|
1
|
import lasso
|
|
2
|
|
|
3
|
from quixote import get_publisher
|
|
4
|
|
|
5
|
from qommon import get_cfg, get_logger
|
|
6
|
import qommon.saml2
|
|
7
|
|
|
8
|
|
|
9
|
class Saml2Directory(qommon.saml2.Saml2Directory):
|
|
10
|
|
|
11
|
def lookup_user(self, session, login = None, name_id = None):
|
|
12
|
user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id)
|
|
13
|
if user:
|
|
14
|
return user
|
|
15
|
|
|
16
|
# lookup for attributes in assertion and automatically create identity
|
|
17
|
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
|
18
|
try:
|
|
19
|
assertion = lasso_session.getAssertions(None)[0]
|
|
20
|
except:
|
|
21
|
return None
|
|
22
|
|
|
23
|
d = {}
|
|
24
|
try:
|
|
25
|
for attribute in assertion.attributeStatement[0].attribute:
|
|
26
|
if attribute.name in ('username', 'mail', 'cn', 'local-admin'):
|
|
27
|
try:
|
|
28
|
d[attribute.name] = attribute.attributeValue[0].any[0].content
|
|
29
|
except IndexError:
|
|
30
|
pass
|
|
31
|
except IndexError:
|
|
32
|
pass
|
|
33
|
|
|
34
|
if not (d.get('cn') and d.get('mail')):
|
|
35
|
# only create identity when we have name and email
|
|
36
|
return None
|
|
37
|
|
|
38
|
user = get_publisher().user_class()
|
|
39
|
|
|
40
|
users_cfg = get_cfg('users', {})
|
|
41
|
if users_cfg and users_cfg.get('field_email'):
|
|
42
|
formdata = {}
|
|
43
|
|
|
44
|
field_email = users_cfg.get('field_email')
|
|
45
|
if field_email:
|
|
46
|
formdata[field_email] = d.get('mail')
|
|
47
|
|
|
48
|
field_name_values = users_cfg.get('field_name')
|
|
49
|
if field_name_values:
|
|
50
|
if type(field_name_values) is str: # it was a string in previous versions
|
|
51
|
field_name_values = [field_name_values]
|
|
52
|
formdata[field_name_values[0]] = d.get('cn')
|
|
53
|
user.set_attributes_from_formdata(formdata)
|
|
54
|
user.form_data = formdata
|
|
55
|
else:
|
|
56
|
user.name = d.get('cn')
|
|
57
|
user.email = d.get('mail')
|
|
58
|
|
|
59
|
if d.get('local-admin') == 'true':
|
|
60
|
user.is_admin = True
|
|
61
|
|
|
62
|
user.name_identifiers.append(login.nameIdentifier.content)
|
|
63
|
user.store()
|
|
64
|
|
|
65
|
if login:
|
|
66
|
user.lasso_dump = login.identity.dump()
|
|
67
|
user.store()
|
|
68
|
|
|
69
|
return user
|
|
70
|
|