1 |
1 |
import logging
|
|
2 |
import uuid
|
2 |
3 |
|
3 |
4 |
from django.core.exceptions import PermissionDenied
|
4 |
5 |
from django.contrib import auth
|
... | ... | |
53 |
54 |
issuer = saml_attributes['issuer']
|
54 |
55 |
try:
|
55 |
56 |
return User.objects.get(saml_identifiers__name_id=name_id,
|
56 |
|
saml_identifiers__issuer=issuer)
|
|
57 |
saml_identifiers__issuer=issuer)
|
57 |
58 |
except User.DoesNotExist:
|
58 |
59 |
if not utils.get_setting(idp, 'PROVISION'):
|
|
60 |
self.logger.warning('provisionning disabled, login refused')
|
59 |
61 |
return None
|
60 |
62 |
username = self.format_username(idp, saml_attributes)
|
61 |
63 |
if not username:
|
|
64 |
self.logger.warning('could not build a username, login refused')
|
62 |
65 |
return None
|
63 |
|
user = User(username=username)
|
64 |
|
user.save()
|
65 |
|
self.provision_name_id(user, idp, saml_attributes)
|
|
66 |
user = User.objects.create(username=uuid.uuid4().hex[:30])
|
|
67 |
saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(
|
|
68 |
name_id=name_id, issuer=issuer, defaults={'user': user})
|
|
69 |
if created:
|
|
70 |
user.username = username
|
|
71 |
user.save()
|
|
72 |
else:
|
|
73 |
user.delete()
|
|
74 |
user = saml_id.user
|
66 |
75 |
return user
|
67 |
76 |
|
68 |
77 |
def provision(self, user, idp, saml_attributes):
|
... | ... | |
70 |
79 |
self.provision_superuser(user, idp, saml_attributes)
|
71 |
80 |
self.provision_groups(user, idp, saml_attributes)
|
72 |
81 |
|
73 |
|
def provision_name_id(self, user, idp, saml_attributes):
|
74 |
|
models.UserSAMLIdentifier.objects.get_or_create(
|
75 |
|
user=user,
|
76 |
|
issuer=saml_attributes['issuer'],
|
77 |
|
name_id=saml_attributes['name_id_content'])
|
78 |
|
|
79 |
82 |
def provision_attribute(self, user, idp, saml_attributes):
|
80 |
83 |
realm = utils.get_setting(idp, 'REALM')
|
81 |
84 |
attribute_mapping = utils.get_setting(idp, 'ATTRIBUTE_MAPPING')
|
82 |
|
-
|