entrouvert
/
authentic2-idp-ltpa
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

add middleware for automatic authentication, add slo support

This commit is contained in:
Benjamin Dauvergne 2014-03-14 15:18:17 +01:00
parent a0402fa0a8
commit e16d4e294a
6 changed files with 57 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
authentic2_idp_ltpa/__init__.py
View File

@ -8,6 +8,20 @@ class Plugin(object):
def get_apps(self):
return [__name__]
def logout_list(self, request):
if request.session.get('ltpa', False):
url = resolve('ltpa-logout')
ctx = {
'needs_iframe': False,
'name': 'Domino',
'url': url,
'iframe_timeout': 0,
}
content = render_to_string('idp/saml/logout_fragment.html', ctx)
return [content]
return []
from django.utils.six.moves import http_cookies
import Cookie

6
authentic2_idp_ltpa/adapter.py
View File

@ -15,4 +15,10 @@ def get_adapter():
class UserAdapter(object):
def get_username(self, request):
'''What username do we put in the token ?'''
return request.user.username
def can_add_token(self, request):
'''Can we generate a token ?'''
return request.user.is_authenticated() \
and app_settings.USE_MIDDLEWARE

1
authentic2_idp_ltpa/app_settings.py
View File

@ -1,5 +1,6 @@
class AppSettings(object):
__DEFAULTS = {
'USE_MIDDLEWARE': True,
'TOKEN_DURATION': 8*3600,
'TOKEN_SECRET': None,
'COOKIE_NAME': 'LtpaToken',

7
authentic2_idp_ltpa/middleware.py Normal file
View File

@ -0,0 +1,7 @@
from . import views
class LTPAMiddleware(object):
def process_response(self, request, response):
views.add_ltpa_token_to_response(request, response)
return response

3
authentic2_idp_ltpa/urls.py
View File

@ -1,5 +1,6 @@
from django.conf.urls import patterns, url
urlpatterns = patterns('authentic2_idp_ltpa.views',
url('^idp/ltpa/$', 'ltpa'),
url('^idp/ltpa/$', 'ltpa', name='ltpa-login'),
url('^idp/ltpa/logout/$', 'logout', name='ltpa-logout'),
)

36
authentic2_idp_ltpa/views.py
View File

@ -1,22 +1,40 @@
import urlparse
from django.core.exceptions import ImproperlyConfigured
from django.http import HttpResponseRedirect
from django.contrib.auth.decorators import login_required
from django.contrib.auth import REDIRECT_FIELD_NAME
from . import app_settings, utils, adapter
from . import app_settings, utils, adapter as _adapter
def add_ltpa_token_to_response(request, response):
adapter = _adapter.get_adapter()
if not adapter.can_add_token():
return
if app_settings.TOKEN_SECRET is None:
raise ImproperlyConfigured('missing TOKEN_SECRET')
secret = utils.decode_secret(app_settings.TOKEN_SECRET)
user = adapter.get_username(request)
token = utils.generate_domino_ltpa_token(user, secret,
duration=app_settings.TOKEN_DURATION)
domain = app_settings.COOKIE_DOMAIN or \
request.META['HTTP_HOST'].split(':')[0]
response.set_cookie(app_settings.COOKIE_NAME, token, domain=domain,
httponly=app_settings.COOKIE_HTTP_ONLY)
request.session['ltpa'] = True
@login_required
def ltpa(request):
'''Ask for authentication then generate a cookie'''
next_url = request.REQUEST[REDIRECT_FIELD_NAME]
response = HttpResponseRedirect(next_url)
if app_settings.TOKEN_SECRET is None:
raise ImproperlyConfigured('missing TOKEN_SECRET')
secret = utils.decode_secret(app_settings.TOKEN_SECRET)
user = adapter.get_adapter().get_username(request)
token = utils.generate_domino_ltpa_token(user, secret, duration=app_settings.TOKEN_DURATION)
domain = app_settings.COOKIE_DOMAIN or request.META['HTTP_HOST'].split(':')[0]
response.set_cookie(app_settings.COOKIE_NAME, token, domain=domain,
httponly=app_settings.COOKIE_HTTP_ONLY)
add_ltpa_token_to_response(request, response)
return response
def logout(request):
next_url = urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png')
response = HttpResponseRedirect(next_url)
domain = app_settings.COOKIE_DOMAIN or request.META['HTTP_HOST'].split(':')[0]
response.delete_cookie(app_settings.COOKIE_NAME, domain=domain)
return response