| 1 |
b37d4241
|
Frédéric Péters
|
try:
|
| 2 |
|
|
import lasso
|
| 3 |
|
|
except ImportError:
|
| 4 |
|
|
pass
|
| 5 |
a67e8943
|
Frédéric Péters
|
|
| 6 |
75b0cf02
|
Frédéric Péters
|
from quixote import get_publisher
|
| 7 |
|
|
|
| 8 |
42c14444
|
Frédéric Péters
|
from qommon import get_cfg, get_logger
|
| 9 |
|
|
import qommon.saml2
|
| 10 |
|
|
|
| 11 |
|
|
|
| 12 |
|
|
class Saml2Directory(qommon.saml2.Saml2Directory):
|
| 13 |
|
|
|
| 14 |
|
|
def lookup_user(self, session, login = None, name_id = None):
|
| 15 |
03aee172
|
Frédéric Péters
|
user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id)
|
| 16 |
|
|
if user:
|
| 17 |
|
|
return user
|
| 18 |
|
|
|
| 19 |
|
|
# lookup for attributes in assertion and automatically create identity
|
| 20 |
|
|
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
| 21 |
|
|
try:
|
| 22 |
|
|
assertion = lasso_session.getAssertions(None)[0]
|
| 23 |
|
|
except:
|
| 24 |
|
|
return None
|
| 25 |
|
|
|
| 26 |
|
|
d = {}
|
| 27 |
|
|
try:
|
| 28 |
|
|
for attribute in assertion.attributeStatement[0].attribute:
|
| 29 |
|
|
if attribute.name in ('username', 'mail', 'cn', 'local-admin'):
|
| 30 |
|
|
try:
|
| 31 |
|
|
d[attribute.name] = attribute.attributeValue[0].any[0].content
|
| 32 |
|
|
except IndexError:
|
| 33 |
|
|
pass
|
| 34 |
|
|
except IndexError:
|
| 35 |
|
|
pass
|
| 36 |
|
|
|
| 37 |
|
|
if not (d.get('cn') and d.get('mail')):
|
| 38 |
|
|
# only create identity when we have name and email
|
| 39 |
|
|
return None
|
| 40 |
|
|
|
| 41 |
|
|
user = get_publisher().user_class()
|
| 42 |
|
|
|
| 43 |
|
|
users_cfg = get_cfg('users', {})
|
| 44 |
|
|
if users_cfg and users_cfg.get('field_email'):
|
| 45 |
|
|
formdata = {}
|
| 46 |
|
|
|
| 47 |
|
|
field_email = users_cfg.get('field_email')
|
| 48 |
|
|
if field_email:
|
| 49 |
|
|
formdata[field_email] = d.get('mail')
|
| 50 |
|
|
|
| 51 |
|
|
field_name_values = users_cfg.get('field_name')
|
| 52 |
|
|
if field_name_values:
|
| 53 |
|
|
if type(field_name_values) is str: # it was a string in previous versions
|
| 54 |
|
|
field_name_values = [field_name_values]
|
| 55 |
|
|
formdata[field_name_values[0]] = d.get('cn')
|
| 56 |
|
|
user.set_attributes_from_formdata(formdata)
|
| 57 |
|
|
user.form_data = formdata
|
| 58 |
42c14444
|
Frédéric Péters
|
else:
|
| 59 |
03aee172
|
Frédéric Péters
|
user.name = d.get('cn')
|
| 60 |
|
|
user.email = d.get('mail')
|
| 61 |
|
|
|
| 62 |
|
|
if d.get('local-admin') == 'true':
|
| 63 |
|
|
user.is_admin = True
|
| 64 |
|
|
|
| 65 |
|
|
user.name_identifiers.append(login.nameIdentifier.content)
|
| 66 |
|
|
user.store()
|
| 67 |
42c14444
|
Frédéric Péters
|
|
| 68 |
|
|
if login:
|
| 69 |
|
|
user.lasso_dump = login.identity.dump()
|
| 70 |
|
|
user.store()
|
| 71 |
|
|
|
| 72 |
|
|
return user
|