0001-misc-remove-dead-code-for-authorize_service-signal-6.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
823 | 823 |
if nid_format == 'transient': |
824 | 824 |
transient = True |
825 | 825 | |
826 |
decisions = idp_signals.authorize_service.send( |
|
827 |
sender=None, request=request, user=request.user, audience=login.remoteProviderId, attributes={} |
|
828 |
) |
|
829 |
logger.debug('signal authorize_service sent') |
|
830 | ||
831 |
# You don't dream. By default, access granted. |
|
832 |
# We catch denied decisions i.e. dic['authz'] = False |
|
833 |
access_granted = True |
|
834 |
for decision in decisions: |
|
835 |
logger.debug('authorize_service connected to function %s', decision[0].__name__) |
|
836 |
dic = decision[1] |
|
837 |
if dic and 'authz' in dic: |
|
838 |
logger.debug('decision is %s', dic['authz']) |
|
839 |
if 'message' in dic: |
|
840 |
logger.debug('with message %s', dic['message']) |
|
841 |
if not dic['authz']: |
|
842 |
logger.debug('access denied by an external function') |
|
843 |
access_granted = False |
|
844 |
else: |
|
845 |
logger.debug('no function connected to authorize_service') |
|
846 | ||
847 |
if not access_granted: |
|
848 |
logger.debug('access denied, return answer to the requester') |
|
849 |
set_saml2_response_responder_status_code( |
|
850 |
login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=str(dic['message']) |
|
851 |
) |
|
852 |
return finish_sso(request, login) |
|
853 | ||
854 | 826 |
provider = load_provider(request, login.remoteProviderId, server=login.server) |
855 | 827 |
if not provider: |
856 | 828 |
return error_page(request, _('Provider %s is unknown') % login.remoteProviderId, logger=logger) |
src/authentic2/idp/signals.py | ||
---|---|---|
16 | 16 | |
17 | 17 |
from django.dispatch import Signal |
18 | 18 | |
19 |
# authorize_decision |
|
20 |
# Expect a dictionnaries as return with: |
|
21 |
# - the authorization decision e.g. dic['authz'] = True or False |
|
22 |
# - optionnaly a message e.g. dic['message'] = message |
|
23 |
authorize_service = Signal(providing_args=["request", "user", "audience", "attributes"]) |
|
24 | ||
25 | 19 |
# avoid_consent |
26 | 20 |
# Expect a boolean e.g. dic['avoid_consent'] = True or False |
27 | 21 |
avoid_consent = Signal(providing_args=["request", "user", "audience"]) |
28 |
- |