misc: allow login_hint parameter in login url (#76712)
gitea/django-mellon/pipeline/head This commit looks good
Details
gitea/django-mellon/pipeline/head This commit looks good
Details
This commit is contained in:
parent
0f7044e7a0
commit
170e728d3a
|
@ -357,3 +357,13 @@ def is_slo_supported(request, issuer):
|
||||||
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_LOGOUT)
|
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_LOGOUT)
|
||||||
!= lasso.HTTP_METHOD_NONE
|
!= lasso.HTTP_METHOD_NONE
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def get_login_hints_from_request(request):
|
||||||
|
request_login_hints = request.GET.getlist('login_hint')
|
||||||
|
login_hints = [
|
||||||
|
login_hint.strip()
|
||||||
|
for login_hint in request_login_hints
|
||||||
|
if login_hint.isascii() and login_hint.isprintable()
|
||||||
|
]
|
||||||
|
return login_hints
|
||||||
|
|
|
@ -591,13 +591,16 @@ class LoginView(ProfileMixin, LogMixin, View):
|
||||||
|
|
||||||
def add_login_hints(self, idp, authn_request, request, next_url=None):
|
def add_login_hints(self, idp, authn_request, request, next_url=None):
|
||||||
login_hints = utils.get_setting(idp, 'LOGIN_HINTS', [])
|
login_hints = utils.get_setting(idp, 'LOGIN_HINTS', [])
|
||||||
hints = []
|
hints = set()
|
||||||
for login_hint in login_hints:
|
for login_hint in login_hints:
|
||||||
if login_hint == 'backoffice':
|
if login_hint == 'backoffice':
|
||||||
if next_url and self.is_in_backoffice(request, next_url):
|
if next_url and self.is_in_backoffice(request, next_url):
|
||||||
hints.append('backoffice')
|
hints.add('backoffice')
|
||||||
if login_hint == 'always_backoffice':
|
if login_hint == 'always_backoffice':
|
||||||
hints.append('backoffice')
|
hints.add('backoffice')
|
||||||
|
|
||||||
|
for login_hint in utils.get_login_hints_from_request(request):
|
||||||
|
hints.add(login_hint)
|
||||||
|
|
||||||
for hint in hints:
|
for hint in hints:
|
||||||
node = ET.Element(LOGIN_HINT)
|
node = ET.Element(LOGIN_HINT)
|
||||||
|
|
|
@ -922,3 +922,12 @@ def test_sso_slo_update_of_new_fields(db, app, idp, caplog, sp_settings):
|
||||||
caplog.clear()
|
caplog.clear()
|
||||||
response = app.get(url)
|
response = app.get(url)
|
||||||
assert len(caplog.records) == 0, 'logout failed'
|
assert len(caplog.records) == 0, 'logout failed'
|
||||||
|
|
||||||
|
|
||||||
|
def test_sso_slo_pass_login_hints_from_request(db, app, idp, caplog, sp_settings):
|
||||||
|
response = app.get(reverse('mellon_login') + '?next=/whatever/&login_hint=azure')
|
||||||
|
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
|
||||||
|
root = ET.fromstring(idp.request)
|
||||||
|
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
|
||||||
|
assert len(login_hints) == 1, 'missing login hint'
|
||||||
|
assert login_hints[0].text == 'azure', 'login hint is not azure'
|
||||||
|
|
Loading…
Reference in New Issue