| 1 |
|
try:
|
| 2 |
|
import lasso
|
| 3 |
|
except ImportError:
|
| 4 |
|
pass
|
| 5 |
|
|
| 6 |
|
from wcs.qommon import get_cfg, get_logger
|
| 7 |
|
import wcs.qommon.saml2
|
| 8 |
|
|
| 9 |
|
|
| 10 |
|
class Saml2Directory(wcs.qommon.saml2.Saml2Directory):
|
| 11 |
|
def extract_attributes(self, session, login):
|
| 12 |
|
"""Separate attributes as two dictionaries: one for last value, one for
|
| 13 |
|
the list of values."""
|
| 14 |
|
d = {}
|
| 15 |
|
m = {}
|
| 16 |
|
|
| 17 |
|
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
| 18 |
|
try:
|
| 19 |
|
assertion = lasso_session.getAssertions(None)[0]
|
| 20 |
|
except:
|
| 21 |
|
get_logger().warn('failed to lookup assertion')
|
| 22 |
|
return d, m
|
| 23 |
|
|
| 24 |
|
try:
|
| 25 |
|
for attribute in assertion.attributeStatement[0].attribute:
|
| 26 |
|
try:
|
| 27 |
|
d[attribute.name] = attribute.attributeValue[0].any[0].content
|
| 28 |
|
for attribute_value in attribute.attributeValue:
|
| 29 |
|
l = m.setdefault(attribute.name, [])
|
| 30 |
|
l.append(attribute_value.any[0].content)
|
| 31 |
|
except IndexError:
|
| 32 |
|
pass
|
| 33 |
|
except IndexError:
|
| 34 |
|
pass
|
| 35 |
|
return d, m
|
| 36 |
|
|
| 37 |
|
def fill_user_attributes(self, session, login, user):
|
| 38 |
|
wcs.qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user)
|
| 39 |
|
|
| 40 |
|
idp = wcs.qommon.saml2.get_remote_provider_cfg(login)
|
| 41 |
|
if not idp.get('attribute-mapping'):
|
| 42 |
|
self.legacy_fill_user_attributes(session, login, user)
|
| 43 |
|
|
| 44 |
|
def legacy_fill_user_attributes(self, session, login, user):
|
| 45 |
|
'''Fill fields using a legacy attribute to field varname mapping'''
|
| 46 |
|
d, m = self.extract_attributes(session, login)
|
| 47 |
|
users_cfg = get_cfg('users', {}) or {}
|
| 48 |
|
get_logger().debug('using legacy attribute filling')
|
| 49 |
|
|
| 50 |
|
# standard attributes
|
| 51 |
|
user.name = d.get('cn')
|
| 52 |
|
user.email = d.get('mail')
|
| 53 |
|
|
| 54 |
|
# email field
|
| 55 |
|
field_email = users_cfg.get('field_email')
|
| 56 |
|
if field_email:
|
| 57 |
|
user.form_data[field_email] = d.get('mail') or d.get('email')
|
| 58 |
|
|
| 59 |
|
# name field, this only works if there's a single field for the name
|
| 60 |
|
field_name_values = users_cfg.get('field_name')
|
| 61 |
|
if field_name_values:
|
| 62 |
|
if type(field_name_values) is str: # it was a string in previous versions
|
| 63 |
|
field_name_values = [field_name_values]
|
| 64 |
|
if len(field_name_values) == 1:
|
| 65 |
|
user.form_data[field_name_values[0]] = d.get('cn')
|
| 66 |
|
|
| 67 |
|
# other fields, matching is done on known LDAP attribute names and
|
| 68 |
|
# common variable names
|
| 69 |
|
extra_field_mappings = [
|
| 70 |
|
('gn', ('firstname', 'prenom')),
|
| 71 |
|
('givenName', ('firstname', 'prenom')),
|
| 72 |
|
(
|
| 73 |
|
'surname',
|
| 74 |
|
(
|
| 75 |
|
'surname',
|
| 76 |
|
'name',
|
| 77 |
|
'nom',
|
| 78 |
|
),
|
| 79 |
|
),
|
| 80 |
|
(
|
| 81 |
|
'sn',
|
| 82 |
|
(
|
| 83 |
|
'surname',
|
| 84 |
|
'name',
|
| 85 |
|
'nom',
|
| 86 |
|
),
|
| 87 |
|
),
|
| 88 |
|
(
|
| 89 |
|
'personalTitle',
|
| 90 |
|
(
|
| 91 |
|
'personalTitle',
|
| 92 |
|
'civilite',
|
| 93 |
|
),
|
| 94 |
|
),
|
| 95 |
|
(
|
| 96 |
|
'l',
|
| 97 |
|
(
|
| 98 |
|
'location',
|
| 99 |
|
'commune',
|
| 100 |
|
'ville',
|
| 101 |
|
),
|
| 102 |
|
),
|
| 103 |
|
(
|
| 104 |
|
'streetAddress',
|
| 105 |
|
(
|
| 106 |
|
'streetAddress',
|
| 107 |
|
'address',
|
| 108 |
|
'adresse',
|
| 109 |
|
'street',
|
| 110 |
|
),
|
| 111 |
|
),
|
| 112 |
|
(
|
| 113 |
|
'street',
|
| 114 |
|
(
|
| 115 |
|
'streetAddress',
|
| 116 |
|
'address',
|
| 117 |
|
'adresse',
|
| 118 |
|
'street',
|
| 119 |
|
),
|
| 120 |
|
),
|
| 121 |
|
(
|
| 122 |
|
'postalCode',
|
| 123 |
|
(
|
| 124 |
|
'postalCode',
|
| 125 |
|
'codepostal',
|
| 126 |
|
'cp',
|
| 127 |
|
),
|
| 128 |
|
),
|
| 129 |
|
(
|
| 130 |
|
'telephoneNumber',
|
| 131 |
|
(
|
| 132 |
|
'telephoneNumber',
|
| 133 |
|
'telephonefixe',
|
| 134 |
|
'telephone',
|
| 135 |
|
),
|
| 136 |
|
),
|
| 137 |
|
(
|
| 138 |
|
'mobile',
|
| 139 |
|
(
|
| 140 |
|
'mobile',
|
| 141 |
|
'telephonemobile',
|
| 142 |
|
),
|
| 143 |
|
),
|
| 144 |
|
('faxNumber', ('faxNumber', 'fax')),
|
| 145 |
|
]
|
| 146 |
|
|
| 147 |
|
for attribute_key, field_varnames in extra_field_mappings:
|
| 148 |
|
if not attribute_key in d:
|
| 149 |
|
continue
|
| 150 |
|
for field in user.get_formdef().fields:
|
| 151 |
|
if field.varname in field_varnames:
|
| 152 |
|
user.form_data[field.id] = d.get(attribute_key)
|
| 153 |
|
-
|