| 15 |
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 16 |
16 |
|
| 17 |
17 |
import json
|
|
18 |
from urlparse import urljoin
|
| 18 |
19 |
|
| 19 |
20 |
from django.apps import AppConfig
|
| 20 |
21 |
from django.db.models.signals import post_save, post_delete
|
| 21 |
|
from django.db.models import Q
|
| 22 |
22 |
from django.conf import settings
|
|
23 |
from django.contrib.auth import get_user_model
|
|
24 |
from django.db import connection
|
|
25 |
from django.core.urlresolvers import reverse
|
| 23 |
26 |
|
| 24 |
27 |
from django_rbac.utils import get_role_model
|
| 25 |
28 |
|
| 26 |
29 |
from hobo.agent.common import notify_agents
|
| 27 |
|
from authentic2.utils import to_list
|
| 28 |
30 |
from authentic2.saml.models import LibertyProvider
|
| 29 |
31 |
|
| 30 |
32 |
|
| ... | ... | |
| 57 |
59 |
role.emails = []
|
| 58 |
60 |
role.emails_to_members = False
|
| 59 |
61 |
for attribute in role.attributes.all():
|
| 60 |
|
if attribute.name in ('emails', 'emails_to_members') and attribute.kind == 'json':
|
|
62 |
if attribute.name in ('emails', 'emails_to_members') \
|
|
63 |
and attribute.kind == 'json':
|
| 61 |
64 |
setattr(role, attribute.name, json.loads(attribute.value))
|
| 62 |
65 |
return qs
|
| 63 |
66 |
|
| ... | ... | |
| 83 |
86 |
})
|
| 84 |
87 |
|
| 85 |
88 |
|
|
89 |
def get_entity_id():
|
|
90 |
tenant = getattr(connection, 'tenant', None)
|
|
91 |
assert tenant
|
|
92 |
base_url = tenant.get_base_url()
|
|
93 |
return urljoin(base_url, reverse('a2-idp-saml-metadata'))
|
|
94 |
|
|
95 |
|
|
96 |
def provision_user(sender, user, **kwargs):
|
|
97 |
notify_agents({
|
|
98 |
'@type': 'provision',
|
|
99 |
'issuer': unicode(get_entity_id()),
|
|
100 |
'audience': get_audience(user),
|
|
101 |
'full': True,
|
|
102 |
'objects': {
|
|
103 |
'@type': 'user',
|
|
104 |
'data': [
|
|
105 |
{
|
|
106 |
'uuid': user.uuid,
|
|
107 |
'username': user.username,
|
|
108 |
'first_name': user.first_name,
|
|
109 |
'description': user.last_name,
|
|
110 |
'email': user.email,
|
|
111 |
'roles': [
|
|
112 |
{
|
|
113 |
'uuid': role.uuid,
|
|
114 |
'name': role.name,
|
|
115 |
'slug': role.slug,
|
|
116 |
} for role in user.roles_and_parents()],
|
|
117 |
}
|
|
118 |
],
|
|
119 |
}
|
|
120 |
})
|
|
121 |
|
|
122 |
|
|
123 |
def deprovision_user(sender, user, **kwargs):
|
|
124 |
notify_agents({
|
|
125 |
'@type': 'deprovision',
|
|
126 |
'issuer': unicode(get_entity_id()),
|
|
127 |
'audience': get_audience(user),
|
|
128 |
'full': True,
|
|
129 |
'objects': {
|
|
130 |
'@type': 'user',
|
|
131 |
'data': [
|
|
132 |
{
|
|
133 |
'uuid': user.uuid,
|
|
134 |
}
|
|
135 |
],
|
|
136 |
}
|
|
137 |
})
|
|
138 |
|
|
139 |
|
|
140 |
def provision_user_on_role_change(sender, role_member, **kwargs):
|
|
141 |
provision_user(sender, role_member.user)
|
|
142 |
|
|
143 |
|
| 86 |
144 |
class Authentic2AgentConfig(AppConfig):
|
| 87 |
145 |
name = 'hobo.agent.authentic2'
|
| 88 |
146 |
label = 'authentic2_agent'
|
| ... | ... | |
| 95 |
153 |
post_delete.connect(notify_roles, Role)
|
| 96 |
154 |
post_save.connect(notify_roles, Role.members.through)
|
| 97 |
155 |
post_delete.connect(notify_roles, Role.members.through)
|
| 98 |
|
settings.A2_MANAGER_ROLE_FORM_CLASS = 'hobo.agent.authentic2.role_forms.RoleForm'
|
|
156 |
User = get_user_model()
|
|
157 |
post_save.connect(provision_user, User)
|
|
158 |
post_delete.connect(deprovision_user, User)
|
|
159 |
post_save.connect(provision_user_on_role_change,
|
|
160 |
Role.members.through)
|
|
161 |
post_delete.connect(provision_user_on_role_change,
|
|
162 |
Role.members.through)
|
|
163 |
settings.A2_MANAGER_ROLE_FORM_CLASS = \
|
|
164 |
'hobo.agent.authentic2.role_forms.RoleForm'
|
| 99 |
|
-
|