From 5a50ff1ee36eca322ea388e23a53bedf5b8dc9fa Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 28 Mar 2017 14:09:09 +0200 Subject: [PATCH] remove lookup_user from Saml2Directory (#8627) it's now in w.c.s. --- extra/modules/saml2.py | 68 ++++++++------------------------------------------ 1 file changed, 11 insertions(+), 57 deletions(-) diff --git a/extra/modules/saml2.py b/extra/modules/saml2.py index 330571c..477f17f 100644 --- a/extra/modules/saml2.py +++ b/extra/modules/saml2.py @@ -3,10 +3,6 @@ try: except ImportError: pass -from quixote import get_publisher - -from wcs.roles import Role - from qommon import get_cfg, get_logger import qommon.saml2 @@ -15,15 +11,16 @@ class Saml2Directory(qommon.saml2.Saml2Directory): def extract_attributes(self, session, login): '''Separate attributes as two dictionaries: one for last value, one for the list of values.''' + d = {} + m = {} + lasso_session = lasso.Session.newFromDump(session.lasso_session_dump) try: assertion = lasso_session.getAssertions(None)[0] except: get_logger().warn('failed to lookup assertion') - return user + return d, m - d = {} - m = {} try: for attribute in assertion.attributeStatement[0].attribute: try: @@ -37,6 +34,13 @@ class Saml2Directory(qommon.saml2.Saml2Directory): pass return d, m + def fill_user_attributes(self, session, login, user): + qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user) + + idp = qommon.saml2.get_remote_provider_cfg(login) + if not idp.get('attribute-mapping'): + self.legacy_fill_user_attributes(session, login, user) + def legacy_fill_user_attributes(self, session, login, user): '''Fill fields using a legacy attribute to field varname mapping''' d, m = self.extract_attributes(session, login) @@ -83,53 +87,3 @@ class Saml2Directory(qommon.saml2.Saml2Directory): for field in user.get_formdef().fields: if field.varname in field_varnames: user.form_data[field.id] = d.get(attribute_key) - - def lookup_user(self, session, login = None, name_id = None): - user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id) - - if not user: - user = get_publisher().user_class() - # already done by parent.lookup_user() for existing users - self.fill_user_attributes(session, login, user) - - # apply legacy mapping when not configured - idp = qommon.saml2.get_remote_provider_cfg(login) - if not idp.get('attribute-mapping'): - self.legacy_fill_user_attributes(session, login, user) - - if user.form_data: - user.set_attributes_from_formdata(user.form_data) - - if not (user.name and user.email): - # we didn't get useful attributes, forget it. - get_logger().warn('failed to get useful attributes from the assertion') - return None - - if not login.nameIdentifier.content in user.name_identifiers: - user.name_identifiers.append(login.nameIdentifier.content) - - if login and login.identity: - user.lasso_dump = login.identity.dump() - - lasso_session = lasso.Session.newFromDump(session.lasso_session_dump) - assertion = lasso_session.getAssertions(None)[0] - for attribute in assertion.attributeStatement[0].attribute: - if attribute.name == 'verified_attributes': - verified_attributes = [x.any[0].content for x in attribute.attributeValue] - if verified_attributes: - # XXX: if there are any verified attributes we consider - # first and last names are also verified. This is to work - # around the fact that those attributes are handled - # differently in authentic and cannot be marked as - # verified. - verified_attributes.extend(['first_name', 'last_name']) - verified_fields = [] - if user.get_formdef() and user.get_formdef().fields: - for field in user.get_formdef().fields: - if field.varname in verified_attributes: - verified_fields.append(field.id) - user.verified_fields = verified_fields - break - - user.store() - return user -- 2.11.0