Project

General

Profile

Download (2.24 KB) Statistics
| Branch: | Tag: | Revision:

root / extra / modules / saml2.py @ e8b79d7d

1
try:
2
    import lasso
3
except ImportError:
4
    pass
5

    
6
from quixote import get_publisher
7

    
8
from qommon import get_cfg, get_logger
9
import qommon.saml2
10

    
11

    
12
class Saml2Directory(qommon.saml2.Saml2Directory):
13

    
14
    def lookup_user(self, session, login = None, name_id = None):
15
        user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id)
16
        if user:
17
            return user
18

    
19
        # lookup for attributes in assertion and automatically create identity
20
        lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
21
        try:
22
            assertion = lasso_session.getAssertions(None)[0]
23
        except:
24
            return None
25
        
26
        d = {}
27
        try:
28
            for attribute in assertion.attributeStatement[0].attribute:
29
                if attribute.name in ('username', 'mail', 'cn', 'local-admin'):
30
                    try:
31
                        d[attribute.name] = attribute.attributeValue[0].any[0].content
32
                    except IndexError:
33
                        pass
34
        except IndexError:
35
            pass
36

    
37
        if not (d.get('cn') and d.get('mail')):
38
            # only create identity when we have name and email
39
            return None
40

    
41
        user = get_publisher().user_class()
42

    
43
        users_cfg = get_cfg('users', {})
44
        if users_cfg and users_cfg.get('field_email'):
45
            formdata = {}
46

    
47
            field_email = users_cfg.get('field_email')
48
            if field_email:
49
                formdata[field_email] = d.get('mail')
50

    
51
            field_name_values = users_cfg.get('field_name')
52
            if field_name_values:
53
                if type(field_name_values) is str: # it was a string in previous versions
54
                    field_name_values = [field_name_values]
55
                formdata[field_name_values[0]] = d.get('cn')
56
            user.set_attributes_from_formdata(formdata)
57
            user.form_data = formdata
58
        else:
59
            user.name = d.get('cn')
60
            user.email = d.get('mail')
61

    
62
        if d.get('local-admin') == 'true':
63
            user.is_admin = True
64

    
65
        user.name_identifiers.append(login.nameIdentifier.content)
66
        user.store()
67

    
68
        if login:
69
            user.lasso_dump = login.identity.dump()
70
            user.store()
71

    
72
        return user
73

    
(23-23/26)