From b3f62b5d4320e0aa19a26c92966cded70d279246 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Tue, 2 Sep 2014 12:07:13 +0200 Subject: [PATCH] arcopole: begin replay support --- conf.d/arcopole | 11 +++++++ conf.d/linuxfr_saml_example | 11 ------- local_config.py.example | 20 ------------ mandaye_cud/auth/arcopole.py | 14 ++++++++ mandaye_cud/auth/example.py | 18 ----------- mandaye_cud/config.py | 8 +++-- .../{linuxfr_example.py => arcopole.py} | 32 +++++-------------- mandaye_cud/templates/associate.html | 2 +- 8 files changed, 39 insertions(+), 77 deletions(-) create mode 100644 conf.d/arcopole delete mode 100644 conf.d/linuxfr_saml_example delete mode 100644 local_config.py.example create mode 100644 mandaye_cud/auth/arcopole.py delete mode 100644 mandaye_cud/auth/example.py rename mandaye_cud/mappers/{linuxfr_example.py => arcopole.py} (66%) diff --git a/conf.d/arcopole b/conf.d/arcopole new file mode 100644 index 0000000..c850e27 --- /dev/null +++ b/conf.d/arcopole @@ -0,0 +1,11 @@ +{ + "site_name": "arcopole", + "server_name": ["arco.local:8000"], + "location": "/", + "target": "http://arcopole.local", + "mapper": "arcopole", + "auth_type": "saml2_arcopole", + "saml2_idp_metadata": "http://authentic.local/idp/saml2/metadata", + "saml2_signature_public_key": "certs/saml.crt", + "saml2_signature_private_key": "certs/saml.key" +} diff --git a/conf.d/linuxfr_saml_example b/conf.d/linuxfr_saml_example deleted file mode 100644 index 7918032..0000000 --- a/conf.d/linuxfr_saml_example +++ /dev/null @@ -1,11 +0,0 @@ -{ - "site_name": "linuxfr", - "server_name": ["linuxfrsaml.local:8000"], - "location": "/", - "target": "https://linuxfr.org", - "mapper": "linuxfr", - "auth_type": "saml2", - "saml2_idp_metadata": "http://www.identity-hub.com/idp/saml2/metadata", - "saml2_signature_public_key": "certs/saml.crt", - "saml2_signature_private_key": "certs/saml.key" -} diff --git a/local_config.py.example b/local_config.py.example deleted file mode 100644 index 24df3db..0000000 --- a/local_config.py.example +++ /dev/null @@ -1,20 +0,0 @@ -## Virtual hosts configuration -hosts = { - 'linuxfrsaml.local:8000': [ - { - 'path': r'/', - 'target': 'http://linuxfr.org', - 'mapping': 'mandaye_cud.configs.linuxfr_saml_example.linuxfr_mapping' - }, - ], - - } - -## SQL Backend config -# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html -# rfc 1738 https://tools.ietf.org/html/rfc1738 -# dialect+driver://username:password@host:port/database -db_url = 'sqlite:///test.db' - -## Logging configuration -debug = False diff --git a/mandaye_cud/auth/arcopole.py b/mandaye_cud/auth/arcopole.py new file mode 100644 index 0000000..dcc897e --- /dev/null +++ b/mandaye_cud/auth/arcopole.py @@ -0,0 +1,14 @@ +import base64 + +from mandaye.auth.saml2 import SAML2Auth + +class SamlArcopoleAuth(SAML2Auth): + """ Overload replay for arcopole + """ + + def replay(self, env, post_values): + """ we need to b64encode the password for arcopole """ + pwd = self.form_values['password_field'] + post_values[pwd] = base64.b64encode(post_values[pwd]) + return super(SamlArcopoleAuth, self).replay(env, post_values) + diff --git a/mandaye_cud/auth/example.py b/mandaye_cud/auth/example.py deleted file mode 100644 index b582e36..0000000 --- a/mandaye_cud/auth/example.py +++ /dev/null @@ -1,18 +0,0 @@ -""" -Here you can overload Mandaye default authentification -method like SAML2Auth or AuthForm -""" - -from mandaye.auth.authform import AuthForm -from mandaye.auth.saml2 import SAML2Auth - -class MyAuthSAML(SAML2Auth): - """ Overload Mandaye SAML2Auth authentification - """ - pass - -class MyAuth(AuthForm): - """ Overload Mandaye AuthForm authentification - """ - pass - diff --git a/mandaye_cud/config.py b/mandaye_cud/config.py index 7a7f434..8d1321e 100644 --- a/mandaye_cud/config.py +++ b/mandaye_cud/config.py @@ -10,6 +10,7 @@ from mandaye.exceptions import ImproperlyConfigured # else /etc/mandaye-cam/config.ini # and then /etc/mandaye-cam/local-config.ini BASE_DIR = os.path.dirname(os.path.abspath(__file__)) +print os.path.join(BASE_DIR, 'local-config.ini') SETTINGS_INI = (os.path.join(BASE_DIR, 'default-config.ini'),) if os.environ.get('SETTINGS_INI'): SETTINGS_INI += (os.environ.get('SETTINGS_INI'),) @@ -17,7 +18,7 @@ else: ETC_DIR = os.path.join('/', 'etc', 'mandaye-cam') SETTINGS_INI += ( os.path.join(ETC_DIR, 'config.ini'), - os.path.join(ETC_DIR, 'local-config.ini') + os.path.join(BASE_DIR, 'local-config.ini') ) config = SafeConfigParser() @@ -107,12 +108,13 @@ if config.has_section('template_vars'): # Supported authentification authentifications = { - 'saml2': 'mandaye.auth.saml2.SAML2Auth' + 'saml2': 'mandaye.auth.saml2.SAML2Auth', + 'saml2_arcopole': 'mandaye_cud.auth.arcopole.SamlArcopoleAuth' } # sp mappers mappers = { - 'linuxfr': 'mandaye_cud.mappers.linuxfr_example', + 'arcopole': 'mandaye_cud.mappers.arcopole', } # Raven Sentry configuration diff --git a/mandaye_cud/mappers/linuxfr_example.py b/mandaye_cud/mappers/arcopole.py similarity index 66% rename from mandaye_cud/mappers/linuxfr_example.py rename to mandaye_cud/mappers/arcopole.py index 46990b8..eb730df 100644 --- a/mandaye_cud/mappers/linuxfr_example.py +++ b/mandaye_cud/mappers/arcopole.py @@ -21,15 +21,14 @@ login_url, form_attrs, post_fields and username_field are obligatory * mapping """ -from mandaye.auth.saml2 import END_POINTS_PATH from mandaye_cud.filters.example import ReplayFilter form_values = { - 'login_url': '/compte/connexion', - 'form_attrs': { 'id': 'new_account' }, - 'post_fields': ['account[login]', 'account[password]'], - 'username_field': 'account[login]', - 'password_field': 'account[password]', + 'login_url': '/studio/accueil', + 'form_attrs': { 'id': 'login-form' }, + 'post_fields': ['username', 'password'], + 'username_field': 'username', + 'password_field': 'password', } urls = { @@ -45,7 +44,7 @@ mapping = [ 'method': 'GET', 'response': { 'auth': 'login', - 'values': {'condition': 'response.code==302'}, + 'values': {'condition': "'success' in response.msg"}, }, }, { @@ -66,7 +65,7 @@ mapping = [ 'values': { 'action': urls['associate_url'], 'template': 'associate.html', - 'sp_name': 'Linux FR', + 'sp_name': 'Arcopole', 'login_name': form_values['username_field'], 'password_name': form_values['password_field'], }, @@ -77,23 +76,8 @@ mapping = [ 'method': 'POST', 'response': { 'auth': 'associate_submit', - 'values': {'condition': "response.code==302"} + 'values': {'condition': "'success' in response.msg"} }, }, - { - 'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'], - 'method': 'POST', - 'response': {'auth': 'single_sign_on_post'} - }, - { - 'path': r'%s$' % END_POINTS_PATH['single_logout'], - 'method': 'GET', - 'response': {'auth': 'single_logout',} - }, - { - 'path': r'%s$' % END_POINTS_PATH['single_logout_return'], - 'method': 'GET', - 'response': {'auth': 'single_logout_return',} - }, ] diff --git a/mandaye_cud/templates/associate.html b/mandaye_cud/templates/associate.html index 972f03d..338c68a 100644 --- a/mandaye_cud/templates/associate.html +++ b/mandaye_cud/templates/associate.html @@ -27,7 +27,7 @@