0001-Model-Data-migrations-of-LibertyServiceProvider-Libe.patch
src/authentic2/idp/saml/backend.py | ||
---|---|---|
19 | 19 |
self.logger = logging.getLogger(__name__) |
20 | 20 | |
21 | 21 |
def service_list(self, request): |
22 |
q = models.LibertyServiceProvider.objects.filter(enabled = True) \
|
|
22 |
q = models.LibertyProvider.objects.filter(enabled = True) \ |
|
23 | 23 |
.select_related() |
24 | 24 |
ls = [] |
25 | 25 |
sessions = models.LibertySession.objects.filter( |
... | ... | |
36 | 36 |
sp_options_policy__idp_initiated_sso=True)) |
37 | 37 |
queries.append(q.filter(sp_options_policy__enabled=True, |
38 | 38 |
sp_options_policy__accept_slo=True, |
39 |
liberty_provider__entity_id__in=sessions_eids))
|
|
39 |
entity_id__in=sessions_eids)) |
|
40 | 40 |
if default_policy and default_policy.idp_initiated_sso: |
41 | 41 |
queries.append(q.filter(sp_options_policy__isnull=True)) |
42 | 42 |
if default_policy and default_policy.accept_slo: |
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
48 | 48 |
LibertySession, LibertyFederation, |
49 | 49 |
nameid2kwargs, saml2_urn_to_nidformat, |
50 | 50 |
nidformat_to_saml2_urn, save_key_values, get_and_delete_key_values, |
51 |
LibertyProvider, LibertyServiceProvider, SAMLAttribute, NAME_ID_FORMATS)
|
|
51 |
LibertyProvider, SAMLAttribute, NAME_ID_FORMATS) |
|
52 | 52 |
from authentic2.saml.common import redirect_next, asynchronous_bindings, \ |
53 | 53 |
soap_bindings, load_provider, get_saml2_request_message, \ |
54 | 54 |
error_page, set_saml2_response_responder_status_code, \ |
... | ... | |
382 | 382 |
kwargs['name_id_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
383 | 383 |
if kwargs.get('name_id_sp_name_qualifier') == login.remoteProviderId: |
384 | 384 |
kwargs['name_id_sp_name_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
385 |
service_provider = LibertyServiceProvider.objects \
|
|
386 |
.get(liberty_provider__entity_id=login.remoteProviderId)
|
|
385 |
service_provider = LibertyProvider.objects \ |
|
386 |
.get(entity_id=login.remoteProviderId) |
|
387 | 387 |
federation, new = LibertyFederation.objects.get_or_create( |
388 | 388 |
sp=service_provider, |
389 | 389 |
user=request.user, **kwargs) |
src/authentic2/saml/admin.py | ||
---|---|---|
13 | 13 |
except ImportError: |
14 | 14 |
from django.contrib.contenttypes.generic import GenericTabularInline |
15 | 15 | |
16 |
from authentic2.saml.models import (LibertyProvider, LibertyServiceProvider,
|
|
17 |
SPOptionsIdPPolicy, LibertyFederation,
|
|
18 |
KeyValue, LibertySession, SAMLAttribute)
|
|
16 |
from authentic2.saml.models import (LibertyProvider, SPOptionsIdPPolicy,
|
|
17 |
LibertyFederation, KeyValue,
|
|
18 |
LibertySession, SAMLAttribute) |
|
19 | 19 | |
20 | 20 |
from authentic2.decorators import to_iter |
21 | 21 |
from authentic2.attributes_ng.engine import get_attribute_names |
... | ... | |
24 | 24 | |
25 | 25 |
logger = logging.getLogger(__name__) |
26 | 26 | |
27 |
class LibertyServiceProviderInline(admin.StackedInline): |
|
28 |
model = LibertyServiceProvider |
|
27 |
#class LibertyServiceProviderInline(admin.StackedInline):
|
|
28 |
# model = LibertyServiceProvider
|
|
29 | 29 | |
30 | 30 |
class TextAndFileWidget(forms.widgets.MultiWidget): |
31 | 31 |
def __init__(self, attrs=None): |
... | ... | |
150 | 150 |
(_('Metadata files'), { |
151 | 151 |
'fields': ('metadata_url', 'metadata', 'public_key', 'ssl_certificate', 'ca_cert_chain') |
152 | 152 |
}), |
153 |
(_('SAML service provider'), { |
|
154 |
'fields': ('enabled', 'enable_following_sp_options_policy', 'sp_options_policy', |
|
155 |
'users_can_manage_federations') |
|
156 |
}), |
|
153 | 157 |
) |
154 | 158 |
inlines = [ |
155 |
LibertyServiceProviderInline, |
|
159 |
#LibertyServiceProviderInline,
|
|
156 | 160 |
SAMLAttributeInlineAdmin, |
157 | 161 |
] |
158 | 162 |
actions = [ update_metadata ] |
src/authentic2/saml/common.py | ||
---|---|---|
15 | 15 |
from django.core.exceptions import ValidationError |
16 | 16 | |
17 | 17 |
from authentic2.saml.models import (LibertyFederation, LibertyProvider, |
18 |
LibertyServiceProvider, SPOptionsIdPPolicy)
|
|
18 |
SPOptionsIdPPolicy) |
|
19 | 19 |
from authentic2.saml import models |
20 | 20 |
from authentic2.saml import saml2utils |
21 | 21 | |
... | ... | |
338 | 338 |
return None |
339 | 339 |
p.save() |
340 | 340 |
logger.debug('%s saved', p) |
341 |
s = LibertyServiceProvider(liberty_provider=p, enabled=True) |
|
342 |
s.save() |
|
343 | 341 |
return p |
344 | 342 | |
345 | 343 | |
... | ... | |
368 | 366 |
return False |
369 | 367 |
else: |
370 | 368 |
return False |
371 |
try: |
|
372 |
service_provider = liberty_provider.service_provider |
|
373 |
except LibertyServiceProvider.DoesNotExist: |
|
374 |
return False |
|
369 |
|
|
375 | 370 |
if not service_provider.enabled: |
376 | 371 |
return False |
377 | 372 |
if server: |
src/authentic2/saml/forms.py | ||
---|---|---|
6 | 6 |
from django.core.exceptions import ValidationError |
7 | 7 |
from django.utils.translation import ugettext_lazy as _ |
8 | 8 | |
9 |
from .models import LibertyProvider, LibertyServiceProvider
|
|
9 |
from .models import LibertyProvider |
|
10 | 10 | |
11 | 11 |
from authentic2.a2_rbac.utils import get_default_ou |
12 | 12 | |
... | ... | |
40 | 40 |
slug=slug, metadata=content, metadata_url=url, ou=ou) |
41 | 41 |
liberty_provider.full_clean(exclude= |
42 | 42 |
('entity_id', 'protocol_conformance')) |
43 |
self.childs.append(LibertyServiceProvider( |
|
44 |
liberty_provider=liberty_provider, |
|
45 |
enabled=True)) |
|
43 |
self.childs.append(liberty_provider, |
|
44 |
enabled=True) |
|
46 | 45 |
except ValidationError, e: |
47 | 46 |
raise |
48 | 47 |
except Exception, e: |
src/authentic2/saml/management/commands/sync-metadata.py | ||
---|---|---|
177 | 177 |
provider.save() |
178 | 178 |
options['count'] = options.get('count', 0) + 1 |
179 | 179 |
if sp: |
180 |
service_provider, created = LibertyServiceProvider.objects.get_or_create( |
|
181 |
liberty_provider=provider, |
|
182 |
defaults={'enabled': not options['create-disabled']}) |
|
183 |
if sp_policy: |
|
184 |
service_provider.sp_options_policy = sp_policy |
|
185 |
service_provider.save() |
|
186 | 180 |
pks = [] |
187 | 181 |
if options['load_attribute_consuming_service']: |
188 | 182 |
load_acs(tree, provider, pks, verbosity) |
... | ... | |
211 | 205 |
SAMLAttribute.objects.for_generic_object(provider).exclude(pk__in=pks).delete() |
212 | 206 | |
213 | 207 |
class Command(BaseCommand): |
214 |
'''Load SAMLv2 metadata file into the LibertyProvider, LibertyServiceProvider
|
|
208 |
'''Load SAMLv2 metadata file into the LibertyProvider, |
|
215 | 209 |
and LibertyIdentityProvider files''' |
216 | 210 |
can_import_django_settings = True |
217 | 211 |
output_transaction = True |
src/authentic2/saml/migrations/0017_auto_20151208_1537.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 |
import django.db.models.deletion |
|
6 | ||
7 | ||
8 |
class Migration(migrations.Migration): |
|
9 | ||
10 |
dependencies = [ |
|
11 |
('saml', '0016_auto_20150915_2041'), |
|
12 |
] |
|
13 | ||
14 |
operations = [ |
|
15 |
migrations.AddField( |
|
16 |
model_name='libertyprovider', |
|
17 |
name='enable_following_sp_options_policy', |
|
18 |
field=models.BooleanField(default=False, verbose_name='The following options policy will apply except if a policy for all service provider is defined.'), |
|
19 |
preserve_default=True, |
|
20 |
), |
|
21 |
migrations.AddField( |
|
22 |
model_name='libertyprovider', |
|
23 |
name='enabled', |
|
24 |
field=models.BooleanField(default=False, db_index=True, verbose_name='Enabled'), |
|
25 |
preserve_default=True, |
|
26 |
), |
|
27 |
migrations.AddField( |
|
28 |
model_name='libertyprovider', |
|
29 |
name='sp_options_policy', |
|
30 |
field=models.ForeignKey(related_name='sp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
31 |
preserve_default=True, |
|
32 |
), |
|
33 |
migrations.AddField( |
|
34 |
model_name='libertyprovider', |
|
35 |
name='users_can_manage_federations', |
|
36 |
field=models.BooleanField(default=True, db_index=True, verbose_name='users can manage federation'), |
|
37 |
preserve_default=True, |
|
38 |
), |
|
39 |
migrations.AlterField( |
|
40 |
model_name='libertyserviceprovider', |
|
41 |
name='sp_options_policy', |
|
42 |
field=models.ForeignKey(related_name='old_isp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
43 |
preserve_default=True, |
|
44 |
), |
|
45 |
] |
src/authentic2/saml/migrations/0018_auto_20151208_1542.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import models, migrations |
|
5 | ||
6 |
def liberty_service_provider_data_to_liberty_provider(apps, schema_editor): |
|
7 |
LibertyProvider = apps.get_model('saml','LibertyProvider') |
|
8 |
LibertyServiceProvider = apps.get_model('saml','LibertyServiceProvider') |
|
9 | ||
10 |
for lsp in LibertyServiceProvider.objects.all(): |
|
11 |
lp = lsp.liberty_provider |
|
12 | ||
13 |
lp.enabled = lsp.enabled |
|
14 |
lp.enable_following_sp_options_policy = lsp.enable_following_sp_options_policy |
|
15 |
lp.sp_options_policy = lsp.sp_options_policy |
|
16 |
lp.users_can_manage_federations = lsp.users_can_manage_federations |
|
17 |
lp.save() |
|
18 | ||
19 | ||
20 |
class Migration(migrations.Migration): |
|
21 | ||
22 |
dependencies = [ |
|
23 |
('saml', '0017_auto_20151208_1537'), |
|
24 |
] |
|
25 | ||
26 |
operations = [ |
|
27 |
migrations.RunPython(liberty_service_provider_data_to_liberty_provider), |
|
28 |
] |
src/authentic2/saml/models.py | ||
---|---|---|
319 | 319 |
ssl_certificate = models.TextField(blank=True) |
320 | 320 |
ca_cert_chain = models.TextField(blank=True) |
321 | 321 |
federation_source = models.CharField(max_length=64, blank=True, null=True) |
322 |
enabled = models.BooleanField(verbose_name = _('Enabled'), |
|
323 |
default=False, db_index=True) |
|
324 |
enable_following_sp_options_policy = models.BooleanField(verbose_name = \ |
|
325 |
_('The following options policy will apply except if a policy for all service provider is defined.'), |
|
326 |
default=False) |
|
327 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
|
328 |
related_name="sp_options_policy", |
|
329 |
verbose_name=_('service provider options policy'), blank=True, |
|
330 |
null=True, |
|
331 |
on_delete=models.SET_NULL) |
|
332 |
users_can_manage_federations = models.BooleanField( |
|
333 |
verbose_name=_('users can manage federation'), |
|
334 |
default=True, |
|
335 |
blank=True, |
|
336 |
db_index=True) |
|
322 | 337 | |
323 | 338 |
attributes = GenericRelation(SAMLAttribute) |
324 | 339 | |
... | ... | |
390 | 405 |
_('The following options policy will apply except if a policy for all service provider is defined.'), |
391 | 406 |
default=False) |
392 | 407 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
393 |
related_name="sp_options_policy", |
|
408 |
related_name="old_isp_options_policy",
|
|
394 | 409 |
verbose_name=_('service provider options policy'), blank=True, |
395 | 410 |
null=True, |
396 | 411 |
on_delete=models.SET_NULL) |
tests/test_idp_saml2.py | ||
---|---|---|
98 | 98 |
metadata=sp_meta) |
99 | 99 |
self.liberty_provider.clean() |
100 | 100 |
self.liberty_provider.save() |
101 |
self.liberty_service_provider = saml_models.LibertyServiceProvider \ |
|
102 |
.objects.create( |
|
103 |
liberty_provider=self.liberty_provider, |
|
104 |
enabled=True) |
|
105 | 101 |
self.default_sp_options_idp_policy = saml_models.SPOptionsIdPPolicy \ |
106 | 102 |
.objects.create( |
107 | 103 |
name='Default', |
108 |
- |