misc: don't force SAML authentication
This commit is contained in:
parent
48b8ec598a
commit
85cef302e4
|
@ -3,9 +3,5 @@ recursive-include eo_gestion/eo_banque/templates *
|
|||
recursive-include eo_gestion/eo_facture/static *
|
||||
recursive-include eo_gestion/eo_facture/templates *
|
||||
|
||||
include eo_gestion/saml.crt
|
||||
include eo_gestion/saml.key
|
||||
include eo_gestion/idp-metadata.xml
|
||||
|
||||
include MANIFEST.in
|
||||
include VERSION
|
||||
|
|
|
@ -27,10 +27,6 @@ ALLOWED_HOSTS = [
|
|||
'gestion.entrouvert.org',
|
||||
]
|
||||
|
||||
# Force SAML authentification
|
||||
LOGIN_URL = '/accounts/mellon/login'
|
||||
LOGOUT_URL = '/accounts/mellon/logout'
|
||||
|
||||
# Databases configuration
|
||||
# Default: a postgresql local database named "barbacompta"
|
||||
DATABASES = {
|
||||
|
@ -90,4 +86,9 @@ LOGGING = {
|
|||
},
|
||||
}
|
||||
|
||||
|
||||
if os.path.exists('/etc/barbacompta/idp-metadata.xml'):
|
||||
MELLON_PUBLIC_KEYS = ['/etc/barbacompta/saml.crt']
|
||||
MELLON_PRIVATE_KEY = '/etc/barbacompta/saml.key'
|
||||
MELLON_IDENTITY_PROVIDERS = [
|
||||
{'METADATA': '/etc/barbacompta/idp-metadata.xml'}
|
||||
]
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from django.conf import settings
|
||||
from django.contrib import admin
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.contrib.auth.models import *
|
||||
|
@ -8,19 +9,22 @@ from django.views.decorators.cache import never_cache
|
|||
class EOGestionAdminSite(admin.AdminSite):
|
||||
@never_cache
|
||||
def login(self, request, extra_context=None):
|
||||
next_url = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL or '/')
|
||||
query = urlencode({REDIRECT_FIELD_NAME: next_url})
|
||||
url = '/accounts/mellon/login/?{0}'.format(query)
|
||||
return HttpResponseRedirect(url)
|
||||
if settings.MELLON_IDENTITY_PROVIDERS:
|
||||
next_url = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL or '/')
|
||||
query = urlencode({REDIRECT_FIELD_NAME: next_url})
|
||||
url = '/accounts/mellon/login/?{0}'.format(query)
|
||||
return HttpResponseRedirect(url)
|
||||
return super(EOGestionAdminSite, self).login(request, extra_context=extra_context)
|
||||
|
||||
@never_cache
|
||||
def logout(self, request, extra_context=None):
|
||||
next_url = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL or '/')
|
||||
query = urlencode({REDIRECT_FIELD_NAME: next_url})
|
||||
url = '/accounts/mellon/logout/?{0}'.format(query)
|
||||
return HttpResponseRedirect(url)
|
||||
if settings.MELLON_IDENTITY_PROVIDERS:
|
||||
next_url = request.GET.get(REDIRECT_FIELD_NAME, settings.LOGIN_REDIRECT_URL or '/')
|
||||
query = urlencode({REDIRECT_FIELD_NAME: next_url})
|
||||
url = '/accounts/mellon/logout/?{0}'.format(query)
|
||||
return HttpResponseRedirect(url)
|
||||
return super(EOGestionAdminSite, self).logout(request, extra_context=extra_context)
|
||||
|
||||
site = EOGestionAdminSite()
|
||||
site.register(User, UserAdmin)
|
||||
site.register(Group, GroupAdmin)
|
||||
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://cresson.entrouvert.org/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIC+TCCAeGgAwIBAgIJAJqAKDUDlSinMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
|
||||
BAMMCHdob2NhcmVzMB4XDTE0MDUyNzE0MzE0OVoXDTI0MDUyNDE0MzE0OVowEzER
|
||||
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQDrUFQGviUE+unV4afJQiRUPp4/D+Ltvuw59BuJwdNEWHA2vchhnwDLlp3RWKaf
|
||||
SWBJift55C4ybQKn5AEe6FHlIapJPvNqYnVP+0IgUFJmrxTWG9IT/5ZvJS0yer/O
|
||||
093I5HTqthgcByIAj2L4R3oW21HNCojT4WZDYjG6RAxRFU/10BYY1ILe1SPAMXqc
|
||||
99QC5fy2sZEJ/Cyd2Vlt1kAQ1+BZSZCL3vvdLfVRKjKZn2yYp8XbSplAZxB+b/iM
|
||||
duSQHtLaRsV5tizPCdftXECaDn1FKqK0JmcolHFBsfOH2x7I8XEljO/DR/Oy4kzv
|
||||
/cLdZB5fft4+nCqwLzI7fcRFAgMBAAGjUDBOMB0GA1UdDgQWBBSFV52hDdxJAdbM
|
||||
Nht32j7+PyFbKTAfBgNVHSMEGDAWgBSFV52hDdxJAdbMNht32j7+PyFbKTAMBgNV
|
||||
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCoNxpm99qip4nROCedBIbZnqWj
|
||||
EkqHRLvIsm+oxf4Ctc6x/N1d2ngEygfT1xf5N5V221XTOgLCkuqi5r0/T6EB7U9y
|
||||
6ACfVJQmvNaPbFmn2J9rNIAPYPj2cengSZyL3mWyrkPFLj5TsgT98GASX9iThhds
|
||||
Nq6btZUL9ZUq8v3O7Y1uruMHJAACim4eYBjsCXaF7diKYaftFiwZWy1+3IQzUhmg
|
||||
Ov4KR9P9bb+W/43i7zAYmdUrBr31/amEvGHoco7cO2bp43/1H8fFOcnkX0wRdN/k
|
||||
r/hRVIsfeC6ss1NPDu/KzbRVVn5p9qKK6YVqqT3QapnQELgajEfhxpgY7AQx</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/artifact" index="0" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>
|
|
@ -1,18 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIC+TCCAeGgAwIBAgIJAINLQ0+IUSNCMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
|
||||
BAMMCHdob2NhcmVzMB4XDTE1MDIwNDEwNTI1NFoXDTI1MDIwMTEwNTI1NFowEzER
|
||||
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQC+uI3tXvNauKiqtU02pKYfJQCkJQF57n+sDKw5AUxupf5wnwfxkKvQRL1TWY+m
|
||||
c1cOOcT+aDdjVGh0cwJGz+syGn442JgKa5Pm1mNnFeGqDNa1+WHiRgZJfRuDMTQt
|
||||
zQSQ1ocGtXSC1qfwj1YbFxi4haGEZSYlkW1cyhJ6bh0r4pY6H8o7M0A96EdbRpFv
|
||||
HYy0LvRmTkH0Mf5iVINco6gCeHQa2GzJX2B6E+w3kglxuM76rGGZbNa7fVZnFdXN
|
||||
AT/q9xOpBtaI2FBIel2ogA6mzWA5Hgp+05iaFn/yrtY7AcIKLbD9UDyc1X0FiM8h
|
||||
oCvnz8/jws/oyxTyqJhpvxFzAgMBAAGjUDBOMB0GA1UdDgQWBBTch2vjOzCNHlnu
|
||||
M/KU5n5USYzWpjAfBgNVHSMEGDAWgBTch2vjOzCNHlnuM/KU5n5USYzWpjAMBgNV
|
||||
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCdBxPsQ3XyPEH0VvZZyNOISHOa
|
||||
KM2Q5ht5Urmr758UY/nufbZ4ry24iC17JU2xdVvzPD2fUoVZgWhKhTc6lBJcKwNu
|
||||
YfehHVP8mmpTXB9KQ/ZeziXJB+O4+iD1Nw50kYPPEeVyBlU3FnkSwe5o4v7B6zH+
|
||||
dCMTglFwxDwmXdU3alKusagtDh68Z+OqcKPdiC2ewL92oXv4uVqww+Jyr7B4T4+m
|
||||
1EBwP1vg0U9TrtjauNY6823DZGV0MQBbsc0O1IQP8N0/B8juGf4VittDM/jkzZ96
|
||||
YWaWkKnrNN8EO7KrwJeb8lg6EOiCZWA1d0CH1zpzkBj6YD61sPfgxVv0dgef
|
||||
-----END CERTIFICATE-----
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+uI3tXvNauKiq
|
||||
tU02pKYfJQCkJQF57n+sDKw5AUxupf5wnwfxkKvQRL1TWY+mc1cOOcT+aDdjVGh0
|
||||
cwJGz+syGn442JgKa5Pm1mNnFeGqDNa1+WHiRgZJfRuDMTQtzQSQ1ocGtXSC1qfw
|
||||
j1YbFxi4haGEZSYlkW1cyhJ6bh0r4pY6H8o7M0A96EdbRpFvHYy0LvRmTkH0Mf5i
|
||||
VINco6gCeHQa2GzJX2B6E+w3kglxuM76rGGZbNa7fVZnFdXNAT/q9xOpBtaI2FBI
|
||||
el2ogA6mzWA5Hgp+05iaFn/yrtY7AcIKLbD9UDyc1X0FiM8hoCvnz8/jws/oyxTy
|
||||
qJhpvxFzAgMBAAECggEBAJfrksJ+XALsDQ7OFI9uYBV2+CfIgoCKBpEaFyXhbuzE
|
||||
tQUo6L73qqTf3J/EO7UvMy1VvyGYCmbJGduIsUuO256xk9HcVmAWiV3bcJrwxy0Z
|
||||
xP53hA0mEmP/kCbUzuec5AIroKsrZ3/BVU0+ICy8HSj+6UX4/IX4bdD39fgoNnx5
|
||||
RWEfAcfhtVx/bWaMTKW/43uXiZ617BygSni3cXMzueYLRfk/kZ9e2wQTv296tetN
|
||||
1KXC5CmdLvHd3XlZNgs4PTGvDF4FD19rsHTNsyMOLKiaPDfcmnVIT60kt6AIodyZ
|
||||
6WG4aOfpMzQBtsWitzfA5JUSr76Moasnm8Ro391QRkECgYEA4xtedfQOeWubAepI
|
||||
LEXyslaPBsfu0My2CKeL0D5yzRvsDv0UQGvqtp8gF6YvMDT4ZiyVgzw7Estxvnkq
|
||||
CurClq3mGsfUsTU78X4tBJejAwYgFSWvEkaoANb8zjxloB5xGQAFDLyXxJVahEx5
|
||||
nRF/MrUAxWytFNeHh+uNfy3xwssCgYEA1vwh15aqtEYvfF/Sa+YAdUpT+LrCK/9j
|
||||
cfLf39j7at5c8gLEnEGZfUtfxqoXSItpD/0cDqeRuJC/+sFhi+WRdJnijVzYFbrj
|
||||
6HfPGpFRZ7VHShW5dRTeYdAQbpWqFRLCLep4nsJKDvGf1bZxdtyPOs1cmdPnJKhu
|
||||
4vFjdVEkjvkCgYABIFCemyA7P+pb3xKOjaY/dihtay5nAKzibBpIZRbip4HLLTwd
|
||||
eauHTlC1bVCMl6answ7mwLS2SiX9QNKRjUp7vs8GUPlgC5iJgQuuGyZmzG/6St6M
|
||||
Y6dPocFNMIV8fsomypY70u+ZvPfe8hYkTkLoOHeRgxF0qgD1Dpj8CXlKcwKBgF1n
|
||||
qmR6x6wPmm4VS90pTyWmp5k3u0lWaqSFe5NMOOATwJo9baLeNYvkhbZRDFCukXUq
|
||||
6VfMolloOqD+CB26HlpkybPVlOTMEF1eQJMwdAf1EQY1LiCacoxY0+rYB8+kGM3O
|
||||
Q53mmDqp7GH0JJQZ+/j2ZLdJA/I/Y/4iFq5QFOwxAoGBAIiK72PYPYGABjBDhIDJ
|
||||
+vCUCnE0MMZD1zjwSOJfJhtl/+jkiAwCTnoxdt34u52BMOYS3yZEBEUZRhKYJtbW
|
||||
lVkh2QN7IpdDWMMcVJ5A8/zr2zR94FLzGMhj0YP/d98QLQ1Hk2Wri1utm8pBfbZL
|
||||
R5IJHB+CaCv8KfItO1++eC4e
|
||||
-----END PRIVATE KEY-----
|
|
@ -133,12 +133,9 @@ MELLON_ATTRIBUTE_MAPPING = {
|
|||
MELLON_SUPERUSER_MAPPING = {'is_superuser': (u'true',)}
|
||||
MELLON_USERNAME_TEMPLATE = '{attributes[username][0]}'
|
||||
|
||||
MELLON_PUBLIC_KEYS = [os.path.join(BASE_DIR, 'saml.crt')]
|
||||
MELLON_PRIVATE_KEY = os.path.join(BASE_DIR, 'saml.key')
|
||||
MELLON_IDENTITY_PROVIDERS = [
|
||||
{'METADATA': os.path.join(BASE_DIR, 'idp-metadata.xml'),},
|
||||
]
|
||||
|
||||
MELLON_PUBLIC_KEYS = None
|
||||
MELLON_PRIVATE_KEY = None
|
||||
MELLON_IDENTITY_PROVIDERS = None
|
||||
|
||||
local_settings_file = os.environ.get('BARBACOMPTA_SETTINGS_FILE', 'local_settings.py')
|
||||
if os.path.exists(local_settings_file):
|
||||
|
|
Loading…
Reference in New Issue