general: add django-mellon optional usage (#6195)

2015-01-07 14:10:33 +01:00 · 2015-01-07 14:10:33 +01:00 · 3600e857cc
parent 20fae52c59
commit 3600e857cc
6 changed files with 64 additions and 5 deletions
--- a/12
+++ b/12
@ -68,6 +68,18 @@ Default settings are loaded from settings.py, they can be overloaded by a
 local_settings.py file set in the same directory, or by a file referenced
 in the COMBO_SETTINGS_FILE environment variable.

+SAML authentication can be enabled by setting USE_MELLON = True, this requires
+django-mellon to be installed, and further files and settings are required:
+
+ - public and private keys (in cert.pem and key.cert in the current working
+   directory, or from files defined in the MELLON_PUBLIC_KEYS and
+   MELLON_PRIVATE_KEY settings)
+ - metadata of the identity provider (in idp-metadata.xml, or defined using
+   the MELLON_IDENTITY_PROVIDERS settings)
+
+Details on these options and additional SAML settings are available in the
+documentation of django-mellon.
+

 Blurps (from cmsplugin-blurp module) can be used to define additional cell
 types, the CMS_PLUGIN_BLURP_RENDERERS variable is used to hold them, details
--- a/combo/public/templates/combo/page_template.html
+++ b/combo/public/templates/combo/page_template.html
@ -7,14 +7,16 @@
 </head>
 <body class="page-{{ page.slug }}">
 <div id="title"><h1>{{ page.title }}</h1></div>
- <div id="menu">{% show_menu %}</div>
+ <div id="menu">{% block menu %}{% show_menu %}{% endblock %}</div>
 <div id="content">
  {% block combo-content %}
  {% placeholder "content" %}
  {% endblock %}
 </div>
 <div id="footer">
+  {% block footer %}
  {% placeholder "footer" %}
+  {% endblock %}
 </div>
 </body>
 </html>
--- a/combo/public/templates/mellon/base.html
+++ b/combo/public/templates/mellon/base.html
@ -0,0 +1,11 @@
+{% extends "combo/page_template.html" %}
+
+{% block menu %}{% endblock %}
+
+{% block combo-content %}
+{% block mellon_content %}
+{% endblock %}
+{% endblock %}
+
+{% block footer %}
+{% endblock %}
--- a/combo/public/views.py
+++ b/combo/public/views.py
@ -23,6 +23,8 @@ from django.shortcuts import get_object_or_404, render, resolve_url
 from combo.data.models import CellBase, Page

 def logout(request, next_page=None):
+    if settings.USE_MELLON:
+        return HttpResponseRedirect(resolve_url('mellon_logout'))
    auth_logout(request)
    if next_page is not None:
        next_page = resolve_url(next_page)
--- a/combo/settings.py
+++ b/combo/settings.py
@ -160,7 +160,34 @@ COMBO_PUBLIC_TEMPLATES = {
    },
 }

+# Authentication settings
+LOGIN_REDIRECT_URL = '/'
+
+USE_MELLON = False
+
+MELLON_ATTRIBUTE_MAPPING = {
+    'username': '{attributes[username][0]}',
+    'email': '{attributes[email][0]}',
+    'first_name': '{attributes[first_name][0]}',
+    'last_name': '{attributes[last_name][0]}',
+}
+
+MELLON_USERNAME_TEMPLATE = '{attributes[username][0]}'
+
+MELLON_PUBLIC_KEYS = [os.path.join(BASE_DIR, 'cert.pem')]
+MELLON_PRIVATE_KEY = os.path.join(BASE_DIR, 'key.cert')
+MELLON_IDENTITY_PROVIDERS = [
+        {'METADATA': os.path.join(BASE_DIR, 'idp-metadata.xml'),
+         'GROUP_ATTRIBUTE': 'role'},
+    ]
+
 local_settings_file = os.environ.get('COMBO_SETTINGS_FILE',
        os.path.join(os.path.dirname(__file__), 'local_settings.py'))
 if os.path.exists(local_settings_file):
    execfile(local_settings_file)
+
+if USE_MELLON:
+    INSTALLED_APPS += ('mellon', )
+    AUTHENTICATION_BACKENDS = ('mellon.backends.SAMLBackend', )
+    LOGIN_URL = 'mellon_login'
+    LOGOUT_URL = 'mellon_logout'
--- a/combo/urls.py
+++ b/combo/urls.py
@ -29,6 +29,7 @@ urlpatterns = patterns('',
    url(r'^manage/', decorated_includes(manager_required,
        include(combo_manager_urls))),
    url(r'^admin/', include(admin.site.urls)),
+    url(r'^logout/$', logout, name='auth_logout'),
 )

 # static and media files
@ -38,10 +39,14 @@ urlpatterns += staticfiles_urlpatterns()
 from django.conf.urls.static import static
 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

-urlpatterns += patterns('',
-    url(r'^accounts/login/$', auth_views.login),
-    url(r'^accounts/logout/$', logout, name='auth_logout'),
-)
+if 'mellon' in settings.INSTALLED_APPS:
+    urlpatterns += patterns('',
+        url(r'^accounts/mellon/', include('mellon.urls')),
+    )
+else:
+    urlpatterns += patterns('',
+        url(r'^accounts/login/$', auth_views.login),
+    )

 # other URLs are handled as public URLs
 urlpatterns += patterns('', url(r'', include('combo.public.urls')))