1
|
try:
|
2
|
import lasso
|
3
|
except ImportError:
|
4
|
pass
|
5
|
|
6
|
from qommon import get_cfg, get_logger
|
7
|
import qommon.saml2
|
8
|
|
9
|
|
10
|
class Saml2Directory(qommon.saml2.Saml2Directory):
|
11
|
def extract_attributes(self, session, login):
|
12
|
'''Separate attributes as two dictionaries: one for last value, one for
|
13
|
the list of values.'''
|
14
|
d = {}
|
15
|
m = {}
|
16
|
|
17
|
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
18
|
try:
|
19
|
assertion = lasso_session.getAssertions(None)[0]
|
20
|
except:
|
21
|
get_logger().warn('failed to lookup assertion')
|
22
|
return d, m
|
23
|
|
24
|
try:
|
25
|
for attribute in assertion.attributeStatement[0].attribute:
|
26
|
try:
|
27
|
d[attribute.name] = attribute.attributeValue[0].any[0].content
|
28
|
for attribute_value in attribute.attributeValue:
|
29
|
l = m.setdefault(attribute.name, [])
|
30
|
l.append(attribute_value.any[0].content)
|
31
|
except IndexError:
|
32
|
pass
|
33
|
except IndexError:
|
34
|
pass
|
35
|
return d, m
|
36
|
|
37
|
def fill_user_attributes(self, session, login, user):
|
38
|
qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user)
|
39
|
|
40
|
idp = qommon.saml2.get_remote_provider_cfg(login)
|
41
|
if not idp.get('attribute-mapping'):
|
42
|
self.legacy_fill_user_attributes(session, login, user)
|
43
|
|
44
|
def legacy_fill_user_attributes(self, session, login, user):
|
45
|
'''Fill fields using a legacy attribute to field varname mapping'''
|
46
|
d, m = self.extract_attributes(session, login)
|
47
|
users_cfg = get_cfg('users', {}) or {}
|
48
|
get_logger().debug('using legacy attribute filling')
|
49
|
|
50
|
# standard attributes
|
51
|
user.name = d.get('cn')
|
52
|
user.email = d.get('mail')
|
53
|
|
54
|
# email field
|
55
|
field_email = users_cfg.get('field_email')
|
56
|
if field_email:
|
57
|
user.form_data[field_email] = d.get('mail') or d.get('email')
|
58
|
|
59
|
# name field, this only works if there's a single field for the name
|
60
|
field_name_values = users_cfg.get('field_name')
|
61
|
if field_name_values:
|
62
|
if type(field_name_values) is str: # it was a string in previous versions
|
63
|
field_name_values = [field_name_values]
|
64
|
if len(field_name_values) == 1:
|
65
|
user.form_data[field_name_values[0]] = d.get('cn')
|
66
|
|
67
|
# other fields, matching is done on known LDAP attribute names and
|
68
|
# common variable names
|
69
|
extra_field_mappings = [
|
70
|
('gn', ('firstname', 'prenom')),
|
71
|
('givenName', ('firstname', 'prenom')),
|
72
|
('surname', ('surname', 'name', 'nom',)),
|
73
|
('sn', ('surname', 'name', 'nom',)),
|
74
|
('personalTitle', ('personalTitle', 'civilite',)),
|
75
|
('l', ('location', 'commune', 'ville',)),
|
76
|
('streetAddress', ('streetAddress', 'address', 'adresse', 'street',)),
|
77
|
('street', ('streetAddress', 'address', 'adresse', 'street',)),
|
78
|
('postalCode', ('postalCode', 'codepostal', 'cp',)),
|
79
|
('telephoneNumber', ('telephoneNumber', 'telephonefixe', 'telephone',)),
|
80
|
('mobile', ('mobile', 'telephonemobile',)),
|
81
|
('faxNumber', ('faxNumber', 'fax')),
|
82
|
]
|
83
|
|
84
|
for attribute_key, field_varnames in extra_field_mappings:
|
85
|
if not attribute_key in d:
|
86
|
continue
|
87
|
for field in user.get_formdef().fields:
|
88
|
if field.varname in field_varnames:
|
89
|
user.form_data[field.id] = d.get(attribute_key)
|