keep local cache of fedict metadata (#31128)
This commit is contained in:
parent
c0fb61b15c
commit
6f94d38764
|
@ -15,15 +15,20 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import datetime
|
||||
import hashlib
|
||||
import logging
|
||||
import os
|
||||
|
||||
import requests
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core.files.storage import default_storage
|
||||
|
||||
import lasso
|
||||
|
||||
from mellon.adapters import DefaultAdapter
|
||||
from mellon.adapters import DefaultAdapter, app_settings
|
||||
import mellon.utils as mellon_utils
|
||||
from authentic2.models import Attribute
|
||||
from authentic2 import utils
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
|
@ -46,6 +51,34 @@ class AuthenticAdapter(DefaultAdapter):
|
|||
def auth_login(self, request, user):
|
||||
utils.login(request, user, 'fedict')
|
||||
|
||||
def get_identity_providers_setting(self):
|
||||
providers = app_settings.IDENTITY_PROVIDERS
|
||||
cache_path = default_storage.path('fedict-cache')
|
||||
if not os.path.exists(cache_path):
|
||||
os.makedirs(cache_path)
|
||||
for idp in providers:
|
||||
if 'METADATA_URL' in idp and 'METADATA' not in idp:
|
||||
url_hash = hashlib.sha1(idp['METADATA_URL']).hexdigest()
|
||||
metadata_cache_filename = os.path.join(cache_path, url_hash)
|
||||
if os.path.exists(metadata_cache_filename):
|
||||
stat_info = os.stat(metadata_cache_filename)
|
||||
if stat_info.st_size and stat_info.st_mtime > (time.time() - 86400):
|
||||
idp['METADATA'] = open(metadata_cache_filename).read().decode('utf-8')
|
||||
continue
|
||||
verify_ssl_certificate = mellon_utils.get_setting(idp, 'VERIFY_SSL_CERTIFICATE')
|
||||
try:
|
||||
response = requests.get(idp['METADATA_URL'], verify=verify_ssl_certificate)
|
||||
response.raise_for_status()
|
||||
except requests.exceptions.RequestException as e:
|
||||
if os.path.exists(metadata_cache_filename):
|
||||
# accept older cache in case of error
|
||||
idp['METADATA'] = open(metadata_cache_filename).read().decode('utf-8')
|
||||
continue
|
||||
idp['METADATA'] = response.text
|
||||
with open(metadata_cache_filename, 'w') as fd:
|
||||
fd.write(response.text.encode('utf-8'))
|
||||
return providers
|
||||
|
||||
def lookup_user(self, idp, saml_attributes):
|
||||
if 'email' in saml_attributes:
|
||||
# XXX: remove email from received attributes for now, this
|
||||
|
|
Loading…
Reference in New Issue