0001-misc-simplify-identification-subsystem-selection-pic.patch

Frédéric Péters, 04 décembre 2022 17:50

Voir les différences: en ligne côte à côte

Subject: [PATCH] misc: simplify identification subsystem selection (pick saml
 or first) (#72001)

 tests/test_auth_pages.py | 40 +++++++++++----------
 wcs/root.py              | 78 ++++------------------------------------
 2 files changed, 27 insertions(+), 91 deletions(-)

     def pub_2auth(pub):
         pub.cfg['identification'] = {'methods': ['password', 'idp']}
         pub.write_cfg()
         # setup saml
         from wcs.qommon.ident.idp import MethodAdminDirectory
         from .test_saml_auth import setup_idps
         pub.cfg['sp'] = {
             'saml2_metadata': 'saml2-metadata.xml',
             'saml2_base_url': 'http://example.net/saml',
             'saml2_providerid': 'http://example.net/saml/metadata',
+        }
         MethodAdminDirectory().generate_rsa_keypair()
         setup_idps(pub)
         return pub
-...
     def test_login_2auth(pub_2auth):
         # check sso is initiated if there is both password and saml support
         resp = get_app(pub_2auth).get('/').click('Login').follow()
         resp.form['method'] = 'Username / password'
         resp = resp.form.submit().follow()
         resp.form['username'] = 'foo'
         resp.form['password'] = 'foo'
         resp = resp.form.submit().follow()
         assert '/logout' in resp.text
         resp = get_app(pub_2auth).get('/').click('Login').follow()
         resp.form['method'] = 'SAML identity provider'
         resp = resp.form.submit().follow()
         assert 'SSO support is not yet configured' in resp.text
         assert resp.location.startswith('http://sso.example.net/saml')
     def test_register_2auth(pub_2auth):
         pub_2auth.cfg['identities'] = {'creation': 'self'}
         pub_2auth.cfg['saml_identities'] = {
             'identity-creation': 'self',
             'registration-url': 'http://sso.example.net/registration',
+        }
         pub_2auth.write_cfg()
         resp = get_app(pub_2auth).get('/register/')
         resp.form['method'] = 'Username / password'
         resp = resp.form.submit().follow()
         assert 'New Account' in resp.text
         resp = get_app(pub_2auth).get('/register/')
         resp.form['method'] = 'SAML identity provider'
         assert resp.form.submit().location == 'http://example.net/ident/idp/register'
         assert resp.location == 'http://sso.example.net/registration'

     import json
     import os
     import re
     import urllib.parse
     from importlib import import_module
     from quixote import get_publisher, get_request, get_response, get_session, get_session_manager, redirect
     from quixote.directory import Directory
     from quixote.html import TemplateIO, htmltext
     from quixote.util import StaticDirectory
     from . import portfolio
-...
     from .myspace import MyspaceDirectory
     from .qommon import _, errors, get_cfg, ident, misc, saml2, template
     from .qommon.afterjobs import AfterJobStatusDirectory
     from .qommon.form import Form, RadiobuttonsWidget
     from .qommon.upload_storage import UploadStorageError, get_storage_object
-...
                 # to saml login.
                 ident_methods = ['idp']
             if len(ident_methods) == 1:
                 method = ident_methods[0]
                 try:
                     return ident.login(method)
                 except KeyError as e:
                     msg = _('Failed to login with method %s') % method
                     get_publisher().record_error(msg, exception=e)
                     return errors.TraversalError(msg)
             else:
                 form = Form(enctype='multipart/form-data')
                 form.add(
                     RadiobuttonsWidget,
                     'method',
                     options=[
                         (x.key, x.description) for x in ident.get_method_classes() if x.key in ident_methods
                     ],
                     delim=htmltext('<br/>'),
+                )
                 form.add_submit('submit', _('Submit'))
                 if form.is_submitted() and not form.has_errors():
                     method = form.get_widget('method').parse()
                     if get_publisher().ident_methods.get(method)().is_interactive():
                         login_url = '../ident/%s/login' % method
                         if get_request().form.get('next'):
                             login_url += '?' + urllib.parse.urlencode({'next': get_request().form.get('next')})
                         return redirect(login_url)
                     else:
                         try:
                             return ident.login(method)
                         except KeyError as e:
                             get_publisher().record_error(
                                 _('Failed to login with method %s') % method, exception=e
+                            )
                             return errors.TraversalError()
                 else:
                     template.html_top(_('Login'))
                     r = TemplateIO(html=True)
                     r += htmltext('<p>%s</p>') % _('Select the identification method you want to use:')
                     r += form.render()
                     return r.getvalue()
             # always prefer idp (saml), fallback to first configured method
             method = 'idp' if 'idp' in ident_methods else ident_methods[0]
             return ident.login(method)
         def _q_lookup(self, component):
             try:
-...
                     return template.error_page(_('Authentication subsystem is not yet configured.'))
                 ident_methods = ['idp']  # fallback to old behaviour; saml.
             if len(ident_methods) == 1:
                 method = ident_methods[0]
                 try:
                     return ident.register(method)
                 except KeyError as e:
                     get_publisher().record_error(_('Failed to register with method %s') % method, exception=e)
                     return errors.TraversalError()
             else:
                 form = Form(enctype='multipart/form-data')
                 form.add(
                     RadiobuttonsWidget,
                     'method',
                     options=[
                         (x.key, x.description) for x in ident.get_method_classes() if x.key in ident_methods
                     ],
                     delim=htmltext('<br/>'),
+                )
                 form.add_submit('submit', _('Submit'))
                 if form.is_submitted() and not form.has_errors():
                     method = form.get_widget('method').parse()
                     return redirect('../ident/%s/register' % method)
                 else:
                     template.html_top(_('Register'))
                     r = TemplateIO(html=True)
                     r += htmltext('<p>%s</p>') % _('Select the registration method you want to use:')
                     r += htmltext(form.render())
                     return r.getvalue()
             # always prefer idp (saml), fallback to first configured method
             method = 'idp' if 'idp' in ident_methods else ident_methods[0]
             return ident.register(method)
         def _q_lookup(self, component):
             try:
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-misc-simplify-identification-subsystem-selection-pic.patch