From 97552a6224c13aec2fed4f5001ab34423ee18e40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Tue, 4 May 2021 19:33:37 +0200 Subject: [PATCH] record additional authentication event with nonce (#52446) --- src/authentic2_auth_fedict/views.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/authentic2_auth_fedict/views.py b/src/authentic2_auth_fedict/views.py index b56f228..e93aa59 100644 --- a/src/authentic2_auth_fedict/views.py +++ b/src/authentic2_auth_fedict/views.py @@ -14,12 +14,15 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import urllib.parse import random +from django.conf import settings from django.core import signing from django.urls import reverse from django.db import transaction from django.http import HttpResponseRedirect +from django.shortcuts import resolve_url from django.views.decorators.csrf import csrf_exempt from django.views.generic import View @@ -54,6 +57,16 @@ class LoginView(mellon.views.LoginView): idp = mellon.utils.get_idp(attributes['issuer']) adapter = mellon.utils.get_adapters(idp)[0] user = adapter.lookup_user(idp, attributes) + + # extract nonce from next_url and record an additional authentication + # event with it (as the event recorded in the adapter lacks the nonce). + next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL)) + try: + nonce = urllib.parse.parse_qs(urllib.parse.urlparse(next_url).query)['nonce'][0] + except (KeyError, IndexError): + nonce = None + a2_utils.record_authentication_event(request, 'fedict', nonce=nonce) + if not user.email: adapter.provision_attribute(user, idp, attributes) user.is_active = False