
            login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=str(dic['message'])

  		




  851
  
  
    
        )

  		




  852
  
  
    
        return finish_sso(request, login)

  		




  853
  
  
    

  		




  854
  826
  
    
    provider = load_provider(request, login.remoteProviderId, server=login.server)

  		




  855
  827
  
    
    if not provider:

  		




  856
  828
  
    
        return error_page(request, _('Provider %s is unknown') % login.remoteProviderId, logger=logger)

  		












  

    
      src/authentic2/idp/signals.py
    
  





  16
  16
  
    

  		




  17
  17
  
    
from django.dispatch import Signal

  		




  18
  18
  
    

  		




  19
  
  
    
# authorize_decision

  		




  20
  
  
    
# Expect a dictionnaries as return with:

  		




  21
  
  
    
#  - the authorization decision e.g. dic['authz'] = True or False

  		




  22
  
  
    
#  - optionnaly a message e.g. dic['message'] = message

  		




  23
  
  
    
authorize_service = Signal(providing_args=["request", "user", "audience", "attributes"])

  		




  24
  
  
    

  		




  25
  19
  
    
# avoid_consent

  		




  26
  20
  
    
# Expect a boolean e.g. dic['avoid_consent'] = True or False

  		




  27
  21
  
    
avoid_consent = Signal(providing_args=["request", "user", "audience"])

  		




  28
  
  
    
-