From 539efe99c34bd9615b55175e63b86916d70fbaca Mon Sep 17 00:00:00 2001 From: Josue Kouka Date: Wed, 9 Dec 2015 18:35:24 +0100 Subject: [PATCH] Model/Data migrations of LibertyServiceProvider -> LibertyProvider --- src/authentic2/idp/saml/backend.py | 4 +- src/authentic2/idp/saml/saml2_endpoints.py | 6 +-- src/authentic2/saml/admin.py | 16 +++++--- src/authentic2/saml/common.py | 9 +---- src/authentic2/saml/forms.py | 7 ++-- .../saml/management/commands/sync-metadata.py | 8 +--- .../saml/migrations/0017_auto_20151208_1537.py | 45 ++++++++++++++++++++++ .../saml/migrations/0018_auto_20151208_1542.py | 28 ++++++++++++++ src/authentic2/saml/models.py | 17 +++++++- tests/test_idp_saml2.py | 4 -- 10 files changed, 110 insertions(+), 34 deletions(-) create mode 100644 src/authentic2/saml/migrations/0017_auto_20151208_1537.py create mode 100644 src/authentic2/saml/migrations/0018_auto_20151208_1542.py diff --git a/src/authentic2/idp/saml/backend.py b/src/authentic2/idp/saml/backend.py index 73324c3..e13f942 100644 --- a/src/authentic2/idp/saml/backend.py +++ b/src/authentic2/idp/saml/backend.py @@ -19,7 +19,7 @@ class SamlBackend(object): self.logger = logging.getLogger(__name__) def service_list(self, request): - q = models.LibertyServiceProvider.objects.filter(enabled = True) \ + q = models.LibertyProvider.objects.filter(enabled = True) \ .select_related() ls = [] sessions = models.LibertySession.objects.filter( @@ -36,7 +36,7 @@ class SamlBackend(object): sp_options_policy__idp_initiated_sso=True)) queries.append(q.filter(sp_options_policy__enabled=True, sp_options_policy__accept_slo=True, - liberty_provider__entity_id__in=sessions_eids)) + entity_id__in=sessions_eids)) if default_policy and default_policy.idp_initiated_sso: queries.append(q.filter(sp_options_policy__isnull=True)) if default_policy and default_policy.accept_slo: diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py index 99c9464..d8e2415 100644 --- a/src/authentic2/idp/saml/saml2_endpoints.py +++ b/src/authentic2/idp/saml/saml2_endpoints.py @@ -48,7 +48,7 @@ from authentic2.saml.models import (LibertyArtifact, LibertySession, LibertyFederation, nameid2kwargs, saml2_urn_to_nidformat, nidformat_to_saml2_urn, save_key_values, get_and_delete_key_values, - LibertyProvider, LibertyServiceProvider, SAMLAttribute, NAME_ID_FORMATS) + LibertyProvider, SAMLAttribute, NAME_ID_FORMATS) from authentic2.saml.common import redirect_next, asynchronous_bindings, \ soap_bindings, load_provider, get_saml2_request_message, \ error_page, set_saml2_response_responder_status_code, \ @@ -382,8 +382,8 @@ def build_assertion(request, login, nid_format='transient'): kwargs['name_id_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL if kwargs.get('name_id_sp_name_qualifier') == login.remoteProviderId: kwargs['name_id_sp_name_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL - service_provider = LibertyServiceProvider.objects \ - .get(liberty_provider__entity_id=login.remoteProviderId) + service_provider = LibertyProvider.objects \ + .get(entity_id=login.remoteProviderId) federation, new = LibertyFederation.objects.get_or_create( sp=service_provider, user=request.user, **kwargs) diff --git a/src/authentic2/saml/admin.py b/src/authentic2/saml/admin.py index c095fdf..ce8b6d6 100644 --- a/src/authentic2/saml/admin.py +++ b/src/authentic2/saml/admin.py @@ -13,9 +13,9 @@ try: except ImportError: from django.contrib.contenttypes.generic import GenericTabularInline -from authentic2.saml.models import (LibertyProvider, LibertyServiceProvider, - SPOptionsIdPPolicy, LibertyFederation, - KeyValue, LibertySession, SAMLAttribute) +from authentic2.saml.models import (LibertyProvider, SPOptionsIdPPolicy, + LibertyFederation, KeyValue, + LibertySession, SAMLAttribute) from authentic2.decorators import to_iter from authentic2.attributes_ng.engine import get_attribute_names @@ -24,8 +24,8 @@ from . import admin_views logger = logging.getLogger(__name__) -class LibertyServiceProviderInline(admin.StackedInline): - model = LibertyServiceProvider +#class LibertyServiceProviderInline(admin.StackedInline): +# model = LibertyServiceProvider class TextAndFileWidget(forms.widgets.MultiWidget): def __init__(self, attrs=None): @@ -150,9 +150,13 @@ class LibertyProviderAdmin(admin.ModelAdmin): (_('Metadata files'), { 'fields': ('metadata_url', 'metadata', 'public_key', 'ssl_certificate', 'ca_cert_chain') }), + (_('SAML service provider'), { + 'fields': ('enabled', 'enable_following_sp_options_policy', 'sp_options_policy', + 'users_can_manage_federations') + }), ) inlines = [ - LibertyServiceProviderInline, + #LibertyServiceProviderInline, SAMLAttributeInlineAdmin, ] actions = [ update_metadata ] diff --git a/src/authentic2/saml/common.py b/src/authentic2/saml/common.py index c5a22aa..27ce347 100644 --- a/src/authentic2/saml/common.py +++ b/src/authentic2/saml/common.py @@ -15,7 +15,7 @@ from django.shortcuts import render_to_response from django.core.exceptions import ValidationError from authentic2.saml.models import (LibertyFederation, LibertyProvider, - LibertyServiceProvider, SPOptionsIdPPolicy) + SPOptionsIdPPolicy) from authentic2.saml import models from authentic2.saml import saml2utils @@ -338,8 +338,6 @@ def retrieve_metadata_and_create(request, provider_id, sp_or_idp): return None p.save() logger.debug('%s saved', p) - s = LibertyServiceProvider(liberty_provider=p, enabled=True) - s.save() return p @@ -368,10 +366,7 @@ def load_provider(request, entity_id, server=None, sp_or_idp='sp', return False else: return False - try: - service_provider = liberty_provider.service_provider - except LibertyServiceProvider.DoesNotExist: - return False + if not service_provider.enabled: return False if server: diff --git a/src/authentic2/saml/forms.py b/src/authentic2/saml/forms.py index 81aa5e5..cac15be 100644 --- a/src/authentic2/saml/forms.py +++ b/src/authentic2/saml/forms.py @@ -6,7 +6,7 @@ from django import forms from django.core.exceptions import ValidationError from django.utils.translation import ugettext_lazy as _ -from .models import LibertyProvider, LibertyServiceProvider +from .models import LibertyProvider from authentic2.a2_rbac.utils import get_default_ou @@ -40,9 +40,8 @@ class AddLibertyProviderFromUrlForm(forms.Form): slug=slug, metadata=content, metadata_url=url, ou=ou) liberty_provider.full_clean(exclude= ('entity_id', 'protocol_conformance')) - self.childs.append(LibertyServiceProvider( - liberty_provider=liberty_provider, - enabled=True)) + self.childs.append(liberty_provider, + enabled=True) except ValidationError, e: raise except Exception, e: diff --git a/src/authentic2/saml/management/commands/sync-metadata.py b/src/authentic2/saml/management/commands/sync-metadata.py index 243599a..81b9864 100644 --- a/src/authentic2/saml/management/commands/sync-metadata.py +++ b/src/authentic2/saml/management/commands/sync-metadata.py @@ -177,12 +177,6 @@ def load_one_entity(tree, options, sp_policy=None, afp=None): provider.save() options['count'] = options.get('count', 0) + 1 if sp: - service_provider, created = LibertyServiceProvider.objects.get_or_create( - liberty_provider=provider, - defaults={'enabled': not options['create-disabled']}) - if sp_policy: - service_provider.sp_options_policy = sp_policy - service_provider.save() pks = [] if options['load_attribute_consuming_service']: load_acs(tree, provider, pks, verbosity) @@ -211,7 +205,7 @@ def load_one_entity(tree, options, sp_policy=None, afp=None): SAMLAttribute.objects.for_generic_object(provider).exclude(pk__in=pks).delete() class Command(BaseCommand): - '''Load SAMLv2 metadata file into the LibertyProvider, LibertyServiceProvider + '''Load SAMLv2 metadata file into the LibertyProvider, and LibertyIdentityProvider files''' can_import_django_settings = True output_transaction = True diff --git a/src/authentic2/saml/migrations/0017_auto_20151208_1537.py b/src/authentic2/saml/migrations/0017_auto_20151208_1537.py new file mode 100644 index 0000000..04e7dd6 --- /dev/null +++ b/src/authentic2/saml/migrations/0017_auto_20151208_1537.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('saml', '0016_auto_20150915_2041'), + ] + + operations = [ + migrations.AddField( + model_name='libertyprovider', + name='enable_following_sp_options_policy', + field=models.BooleanField(default=False, verbose_name='The following options policy will apply except if a policy for all service provider is defined.'), + preserve_default=True, + ), + migrations.AddField( + model_name='libertyprovider', + name='enabled', + field=models.BooleanField(default=False, db_index=True, verbose_name='Enabled'), + preserve_default=True, + ), + migrations.AddField( + model_name='libertyprovider', + name='sp_options_policy', + field=models.ForeignKey(related_name='sp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), + preserve_default=True, + ), + migrations.AddField( + model_name='libertyprovider', + name='users_can_manage_federations', + field=models.BooleanField(default=True, db_index=True, verbose_name='users can manage federation'), + preserve_default=True, + ), + migrations.AlterField( + model_name='libertyserviceprovider', + name='sp_options_policy', + field=models.ForeignKey(related_name='old_isp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), + preserve_default=True, + ), + ] diff --git a/src/authentic2/saml/migrations/0018_auto_20151208_1542.py b/src/authentic2/saml/migrations/0018_auto_20151208_1542.py new file mode 100644 index 0000000..7fee69b --- /dev/null +++ b/src/authentic2/saml/migrations/0018_auto_20151208_1542.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + +def liberty_service_provider_data_to_liberty_provider(apps, schema_editor): + LibertyProvider = apps.get_model('saml','LibertyProvider') + LibertyServiceProvider = apps.get_model('saml','LibertyServiceProvider') + + for lsp in LibertyServiceProvider.objects.all(): + lp = lsp.liberty_provider + + lp.enabled = lsp.enabled + lp.enable_following_sp_options_policy = lsp.enable_following_sp_options_policy + lp.sp_options_policy = lsp.sp_options_policy + lp.users_can_manage_federations = lsp.users_can_manage_federations + lp.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ('saml', '0017_auto_20151208_1537'), + ] + + operations = [ + migrations.RunPython(liberty_service_provider_data_to_liberty_provider), + ] diff --git a/src/authentic2/saml/models.py b/src/authentic2/saml/models.py index b229583..d636e51 100644 --- a/src/authentic2/saml/models.py +++ b/src/authentic2/saml/models.py @@ -319,6 +319,21 @@ class LibertyProvider(Service): ssl_certificate = models.TextField(blank=True) ca_cert_chain = models.TextField(blank=True) federation_source = models.CharField(max_length=64, blank=True, null=True) + enabled = models.BooleanField(verbose_name = _('Enabled'), + default=False, db_index=True) + enable_following_sp_options_policy = models.BooleanField(verbose_name = \ + _('The following options policy will apply except if a policy for all service provider is defined.'), + default=False) + sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, + related_name="sp_options_policy", + verbose_name=_('service provider options policy'), blank=True, + null=True, + on_delete=models.SET_NULL) + users_can_manage_federations = models.BooleanField( + verbose_name=_('users can manage federation'), + default=True, + blank=True, + db_index=True) attributes = GenericRelation(SAMLAttribute) @@ -390,7 +405,7 @@ class LibertyServiceProvider(models.Model): _('The following options policy will apply except if a policy for all service provider is defined.'), default=False) sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, - related_name="sp_options_policy", + related_name="old_isp_options_policy", verbose_name=_('service provider options policy'), blank=True, null=True, on_delete=models.SET_NULL) diff --git a/tests/test_idp_saml2.py b/tests/test_idp_saml2.py index 44fa48d..e770c26 100644 --- a/tests/test_idp_saml2.py +++ b/tests/test_idp_saml2.py @@ -98,10 +98,6 @@ class SamlBaseTestCase(Authentic2TestCase): metadata=sp_meta) self.liberty_provider.clean() self.liberty_provider.save() - self.liberty_service_provider = saml_models.LibertyServiceProvider \ - .objects.create( - liberty_provider=self.liberty_provider, - enabled=True) self.default_sp_options_idp_policy = saml_models.SPOptionsIdPPolicy \ .objects.create( name='Default', -- 2.6.4