parent
f2426776ff
commit
4586ed4052
|
|
@ -3,10 +3,6 @@ try:
|
|||
except ImportError:
|
||||
pass
|
||||
|
||||
from quixote import get_publisher
|
||||
|
||||
from wcs.roles import Role
|
||||
|
||||
from qommon import get_cfg, get_logger
|
||||
import qommon.saml2
|
||||
|
||||
|
|
@ -15,15 +11,16 @@ class Saml2Directory(qommon.saml2.Saml2Directory):
|
|||
def extract_attributes(self, session, login):
|
||||
'''Separate attributes as two dictionaries: one for last value, one for
|
||||
the list of values.'''
|
||||
d = {}
|
||||
m = {}
|
||||
|
||||
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
||||
try:
|
||||
assertion = lasso_session.getAssertions(None)[0]
|
||||
except:
|
||||
get_logger().warn('failed to lookup assertion')
|
||||
return user
|
||||
return d, m
|
||||
|
||||
d = {}
|
||||
m = {}
|
||||
try:
|
||||
for attribute in assertion.attributeStatement[0].attribute:
|
||||
try:
|
||||
|
|
@ -37,6 +34,13 @@ class Saml2Directory(qommon.saml2.Saml2Directory):
|
|||
pass
|
||||
return d, m
|
||||
|
||||
def fill_user_attributes(self, session, login, user):
|
||||
qommon.saml2.Saml2Directory.fill_user_attributes(self, session, login, user)
|
||||
|
||||
idp = qommon.saml2.get_remote_provider_cfg(login)
|
||||
if not idp.get('attribute-mapping'):
|
||||
self.legacy_fill_user_attributes(session, login, user)
|
||||
|
||||
def legacy_fill_user_attributes(self, session, login, user):
|
||||
'''Fill fields using a legacy attribute to field varname mapping'''
|
||||
d, m = self.extract_attributes(session, login)
|
||||
|
|
@ -83,53 +87,3 @@ class Saml2Directory(qommon.saml2.Saml2Directory):
|
|||
for field in user.get_formdef().fields:
|
||||
if field.varname in field_varnames:
|
||||
user.form_data[field.id] = d.get(attribute_key)
|
||||
|
||||
def lookup_user(self, session, login = None, name_id = None):
|
||||
user = qommon.saml2.Saml2Directory.lookup_user(self, session, login, name_id)
|
||||
|
||||
if not user:
|
||||
user = get_publisher().user_class()
|
||||
# already done by parent.lookup_user() for existing users
|
||||
self.fill_user_attributes(session, login, user)
|
||||
|
||||
# apply legacy mapping when not configured
|
||||
idp = qommon.saml2.get_remote_provider_cfg(login)
|
||||
if not idp.get('attribute-mapping'):
|
||||
self.legacy_fill_user_attributes(session, login, user)
|
||||
|
||||
if user.form_data:
|
||||
user.set_attributes_from_formdata(user.form_data)
|
||||
|
||||
if not (user.name and user.email):
|
||||
# we didn't get useful attributes, forget it.
|
||||
get_logger().warn('failed to get useful attributes from the assertion')
|
||||
return None
|
||||
|
||||
if not login.nameIdentifier.content in user.name_identifiers:
|
||||
user.name_identifiers.append(login.nameIdentifier.content)
|
||||
|
||||
if login and login.identity:
|
||||
user.lasso_dump = login.identity.dump()
|
||||
|
||||
lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
|
||||
assertion = lasso_session.getAssertions(None)[0]
|
||||
for attribute in assertion.attributeStatement[0].attribute:
|
||||
if attribute.name == 'verified_attributes':
|
||||
verified_attributes = [x.any[0].content for x in attribute.attributeValue]
|
||||
if verified_attributes:
|
||||
# XXX: if there are any verified attributes we consider
|
||||
# first and last names are also verified. This is to work
|
||||
# around the fact that those attributes are handled
|
||||
# differently in authentic and cannot be marked as
|
||||
# verified.
|
||||
verified_attributes.extend(['first_name', 'last_name'])
|
||||
verified_fields = []
|
||||
if user.get_formdef() and user.get_formdef().fields:
|
||||
for field in user.get_formdef().fields:
|
||||
if field.varname in verified_attributes:
|
||||
verified_fields.append(field.id)
|
||||
user.verified_fields = verified_fields
|
||||
break
|
||||
|
||||
user.store()
|
||||
return user
|
||||
|
|
|
|||
Reference in New Issue