entrouvert
/
django-mellon
16
0
Fork 0
Code Issues Pull Requests Releases Activity

accepter des login_hint dans l'URL de login (#76712) #5

Merged
bdauvergne merged 1 commits from wip/76712-Accepter-les-hints-sur-l-URL-de into main 2023-05-02 08:23:27 +02:00
Conversation 0 Commits 1 Files Changed 3 +25 -3
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mellon/utils.py
View File

@ -357,3 +357,13 @@ def is_slo_supported(request, issuer):
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_LOGOUT)
!= lasso.HTTP_METHOD_NONE
)
def get_login_hints_from_request(request):
request_login_hints = request.GET.getlist('login_hint')
login_hints = [
login_hint.strip()
for login_hint in request_login_hints
if login_hint.isascii() and login_hint.isprintable()
]
return login_hints

9
mellon/views.py
View File

@ -591,13 +591,16 @@ class LoginView(ProfileMixin, LogMixin, View):
def add_login_hints(self, idp, authn_request, request, next_url=None):
login_hints = utils.get_setting(idp, 'LOGIN_HINTS', [])
hints = []
hints = set()
for login_hint in login_hints:
if login_hint == 'backoffice':
if next_url and self.is_in_backoffice(request, next_url):
hints.append('backoffice')
hints.add('backoffice')
if login_hint == 'always_backoffice':
hints.append('backoffice')
hints.add('backoffice')
for login_hint in utils.get_login_hints_from_request(request):
hints.add(login_hint)
for hint in hints:
node = ET.Element(LOGIN_HINT)

9
tests/test_sso_slo.py
View File

@ -922,3 +922,12 @@ def test_sso_slo_update_of_new_fields(db, app, idp, caplog, sp_settings):
caplog.clear()
response = app.get(url)
assert len(caplog.records) == 0, 'logout failed'
def test_sso_slo_pass_login_hints_from_request(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login') + '?next=/whatever/&login_hint=azure')
url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
root = ET.fromstring(idp.request)
login_hints = root.findall('.//{https://www.entrouvert.com/}login-hint')
assert len(login_hints) == 1, 'missing login hint'
assert login_hints[0].text == 'azure', 'login hint is not azure'