initial version, based on authentic2_auth_saml
This commit is contained in:
parent
6895bf0281
commit
5a140e21b6
|
@ -0,0 +1,6 @@
|
|||
include COPYING
|
||||
recursive-include src/authentic2_auth_fedict/templates *.html
|
||||
recursive-include src/authentic2_auth_fedict/static *.png
|
||||
recursive-include src/authentic2_auth_fedict/locale *.po *.mo
|
||||
include VERSION
|
||||
include MANIFEST.in
|
|
@ -0,0 +1,38 @@
|
|||
authentic2-auth-fedict
|
||||
======================
|
||||
|
||||
Authentic2 plugin to authenticate against the Belgian Federal Authentication
|
||||
Service provided by Fedict.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
Install with `pip install authentic2-auth-fedict`
|
||||
|
||||
Settings
|
||||
========
|
||||
|
||||
Add `A2_AUTH_FEDICT_ENABLE = True` to your `local_settings.py` file and define
|
||||
the django-mellon adapter:
|
||||
|
||||
MELLON_ADAPTER = ('authentic2_auth_fedict.adapters.AuthenticAdapter',)
|
||||
|
||||
And appropriate django-mellon parameters (MELLON_PUBLIC_KEYS,
|
||||
MELLON_PRIVATE_KEY, MELLON_IDENTITY_PROVIDERS).
|
||||
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option) any
|
||||
later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -0,0 +1,111 @@
|
|||
#!/usr/bin/python
|
||||
import sys
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
from setuptools import setup, find_packages
|
||||
from setuptools.command.install_lib import install_lib as _install_lib
|
||||
from distutils.command.build import build as _build
|
||||
from distutils.command.sdist import sdist
|
||||
from distutils.cmd import Command
|
||||
|
||||
|
||||
class compile_translations(Command):
|
||||
description = 'compile message catalogs to MO files via django compilemessages'
|
||||
user_options = []
|
||||
|
||||
def initialize_options(self):
|
||||
pass
|
||||
|
||||
def finalize_options(self):
|
||||
pass
|
||||
|
||||
def run(self):
|
||||
try:
|
||||
from django.core.management import call_command
|
||||
for path, dirs, files in os.walk('src'):
|
||||
if 'locale' not in dirs:
|
||||
continue
|
||||
curdir = os.getcwd()
|
||||
os.chdir(os.path.realpath(path))
|
||||
call_command('compilemessages')
|
||||
os.chdir(curdir)
|
||||
except ImportError:
|
||||
sys.stderr.write('!!! Please install Django >= 1.4 to build translations\n')
|
||||
|
||||
|
||||
class build(_build):
|
||||
sub_commands = [('compile_translations', None)] + _build.sub_commands
|
||||
|
||||
|
||||
class eo_sdist(sdist):
|
||||
|
||||
def run(self):
|
||||
print "creating VERSION file"
|
||||
if os.path.exists('VERSION'):
|
||||
os.remove('VERSION')
|
||||
version = get_version()
|
||||
version_file = open('VERSION', 'w')
|
||||
version_file.write(version)
|
||||
version_file.close()
|
||||
sdist.run(self)
|
||||
print "removing VERSION file"
|
||||
if os.path.exists('VERSION'):
|
||||
os.remove('VERSION')
|
||||
|
||||
class install_lib(_install_lib):
|
||||
def run(self):
|
||||
self.run_command('compile_translations')
|
||||
_install_lib.run(self)
|
||||
|
||||
|
||||
def get_version():
|
||||
if os.path.exists('VERSION'):
|
||||
version_file = open('VERSION', 'r')
|
||||
version = version_file.read()
|
||||
version_file.close()
|
||||
return version
|
||||
if os.path.exists('.git'):
|
||||
p = subprocess.Popen(['git', 'describe', '--dirty', '--match=v*'], stdout=subprocess.PIPE)
|
||||
result = p.communicate()[0]
|
||||
if p.returncode == 0:
|
||||
version = result.split()[0][1:]
|
||||
version = version.replace('-', '.')
|
||||
return version
|
||||
return '0'
|
||||
|
||||
|
||||
setup(name='authentic2-auth-fedict',
|
||||
version=get_version(),
|
||||
license='AGPLv3',
|
||||
description='Authentic2 Fedict plugin',
|
||||
author="Entr'ouvert",
|
||||
url='https://repos.entrouvert.org/authentic2-auth-fedict.git',
|
||||
author_email="info@entrouvert.com",
|
||||
packages=find_packages('src'),
|
||||
package_dir={
|
||||
'': 'src',
|
||||
},
|
||||
package_data={
|
||||
'authentic2_auth_fedict': [
|
||||
'templates/authentic2_auth_fedict/*.html',
|
||||
'static/authentic2_auth_fedict/img/*.png',
|
||||
'locale/fr/LC_MESSAGES/django.po',
|
||||
'locale/fr/LC_MESSAGES/django.mo',
|
||||
],
|
||||
},
|
||||
install_requires=[
|
||||
'authentic2',
|
||||
],
|
||||
entry_points={
|
||||
'authentic2.plugin': [
|
||||
'authentic2-auth-fedict = authentic2_auth_fedict:Plugin',
|
||||
],
|
||||
},
|
||||
cmdclass={
|
||||
'build': build,
|
||||
'install_lib': install_lib,
|
||||
'compile_translations': compile_translations,
|
||||
'sdist': eo_sdist},
|
||||
zip_safe=False,
|
||||
)
|
|
@ -0,0 +1,36 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
class Plugin(object):
|
||||
def get_before_urls(self):
|
||||
from . import urls
|
||||
return urls.urlpatterns
|
||||
|
||||
def get_apps(self):
|
||||
return ['mellon', __name__]
|
||||
|
||||
def get_authentication_backends(self):
|
||||
return ['authentic2_auth_fedict.backends.FedictBackend']
|
||||
|
||||
def get_auth_frontends(self):
|
||||
return ['authentic2_auth_fedict.auth_frontends.FedictFrontend']
|
||||
|
||||
def redirect_logout_list(self, request, next_url=None):
|
||||
from mellon.views import logout
|
||||
if 'mellon_session' in request.session:
|
||||
response = logout(request)
|
||||
return [response['Location']]
|
||||
return []
|
|
@ -0,0 +1,25 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from mellon.adapters import DefaultAdapter
|
||||
from django.contrib.auth import get_user_model
|
||||
|
||||
class AuthenticAdapter(DefaultAdapter):
|
||||
def create_user(self, user_class):
|
||||
return user_class.objects.create()
|
||||
|
||||
def finish_create_user(self, idp, saml_attributes, user):
|
||||
pass
|
|
@ -0,0 +1,42 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
class AppSettings(object):
|
||||
'''Thanks django-allauth'''
|
||||
__SENTINEL = object()
|
||||
|
||||
def __init__(self, prefix):
|
||||
self.prefix = prefix
|
||||
|
||||
def _setting(self, name, dflt=__SENTINEL):
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
|
||||
v = getattr(settings, self.prefix + name, dflt)
|
||||
if v is self.__SENTINEL:
|
||||
raise ImproperlyConfigured('Missing setting %r' % (self.prefix + name))
|
||||
return v
|
||||
|
||||
@property
|
||||
def enable(self):
|
||||
return self._setting('ENABLE', False)
|
||||
|
||||
|
||||
import sys
|
||||
|
||||
app_settings = AppSettings('A2_AUTH_FEDICT_')
|
||||
app_settings.__name__ = __name__
|
||||
sys.modules[__name__] = app_settings
|
|
@ -0,0 +1,56 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.template.loader import render_to_string
|
||||
from django.template import RequestContext
|
||||
from django.shortcuts import render
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from mellon.utils import get_idp, get_idps
|
||||
|
||||
from authentic2.utils import redirect_to_login
|
||||
|
||||
from . import app_settings
|
||||
|
||||
|
||||
class FedictFrontend(object):
|
||||
def enabled(self):
|
||||
return app_settings.enable and list(get_idps())
|
||||
|
||||
def name(self):
|
||||
return _('Belgian eID')
|
||||
|
||||
def id(self):
|
||||
return 'fedict'
|
||||
|
||||
def login(self, request, *args, **kwargs):
|
||||
context_instance = kwargs.pop('context_instance', None) or RequestContext(request)
|
||||
submit_name = 'login-%s' % self.id()
|
||||
if request.method == 'POST' and submit_name in request.POST:
|
||||
return redirect_to_login(request, login_url='mellon_login')
|
||||
return render(request, 'authentic2_auth_fedict/login.html', {'submit_name': submit_name},
|
||||
context_instance=context_instance)
|
||||
|
||||
def profile(self, request, *args, **kwargs):
|
||||
context_instance = kwargs.pop('context_instance', None) or RequestContext(request)
|
||||
user_saml_identifiers = request.user.saml_identifiers.all()
|
||||
if not user_saml_identifiers:
|
||||
return ''
|
||||
for user_saml_identifier in user_saml_identifiers:
|
||||
user_saml_identifier.idp = get_idp(user_saml_identifier.issuer)
|
||||
return render_to_string('authentic2_auth_fedict/profile.html',
|
||||
{'user_saml_identifiers': user_saml_identifiers},
|
||||
context_instance=context_instance)
|
|
@ -0,0 +1,33 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from mellon.backends import SAMLBackend
|
||||
|
||||
from authentic2.middleware import StoreRequestMiddleware
|
||||
|
||||
|
||||
class FedictBackend(SAMLBackend):
|
||||
def get_saml2_authn_context(self):
|
||||
# Pass AuthnContextClassRef from the previous IdP
|
||||
request = StoreRequestMiddleware.get_request()
|
||||
if request:
|
||||
authn_context_class_ref = request.session.get(
|
||||
'mellon_session', {}).get('authn_context_class_ref')
|
||||
if authn_context_class_ref:
|
||||
return authn_context_class_ref
|
||||
|
||||
import lasso
|
||||
return lasso.SAML2_AUTHN_CONTEXT_PREVIOUS_SESSION
|
|
@ -0,0 +1,34 @@
|
|||
# French translation of Authentic2 Fedict authentication plugin
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
# This file is distributed under the same license as the authentic2-auth-fedict package.
|
||||
# Frederic Peters <fpeters@entrouvert.com>, 2016.
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: authentic2-auth-fedict 1.0\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2016-04-10 14:09+0200\n"
|
||||
"PO-Revision-Date: 2016-04-10 14:09+0200\n"
|
||||
"Last-Translator: Frederic Peters <fpeters@entrouvert.com>\n"
|
||||
"Language-Team: french <fr@li.org>\n"
|
||||
"Language: \n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
|
||||
|
||||
#: auth_frontends.py:18
|
||||
msgid "Belgian eID"
|
||||
msgstr "Carte eID"
|
||||
|
||||
#: templates/authentic2_auth_fedict/login.html:4
|
||||
msgid "You can use your Belgian identity card to log in."
|
||||
msgstr "Vous pouvez utiliser votre carte d'identité pour vous connecter."
|
||||
|
||||
#: templates/authentic2_auth_fedict/login.html:7
|
||||
msgid "Login"
|
||||
msgstr "Connexion"
|
||||
|
||||
#: templates/authentic2_auth_fedict/login.html:9
|
||||
msgid "Cancel"
|
||||
msgstr "Annuler"
|
Binary file not shown.
After Width: | Height: | Size: 59 KiB |
|
@ -0,0 +1,12 @@
|
|||
{% load i18n static %}<form method="post">
|
||||
<img src="{% static "authentic2_auth_fedict/img/beid_image_mini.png" %}"/>
|
||||
<p>
|
||||
{% trans "You can use your Belgian identity card to log in." %}
|
||||
</p>
|
||||
<p>
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Login" %}"/>
|
||||
{% if cancel %}
|
||||
<input type="submit" name="cancel" value="{% trans 'Cancel' %}"/>
|
||||
{% endif %}
|
||||
</form>
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
<h4>SAML</h4>
|
||||
|
||||
<ul>
|
||||
{% for user_saml_identifier in user_saml_identifiers %}
|
||||
<li>{% firstof user_saml_identifier.idp.DISPLAY_NAME user_saml_identifier.issuer %} :
|
||||
{{ user_saml_identifier.name_id }}
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
|
@ -0,0 +1,19 @@
|
|||
# authentic2_auth_fedict - Fedict authentication for Authentic
|
||||
# Copyright (C) 2016 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.conf.urls import patterns, url, include
|
||||
|
||||
urlpatterns = patterns('', url(r'^accounts/saml/', include('mellon.urls')))
|
Loading…
Reference in New Issue