Project

General

Profile

Development #7879

When an authnrequest is canceled, statusMessage should contain a message telling what happened.

Added by Benjamin Dauvergne about 4 years ago. Updated about 2 months ago.

Status:
En cours
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
20 Jul 2015
Due date:
% Done:

0%

Patch proposed:
No
Planning:
No

0001-Status-message-added-when-user-refuse-to-consent-or-.patch View (1.47 KB) Josué Kouka, 08 Oct 2015 11:23 AM

0001-7879-adding-translation-to-SAML-response-statusMessa.patch View (1.54 KB) Josué Kouka, 08 Oct 2015 11:56 AM

0001-7879-fixing-status-message-encoding-and-adding-trans.patch View (6.48 KB) Josué Kouka, 09 Oct 2015 09:59 AM

0001-7879-statusMessage-in-SAML-Response-and-tests-added.patch View (2.54 KB) Josué Kouka, 09 Oct 2015 11:23 AM

0001-7879-update-french-translation.patch View (5.12 KB) Josué Kouka, 09 Oct 2015 11:23 AM


Related issues

Related to django-mellon - Bug #7878: Erreur lors de l'annulation d'une tentative de SSO Fermé 20 Jul 2015
Related to Publik - Project management #10245: Gérer les autorisations de se connecter à un service dans authentic Fermé 09 Mar 2016

History

#1 Updated by Benjamin Dauvergne about 4 years ago

  • Related to Bug #7878: Erreur lors de l'annulation d'une tentative de SSO added

#2 Updated by Benjamin Dauvergne almost 4 years ago

In response messages of the SAML protocol there is a part called the Status (an XML element), it contains an unique element the StatusCode which is usually success (see https://www.samltool.com/generic_sso_res.php for an exemple). When the statuscode is not success, it can be accompanied by another element named "StatusMessage" which is a freeform message intended to the user. Currently we do not set such a message when we return a not success error (for example if the user select "cancel" instead of login in).

Points where not succes is returned by authentic must be found (in authentic2/idp/saml2/saml2_endpoints.py) and a statusmessage should be set using a translatable string (lasso expect UTF-8 strings, so the string must be encoded before being set in login.response.status.statusMessage).

#3 Updated by Josué Kouka almost 4 years ago

statusMessage added when user refuses to consent or cancel the login process

#4 Updated by Josué Kouka almost 4 years ago

translation added

#5 Updated by Benjamin Dauvergne almost 4 years ago

I forgot that set_saml2_response_responder_status_code did already handle this, good catch.

This line is erroneous:

_('User canceled login process'.decode('utf-8'))

you must encode and not decode, and it must be done after getting the translated string, like this:

_('msg').encode('utf-8')

Also I would prefer only one patch for these changes (use git rebase), but with one more patch for the translations (do makemessages, then modify src/authentic2/saml/locale/fr/.../django.po to translate both strings).

#7 Updated by Benjamin Dauvergne almost 4 years ago

Ok, par contre on a pour habitude de séparer les patchs au code et aux fichiers des traductions, les patchs aux fichiers de traductions on les nomme générale "update french translation" ou "update translations".

#9 Updated by Frédéric Péters almost 4 years ago

  • Patch proposed changed from No to Yes

#10 Updated by Frédéric Péters almost 4 years ago

De mon côté, je suggérerais que le .encode('utf-8') soit placé à l'intérieur de set_saml2_response_responder_status_code().

#11 Updated by Benjamin Dauvergne almost 4 years ago

Ok avec ça, il manque un test sur le consentement.

#12 Updated by Benjamin Dauvergne almost 4 years ago

  • Assignee changed from Benjamin Dauvergne to Josué Kouka

#13 Updated by Benjamin Dauvergne over 3 years ago

#14 Updated by Benjamin Dauvergne almost 2 years ago

  • Patch proposed changed from Yes to No

Il manque toujours un test sur le consentement (ouais c'est chiant d'avoir à faire des tests qui devraient être là :) ).

#15 Updated by Frédéric Péters about 2 months ago

  • Assignee deleted (Josué Kouka)

Also available in: Atom PDF