0001-views-add-a-VERIFY_SSL_CERTIFICATE-setting.patch

Benjamin Dauvergne, 10 juin 2015 11:51

Voir les différences: en ligne côte à côte

Subject: [PATCH] views: add a VERIFY_SSL_CERTIFICATE setting

It controls the validation of certificates by requests on artifact
resolve requests. It's a global and by idp setting.

fixes #7521

 README                 |  5 +++++
 mellon/app_settings.py |  1 +
 mellon/views.py        | 25 ++++++++++++++++++-------
 3 files changed, 24 insertions(+), 7 deletions(-)

     Timeout in seconds before automatically redirecting the user to the
     continue URL when authentication has failed. Default is 120 seconds.
     MELLON_VERIFY_SSL_CERTIFICATE
     -----------------------------
     Verify SSL certificate when doing HTTP requests, used when resolving artifacts.
     Default is True.
     Tests
     =====

mellon/app_settings.py
26	26	'ERROR_URL': None,
27	27	'ERROR_REDIRECT_AFTER_TIMEOUT': 120,
28	28	'DEFAULT_ASSERTION_CONSUMER_BINDING': 'post', # or artifact
	29	'VERIFY_SSL_CERTIFICATE': True,
29	30	}
30	31
31	32	@property

             super(LogMixin, self).__init__(*args, **kwargs)
     class LoginView(LogMixin, View):
         def get_idp(self, request):
             entity_id = request.REQUEST.get('entity_id')
         def get_idp(self, request, entity_id=None):
             if entity_id is None:
                 entity_id = request.REQUEST.get('entity_id')
             if not entity_id:
                 return next(utils.get_idps())
             else:
-...
             return HttpResponseRedirect(next_url)
         def continue_sso_artifact_get(self, request):
             login = utils.create_login(request)
             login.initRequest(request.META['QUERY_STRING'], lasso.HTTP_METHOD_ARTIFACT_GET)
             login.buildRequestMsg()
             idp_message = None
             status_codes = []
             login = utils.create_login(request)
             try:
                 login.initRequest(request.META['QUERY_STRING'], lasso.HTTP_METHOD_ARTIFACT_GET)
             except lasso.ServerProviderNotFoundError:
                 return HttpResponseBadRequest(
                     'no entity id found for this artifact %r' %
                     request.GET['SAMLart'])
             idp = utils.get_idp(login.remoteProviderId)
             if not idp:
                 return HttpResponseBadRequest(
                     'entity id %r is unknown' % login.remoteProviderId)
             verify_ssl_certificate = utils.get_setting(
                 idp, 'VERIFY_SSL_CERTIFICATE')
             login.buildRequestMsg()
             result = requests.post(login.msgUrl, data=login.msgBody,
                     headers={'content-type': 'text/xml'})
                     headers={'content-type': 'text/xml'}, verify=verify_ssl_certificate)
             if result.status_code != 200:
                 self.log.warning('SAML authentication failed: '\
                                  'IdP returned %s when given artifact' % result.status_code)
+    -

Projet

Général

Profil

Produits Entr'ouvert » django-mellon

0001-views-add-a-VERIFY_SSL_CERTIFICATE-setting.patch