providers/saml: fix metadata download not being unauthenticated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
7e63a18d37
commit
b299451cab
|
@ -3,11 +3,13 @@ from xml.etree.ElementTree import ParseError # nosec
|
||||||
|
|
||||||
from defusedxml.ElementTree import fromstring
|
from defusedxml.ElementTree import fromstring
|
||||||
from django.http.response import HttpResponse
|
from django.http.response import HttpResponse
|
||||||
|
from django.shortcuts import get_object_or_404
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from drf_yasg.utils import swagger_auto_schema
|
from drf_yasg.utils import swagger_auto_schema
|
||||||
from rest_framework.decorators import action
|
from rest_framework.decorators import action
|
||||||
from rest_framework.fields import CharField, FileField, ReadOnlyField
|
from rest_framework.fields import CharField, FileField, ReadOnlyField
|
||||||
from rest_framework.parsers import MultiPartParser
|
from rest_framework.parsers import MultiPartParser
|
||||||
|
from rest_framework.permissions import AllowAny
|
||||||
from rest_framework.relations import SlugRelatedField
|
from rest_framework.relations import SlugRelatedField
|
||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
|
@ -78,11 +80,12 @@ class SAMLProviderViewSet(ModelViewSet):
|
||||||
serializer_class = SAMLProviderSerializer
|
serializer_class = SAMLProviderSerializer
|
||||||
|
|
||||||
@swagger_auto_schema(responses={200: SAMLMetadataSerializer(many=False)})
|
@swagger_auto_schema(responses={200: SAMLMetadataSerializer(many=False)})
|
||||||
@action(methods=["GET"], detail=True)
|
@action(methods=["GET"], detail=True, permission_classes=[AllowAny])
|
||||||
# pylint: disable=invalid-name, unused-argument
|
# pylint: disable=invalid-name, unused-argument
|
||||||
def metadata(self, request: Request, pk: int) -> Response:
|
def metadata(self, request: Request, pk: int) -> Response:
|
||||||
"""Return metadata as XML string"""
|
"""Return metadata as XML string"""
|
||||||
provider = self.get_object()
|
# We don't use self.get_object() on purpose as this view is un-authenticated
|
||||||
|
provider = get_object_or_404(SAMLProvider, pk=pk)
|
||||||
try:
|
try:
|
||||||
metadata = MetadataProcessor(provider, request).build_entity_descriptor()
|
metadata = MetadataProcessor(provider, request).build_entity_descriptor()
|
||||||
if "download" in request._request.GET:
|
if "download" in request._request.GET:
|
||||||
|
|
|
@ -56,9 +56,10 @@ class TestProviderSAML(SeleniumTestCase):
|
||||||
"SP_SSO_BINDING": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
"SP_SSO_BINDING": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
||||||
"SP_METADATA_URL": (
|
"SP_METADATA_URL": (
|
||||||
self.url(
|
self.url(
|
||||||
"authentik_providers_saml:metadata",
|
"authentik_api:samlprovider-metadata",
|
||||||
application_slug=provider.application.slug,
|
pk=provider.pk,
|
||||||
)
|
)
|
||||||
|
+ "?download"
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
Reference in a new issue