trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/saml: make metadata accessible without authentication

This commit is contained in:
Jens Langhammer 2020-06-20 21:51:52 +02:00
parent e4cb9b7ff9
commit 3753275453
6 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
passbook/providers/saml/migrations/0004_auto_20200620_1950.py Normal file
View File

@ -0,0 +1,22 @@
# Generated by Django 3.0.7 on 2020-06-20 19:50
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("passbook_providers_saml", "0003_samlprovider_sp_binding"),
]
operations = [
migrations.AlterField(
model_name="samlprovider",
name="sp_binding",
field=models.TextField(
choices=[("redirect", "Redirect"), ("post", "Post")],
default="redirect",
verbose_name="Service Prodier Binding",
),
),
]

6
passbook/providers/saml/models.py
View File

@ -34,7 +34,9 @@ class SAMLProvider(Provider):
audience = models.TextField(default="") audience = models.TextField(default="")
issuer = models.TextField(help_text=_("Also known as EntityID")) issuer = models.TextField(help_text=_("Also known as EntityID"))
sp_binding = models.TextField( sp_binding = models.TextField(
choices=SAMLBindings.choices, default=SAMLBindings.REDIRECT choices=SAMLBindings.choices,
default=SAMLBindings.REDIRECT,
verbose_name=_("Service Prodier Binding"),
) )
assertion_valid_not_before = models.TextField( assertion_valid_not_before = models.TextField(
@ -142,7 +144,7 @@ class SAMLProvider(Provider):
# pylint: disable=no-member # pylint: disable=no-member
metadata = DescriptorDownloadView.get_metadata(request, self) metadata = DescriptorDownloadView.get_metadata(request, self)
return render_to_string( return render_to_string(
"saml/idp/admin_metadata_modal.html", "providers/saml/admin_metadata_modal.html",
{"provider": self, "metadata": metadata}, {"provider": self, "metadata": metadata},
) )
except Provider.application.RelatedObjectDoesNotExist: except Provider.application.RelatedObjectDoesNotExist:

4
passbook/providers/saml/processors/base.py
View File

@ -132,7 +132,9 @@ class Processor:
continue continue
self._assertion_params["ATTRIBUTES"] = attributes self._assertion_params["ATTRIBUTES"] = attributes
self._assertion_xml = get_assertion_xml( self._assertion_xml = get_assertion_xml(
"providers/saml/xml/assertions/generic.xml", self._assertion_params, signed=True "providers/saml/xml/assertions/generic.xml",
self._assertion_params,
signed=True,
) )
def _format_response(self): def _format_response(self):

4
passbook/providers/saml/processors/salesforce.py
View File

@ -10,5 +10,7 @@ class SalesForceProcessor(GenericProcessor):
def _format_assertion(self): def _format_assertion(self):
super()._format_assertion() super()._format_assertion()
self._assertion_xml = get_assertion_xml( self._assertion_xml = get_assertion_xml(
"providers/saml/xml/assertions/salesforce.xml", self._assertion_params, signed=True "providers/saml/xml/assertions/salesforce.xml",
self._assertion_params,
signed=True,
) )

4
passbook/providers/saml/utils/xml_render.py
View File

@ -48,7 +48,9 @@ def _get_in_response_to(params):
def _get_subject(params): def _get_subject(params):
"""Insert Subject. Modifies the params dict.""" """Insert Subject. Modifies the params dict."""
params["SUBJECT_STATEMENT"] = render_to_string("providers/saml/xml/subject.xml", params) params["SUBJECT_STATEMENT"] = render_to_string(
"providers/saml/xml/subject.xml", params
)
def get_assertion_xml(template, parameters, signed=False): def get_assertion_xml(template, parameters, signed=False):

14
passbook/providers/saml/views.py
View File

@ -229,7 +229,7 @@ class SAMLFlowFinalView(StageView):
return bad_request_message(request, "Invalid sp_binding specified") return bad_request_message(request, "Invalid sp_binding specified")
class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View): class DescriptorDownloadView(View):
"""Replies with the XML Metadata IDSSODescriptor.""" """Replies with the XML Metadata IDSSODescriptor."""
@staticmethod @staticmethod
@ -263,14 +263,12 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse: def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
"""Replies with the XML Metadata IDSSODescriptor.""" """Replies with the XML Metadata IDSSODescriptor."""
self.application = get_object_or_404(Application, slug=application_slug) application = get_object_or_404(Application, slug=application_slug)
self.provider: SAMLProvider = get_object_or_404( provider: SAMLProvider = get_object_or_404(
SAMLProvider, pk=self.application.provider_id SAMLProvider, pk=application.provider_id
) )
if not self._has_access():
raise PermissionDenied()
try: try:
metadata = DescriptorDownloadView.get_metadata(request, self.provider) metadata = DescriptorDownloadView.get_metadata(request, provider)
except Provider.application.RelatedObjectDoesNotExist: # pylint: disable=no-member except Provider.application.RelatedObjectDoesNotExist: # pylint: disable=no-member
return bad_request_message( return bad_request_message(
request, "Provider is not assigned to an application." request, "Provider is not assigned to an application."
@ -279,5 +277,5 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
response = HttpResponse(metadata, content_type="application/xml") response = HttpResponse(metadata, content_type="application/xml")
response[ response[
"Content-Disposition" "Content-Disposition"
] = f'attachment; filename="{self.provider.name}_passbook_meta.xml"' ] = f'attachment; filename="{provider.name}_passbook_meta.xml"'
return response return response