auth_saml: warn if mellon key settings are not set (#68935)
This commit is contained in:
parent
770a1b14b4
commit
b568ead741
|
@ -14,6 +14,7 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.postgres.fields import JSONField
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.db import models
|
||||
|
@ -182,6 +183,11 @@ class SAMLAuthenticator(BaseAuthenticator):
|
|||
request, login_url='mellon_login', params={'entityID': settings['ENTITY_ID']}
|
||||
)
|
||||
|
||||
def has_signing_key(self):
|
||||
return bool(
|
||||
getattr(settings, 'MELLON_PRIVATE_KEY', '') and getattr(settings, 'MELLON_PUBLIC_KEYS', '')
|
||||
)
|
||||
|
||||
def login(self, request, *args, **kwargs):
|
||||
from . import views
|
||||
|
||||
|
|
|
@ -1,6 +1,16 @@
|
|||
{% extends 'authentic2/authenticators/authenticator_detail.html' %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
{% if not object.has_signing_key %}
|
||||
<div class="warningnotice">
|
||||
{% trans "Signing key is missing. You need to set MELLON_PUBLIC_KEYS and MELLON_PRIVATE_KEY settings, otherwise assertions will not be signed." %}
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{{ block.super }}
|
||||
{% endblock %}
|
||||
|
||||
{% block extra-tab-buttons %}
|
||||
<button aria-controls="panel-samlattributelookup" aria-selected="false" id="tab-samlattributelookup" role="tab" tabindex="-1">{% trans "Lookup by attributes" %}</button>
|
||||
<button aria-controls="panel-renameattributeaction" aria-selected="false" id="tab-renameattributeaction" role="tab" tabindex="-1">{% trans "Rename attributes" %}</button>
|
||||
|
|
|
@ -334,6 +334,19 @@ def test_authenticators_saml_hide_metadata_url_advanced_fields(app, superuser, o
|
|||
assert 'Metadata HTTP timeout' in resp.text
|
||||
|
||||
|
||||
def test_authenticators_saml_missing_signing_key(app, superuser, settings):
|
||||
authenticator = SAMLAuthenticator.objects.create(slug='idp1')
|
||||
|
||||
resp = login(app, superuser)
|
||||
resp = app.get(authenticator.get_absolute_url())
|
||||
assert 'Signing key is missing' in resp.text
|
||||
|
||||
settings.MELLON_PRIVATE_KEY = 'xxx'
|
||||
settings.MELLON_PUBLIC_KEYS = ['yyy']
|
||||
resp = app.get(authenticator.get_absolute_url())
|
||||
assert 'Signing key is missing' not in resp.text
|
||||
|
||||
|
||||
def test_authenticators_saml_attribute_lookup(app, superuser):
|
||||
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1')
|
||||
resp = login(app, superuser, path=authenticator.get_absolute_url())
|
||||
|
|
Loading…
Reference in New Issue