0001-auth_saml-add-name-id-policy-format-choices-70750.patch
src/authentic2_auth_saml/migrations/0001_initial.py | ||
---|---|---|
4 | 4 |
import django.db.models.deletion |
5 | 5 |
from django.db import migrations, models |
6 | 6 | |
7 |
from authentic2_auth_saml.models import NAME_ID_FORMAT_CHOICES |
|
8 | ||
7 | 9 | |
8 | 10 |
class Migration(migrations.Migration): |
9 | 11 | |
... | ... | |
108 | 110 |
help_text='The NameID format to request.', |
109 | 111 |
max_length=64, |
110 | 112 |
verbose_name='NameID policy format', |
113 |
choices=NAME_ID_FORMAT_CHOICES, |
|
111 | 114 |
), |
112 | 115 |
), |
113 | 116 |
( |
src/authentic2_auth_saml/models.py | ||
---|---|---|
14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 |
import lasso |
|
17 | 18 |
from django.conf import settings |
18 | 19 |
from django.contrib.postgres.fields import JSONField |
19 | 20 |
from django.core.exceptions import ValidationError |
... | ... | |
27 | 28 |
) |
28 | 29 |
from authentic2.utils.misc import redirect_to_login |
29 | 30 | |
31 |
NAME_ID_FORMAT_CHOICES = ( |
|
32 |
('', _('None')), |
|
33 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, _('Persistent')), |
|
34 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, _('Transient')), |
|
35 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, _('Email')), |
|
36 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, _('UUID')), |
|
37 |
) |
|
38 | ||
30 | 39 | |
31 | 40 |
class SAMLAuthenticator(BaseAuthenticator): |
32 | 41 |
metadata_url = models.URLField(_('Metadata URL'), max_length=300, blank=True) |
... | ... | |
75 | 84 |
default='{attributes[name_id_content]}@{realm}', |
76 | 85 |
) |
77 | 86 |
name_id_policy_format = models.CharField( |
78 |
_('NameID policy format'), max_length=64, help_text=_('The NameID format to request.'), blank=True |
|
87 |
_('NameID policy format'), |
|
88 |
max_length=64, |
|
89 |
choices=NAME_ID_FORMAT_CHOICES, |
|
90 |
help_text=_('The NameID format to request.'), |
|
91 |
blank=True, |
|
79 | 92 |
) |
80 | 93 |
name_id_policy_allow_create = models.BooleanField(_('NameID policy allow create'), default=True) |
81 | 94 |
force_authn = models.BooleanField( |
tests/test_manager_authenticators.py | ||
---|---|---|
501 | 501 |
assert 'SAML - idp1' in resp.text |
502 | 502 | |
503 | 503 | |
504 |
def test_authenticators_saml_name_id_format_select(app, superuser): |
|
505 |
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1') |
|
506 | ||
507 |
resp = login(app, superuser, path='/manage/authenticators/%s/edit/' % authenticator.pk) |
|
508 |
resp.form['name_id_policy_format'].select(text='Persistent') |
|
509 |
resp.form.submit().follow() |
|
510 | ||
511 |
authenticator.refresh_from_db() |
|
512 |
assert authenticator.name_id_policy_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' |
|
513 | ||
514 | ||
504 | 515 |
def test_authenticators_saml_attribute_lookup(app, superuser): |
505 | 516 |
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1') |
506 | 517 |
resp = login(app, superuser, path=authenticator.get_absolute_url()) |
507 |
- |