0001-auth_saml-add-name-id-policy-format-choices-70750.patch
src/authentic2_auth_saml/migrations/0001_initial.py | ||
---|---|---|
5 | 5 |
from django.db import migrations, models |
6 | 6 | |
7 | 7 |
import authentic2_auth_saml.models |
8 |
from authentic2_auth_saml.models import NAME_ID_FORMAT_CHOICES |
|
8 | 9 | |
9 | 10 | |
10 | 11 |
class Migration(migrations.Migration): |
... | ... | |
117 | 118 |
help_text='The NameID format to request.', |
118 | 119 |
max_length=64, |
119 | 120 |
verbose_name='NameID policy format', |
121 |
choices=NAME_ID_FORMAT_CHOICES, |
|
120 | 122 |
), |
121 | 123 |
), |
122 | 124 |
( |
src/authentic2_auth_saml/models.py | ||
---|---|---|
32 | 32 |
) |
33 | 33 |
from authentic2.utils.misc import redirect_to_login |
34 | 34 | |
35 |
NAME_ID_FORMAT_CHOICES = ( |
|
36 |
('', _('None')), |
|
37 |
( |
|
38 |
lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, |
|
39 |
_('Persistent (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, |
|
40 |
), |
|
41 |
( |
|
42 |
lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, |
|
43 |
_('Transient (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, |
|
44 |
), |
|
45 |
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, _('Email (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL), |
|
46 |
( |
|
47 |
lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, |
|
48 |
_('Unspecified (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, |
|
49 |
), |
|
50 |
) |
|
51 | ||
35 | 52 | |
36 | 53 |
def validate_metadata(metadata): |
37 | 54 |
try: |
... | ... | |
88 | 105 |
default='{attributes[name_id_content]}@{realm}', |
89 | 106 |
) |
90 | 107 |
name_id_policy_format = models.CharField( |
91 |
_('NameID policy format'), max_length=64, help_text=_('The NameID format to request.'), blank=True |
|
108 |
_('NameID policy format'), |
|
109 |
max_length=64, |
|
110 |
choices=NAME_ID_FORMAT_CHOICES, |
|
111 |
help_text=_('The NameID format to request.'), |
|
112 |
blank=True, |
|
92 | 113 |
) |
93 | 114 |
name_id_policy_allow_create = models.BooleanField(_('NameID policy allow create'), default=True) |
94 | 115 |
force_authn = models.BooleanField( |
tests/test_manager_authenticators.py | ||
---|---|---|
565 | 565 |
assert 'SAML - idp1' in resp.text |
566 | 566 | |
567 | 567 | |
568 |
def test_authenticators_saml_name_id_format_select(app, superuser): |
|
569 |
authenticator = SAMLAuthenticator.objects.create(metadata_url='https://example.com/meta.xml', slug='idp1') |
|
570 | ||
571 |
resp = login(app, superuser, path='/manage/authenticators/%s/edit/' % authenticator.pk) |
|
572 |
resp.form['name_id_policy_format'].select( |
|
573 |
text='Persistent (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)' |
|
574 |
) |
|
575 |
resp.form.submit().follow() |
|
576 | ||
577 |
authenticator.refresh_from_db() |
|
578 |
assert authenticator.name_id_policy_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' |
|
579 | ||
580 | ||
568 | 581 |
def test_authenticators_saml_attribute_lookup(app, superuser): |
569 | 582 |
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1') |
570 | 583 |
resp = login(app, superuser, path=authenticator.get_absolute_url()) |
571 |
- |