2020-05-06 23:20:08 +00:00
|
|
|
"""Single Signon Views"""
|
2020-05-07 17:25:15 +00:00
|
|
|
from django.http import HttpRequest, HttpResponse, HttpResponseBadRequest
|
2020-05-06 23:20:08 +00:00
|
|
|
|
2020-05-15 20:15:01 +00:00
|
|
|
from passbook.channels.out_samlv2.saml.constants import (
|
|
|
|
REQ_KEY_REQUEST,
|
|
|
|
REQ_KEY_SIGNATURE,
|
|
|
|
)
|
|
|
|
from passbook.channels.out_samlv2.saml.parser import SAMLRequest
|
|
|
|
from passbook.channels.out_samlv2.views.base import BaseSAMLView
|
2020-05-06 23:20:08 +00:00
|
|
|
|
2020-05-07 17:25:15 +00:00
|
|
|
# SAML Authentication flow in passbook
|
|
|
|
# - Parse and Verify SAML Request
|
|
|
|
# - Check access to application (this is done after parsing as it might take a few seconds)
|
|
|
|
# - Ask for user authorization (if required from Application)
|
|
|
|
# - Log Access to audit log
|
|
|
|
# - Create response with unique ID to protect against replay
|
|
|
|
|
|
|
|
|
|
|
|
class SAMLPostBindingView(BaseSAMLView):
|
2020-05-06 23:20:08 +00:00
|
|
|
"""Handle SAML POST-type Requests"""
|
|
|
|
|
2020-05-07 17:25:15 +00:00
|
|
|
# pylint: disable=unused-argument
|
|
|
|
def post(self, request: HttpRequest, app_slug: str) -> HttpResponse:
|
|
|
|
"""Handle POST Requests"""
|
|
|
|
if REQ_KEY_REQUEST not in request.POST:
|
|
|
|
return HttpResponseBadRequest()
|
|
|
|
raw_saml_request = request.POST.get(REQ_KEY_REQUEST)
|
|
|
|
detached_signature = request.POST.get(REQ_KEY_SIGNATURE, None)
|
|
|
|
srq = SAMLRequest.parse(raw_saml_request, detached_signature)
|
|
|
|
return self.handle_saml_request(srq)
|
2020-05-06 23:20:08 +00:00
|
|
|
|
2020-05-07 17:25:15 +00:00
|
|
|
|
|
|
|
class SAMLRedirectBindingView(BaseSAMLView):
|
2020-05-06 23:20:08 +00:00
|
|
|
"""Handle SAML Redirect-type Requests"""
|
2020-05-07 17:25:15 +00:00
|
|
|
|
|
|
|
# pylint: disable=unused-argument
|
|
|
|
def get(self, request: HttpRequest, app_slug: str) -> HttpResponse:
|
|
|
|
"""Handle GET Requests"""
|
|
|
|
if REQ_KEY_REQUEST not in request.GET:
|
|
|
|
return HttpResponseBadRequest()
|
|
|
|
raw_saml_request = request.GET.get(REQ_KEY_REQUEST)
|
|
|
|
detached_signature = request.GET.get(REQ_KEY_SIGNATURE, None)
|
|
|
|
srq = SAMLRequest.parse(raw_saml_request, detached_signature)
|
|
|
|
return self.handle_saml_request(srq)
|