1 |
|
try:
|
2 |
|
import lasso
|
3 |
|
except ImportError:
|
4 |
|
pass
|
5 |
|
|
6 |
|
from wcs.qommon import get_cfg, get_logger
|
7 |
|
import wcs.qommon.saml2
|
8 |
|
|
9 |
|
|
10 |
|
class Saml2Directory(wcs.qommon.saml2.Saml2Directory):
|
11 |
|
def extract_attributes(self, session, login):
|
12 |
|
"""Separate attributes as two dictionaries: one for last value, one for
|
13 |
|
the list of values."""
|
14 |
|
d = {}
|
15 |
|
m = {}
|
16 |
|
|
17 |
|
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
18 |
|
try:
|
19 |
|
assertion = lasso_session.getAssertions(None)[0]
|
20 |
|
except:
|
21 |
|
get_logger().warn('failed to lookup assertion')
|
22 |
|
return d, m
|
23 |
|
|
24 |
|
try:
|
25 |
|
for attribute in assertion.attributeStatement[0].attribute:
|
26 |
|
try:
|
27 |
|
d[attribute.name] = attribute.attributeValue[0].any[0].content
|
28 |
|
for attribute_value in attribute.attributeValue:
|
29 |
|
l = m.setdefault(attribute.name, [])
|
30 |
|
l.append(attribute_value.any[0].content)
|
31 |
|
except IndexError:
|
32 |
|
pass
|
33 |
|
except IndexError:
|
34 |
|
pass
|
35 |
|
return d, m
|
36 |
|
|
37 |
|
def fill_user_attributes(self, session, login, user):
|
38 |
|
wcs.qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user)
|
39 |
|
|
40 |
|
idp = wcs.qommon.saml2.get_remote_provider_cfg(login)
|
41 |
|
if not idp.get('attribute-mapping'):
|
42 |
|
self.legacy_fill_user_attributes(session, login, user)
|
43 |
|
|
44 |
|
def legacy_fill_user_attributes(self, session, login, user):
|
45 |
|
'''Fill fields using a legacy attribute to field varname mapping'''
|
46 |
|
d, m = self.extract_attributes(session, login)
|
47 |
|
users_cfg = get_cfg('users', {}) or {}
|
48 |
|
get_logger().debug('using legacy attribute filling')
|
49 |
|
|
50 |
|
# standard attributes
|
51 |
|
user.name = d.get('cn')
|
52 |
|
user.email = d.get('mail')
|
53 |
|
|
54 |
|
# email field
|
55 |
|
field_email = users_cfg.get('field_email')
|
56 |
|
if field_email:
|
57 |
|
user.form_data[field_email] = d.get('mail') or d.get('email')
|
58 |
|
|
59 |
|
# name field, this only works if there's a single field for the name
|
60 |
|
field_name_values = users_cfg.get('field_name')
|
61 |
|
if field_name_values:
|
62 |
|
if type(field_name_values) is str: # it was a string in previous versions
|
63 |
|
field_name_values = [field_name_values]
|
64 |
|
if len(field_name_values) == 1:
|
65 |
|
user.form_data[field_name_values[0]] = d.get('cn')
|
66 |
|
|
67 |
|
# other fields, matching is done on known LDAP attribute names and
|
68 |
|
# common variable names
|
69 |
|
extra_field_mappings = [
|
70 |
|
('gn', ('firstname', 'prenom')),
|
71 |
|
('givenName', ('firstname', 'prenom')),
|
72 |
|
(
|
73 |
|
'surname',
|
74 |
|
(
|
75 |
|
'surname',
|
76 |
|
'name',
|
77 |
|
'nom',
|
78 |
|
),
|
79 |
|
),
|
80 |
|
(
|
81 |
|
'sn',
|
82 |
|
(
|
83 |
|
'surname',
|
84 |
|
'name',
|
85 |
|
'nom',
|
86 |
|
),
|
87 |
|
),
|
88 |
|
(
|
89 |
|
'personalTitle',
|
90 |
|
(
|
91 |
|
'personalTitle',
|
92 |
|
'civilite',
|
93 |
|
),
|
94 |
|
),
|
95 |
|
(
|
96 |
|
'l',
|
97 |
|
(
|
98 |
|
'location',
|
99 |
|
'commune',
|
100 |
|
'ville',
|
101 |
|
),
|
102 |
|
),
|
103 |
|
(
|
104 |
|
'streetAddress',
|
105 |
|
(
|
106 |
|
'streetAddress',
|
107 |
|
'address',
|
108 |
|
'adresse',
|
109 |
|
'street',
|
110 |
|
),
|
111 |
|
),
|
112 |
|
(
|
113 |
|
'street',
|
114 |
|
(
|
115 |
|
'streetAddress',
|
116 |
|
'address',
|
117 |
|
'adresse',
|
118 |
|
'street',
|
119 |
|
),
|
120 |
|
),
|
121 |
|
(
|
122 |
|
'postalCode',
|
123 |
|
(
|
124 |
|
'postalCode',
|
125 |
|
'codepostal',
|
126 |
|
'cp',
|
127 |
|
),
|
128 |
|
),
|
129 |
|
(
|
130 |
|
'telephoneNumber',
|
131 |
|
(
|
132 |
|
'telephoneNumber',
|
133 |
|
'telephonefixe',
|
134 |
|
'telephone',
|
135 |
|
),
|
136 |
|
),
|
137 |
|
(
|
138 |
|
'mobile',
|
139 |
|
(
|
140 |
|
'mobile',
|
141 |
|
'telephonemobile',
|
142 |
|
),
|
143 |
|
),
|
144 |
|
('faxNumber', ('faxNumber', 'fax')),
|
145 |
|
]
|
146 |
|
|
147 |
|
for attribute_key, field_varnames in extra_field_mappings:
|
148 |
|
if not attribute_key in d:
|
149 |
|
continue
|
150 |
|
for field in user.get_formdef().fields:
|
151 |
|
if field.varname in field_varnames:
|
152 |
|
user.form_data[field.id] = d.get(attribute_key)
|
153 |
|
-
|