0001-auth_saml-add-name-id-policy-format-choices-70750.patch
| src/authentic2_auth_saml/migrations/0001_initial.py | ||
|---|---|---|
| 4 | 4 |
import django.db.models.deletion |
| 5 | 5 |
from django.db import migrations, models |
| 6 | 6 | |
| 7 |
from authentic2_auth_saml.models import NAME_ID_FORMAT_CHOICES |
|
| 8 | ||
| 7 | 9 | |
| 8 | 10 |
class Migration(migrations.Migration): |
| 9 | 11 | |
| ... | ... | |
| 108 | 110 |
help_text='The NameID format to request.', |
| 109 | 111 |
max_length=64, |
| 110 | 112 |
verbose_name='NameID policy format', |
| 113 |
choices=NAME_ID_FORMAT_CHOICES, |
|
| 111 | 114 |
), |
| 112 | 115 |
), |
| 113 | 116 |
( |
| src/authentic2_auth_saml/models.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
import lasso |
|
| 17 | 18 |
from django.conf import settings |
| 18 | 19 |
from django.contrib.postgres.fields import JSONField |
| 19 | 20 |
from django.core.exceptions import ValidationError |
| ... | ... | |
| 27 | 28 |
) |
| 28 | 29 |
from authentic2.utils.misc import redirect_to_login |
| 29 | 30 | |
| 31 |
NAME_ID_FORMAT_CHOICES = ( |
|
| 32 |
('', _('None')),
|
|
| 33 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, _('Persistent')),
|
|
| 34 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, _('Transient')),
|
|
| 35 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, _('Email')),
|
|
| 36 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, _('UUID')),
|
|
| 37 |
) |
|
| 38 | ||
| 30 | 39 | |
| 31 | 40 |
class SAMLAuthenticator(BaseAuthenticator): |
| 32 | 41 |
metadata_url = models.URLField(_('Metadata URL'), max_length=300, blank=True)
|
| ... | ... | |
| 75 | 84 |
default='{attributes[name_id_content]}@{realm}',
|
| 76 | 85 |
) |
| 77 | 86 |
name_id_policy_format = models.CharField( |
| 78 |
_('NameID policy format'), max_length=64, help_text=_('The NameID format to request.'), blank=True
|
|
| 87 |
_('NameID policy format'),
|
|
| 88 |
max_length=64, |
|
| 89 |
choices=NAME_ID_FORMAT_CHOICES, |
|
| 90 |
help_text=_('The NameID format to request.'),
|
|
| 91 |
blank=True, |
|
| 79 | 92 |
) |
| 80 | 93 |
name_id_policy_allow_create = models.BooleanField(_('NameID policy allow create'), default=True)
|
| 81 | 94 |
force_authn = models.BooleanField( |
| tests/test_manager_authenticators.py | ||
|---|---|---|
| 501 | 501 |
assert 'SAML - idp1' in resp.text |
| 502 | 502 | |
| 503 | 503 | |
| 504 |
def test_authenticators_saml_name_id_format_select(app, superuser): |
|
| 505 |
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1') |
|
| 506 | ||
| 507 |
resp = login(app, superuser, path='/manage/authenticators/%s/edit/' % authenticator.pk) |
|
| 508 |
resp.form['name_id_policy_format'].select(text='Persistent') |
|
| 509 |
resp.form.submit().follow() |
|
| 510 | ||
| 511 |
authenticator.refresh_from_db() |
|
| 512 |
assert authenticator.name_id_policy_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' |
|
| 513 | ||
| 514 | ||
| 504 | 515 |
def test_authenticators_saml_attribute_lookup(app, superuser): |
| 505 | 516 |
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1') |
| 506 | 517 |
resp = login(app, superuser, path=authenticator.get_absolute_url()) |
| 507 |
- |
|