WIP Use Flows for Sources and Providers (#32)

* core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/*: fix flow executor URL * flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/*: update docstrings of models * core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting
2020-06-07 16:35:08 +02:00
parent f91e02a0ec
commit 4915205678
81 changed files with 1609 additions and 529 deletions
--- a/passbook/sources/saml/views.py
+++ b/passbook/sources/saml/views.py
@ -1,8 +1,9 @@
 """saml sp views"""
-from django.contrib.auth import login, logout
+from django.contrib.auth import logout
 from django.http import Http404, HttpRequest, HttpResponse
-from django.shortcuts import get_object_or_404, redirect, render, reverse
+from django.shortcuts import get_object_or_404, redirect, render
 from django.utils.decorators import method_decorator
+from django.utils.http import urlencode
 from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 from signxml.util import strip_pem_header
@ -15,7 +16,7 @@ from passbook.sources.saml.exceptions import (
    MissingSAMLResponse,
    UnsupportedNameIDFormat,
 )
-from passbook.sources.saml.models import SAMLSource
+from passbook.sources.saml.models import SAMLBindingTypes, SAMLSource
 from passbook.sources.saml.processors.base import Processor
 from passbook.sources.saml.utils import build_full_url, get_issuer
 from passbook.sources.saml.xml_render import get_authnrequest_xml
@ -40,16 +41,20 @@ class InitiateView(View):
        }
        authn_req = get_authnrequest_xml(parameters, signed=False)
        _request = nice64(str.encode(authn_req))
-        return render(
-            request,
-            "saml/sp/login.html",
-            {
-                "request_url": source.idp_url,
-                "request": _request,
-                "token": sso_destination,
-                "source": source,
-            },
-        )
+        if source.binding_type == SAMLBindingTypes.Redirect:
+            return redirect(source.idp_url + "?" + urlencode({"SAMLRequest": _request}))
+        if source.binding_type == SAMLBindingTypes.POST:
+            return render(
+                request,
+                "saml/sp/login.html",
+                {
+                    "request_url": source.idp_url,
+                    "request": _request,
+                    "token": sso_destination,
+                    "source": source,
+                },
+            )
+        raise Http404


@method_decorator(csrf_exempt, name="dispatch")
@ -68,9 +73,7 @@ class ACSView(View):
            return bad_request_message(request, str(exc))

        try:
-            user = processor.get_user()
-            login(request, user, backend="django.contrib.auth.backends.ModelBackend")
-            return redirect(reverse("passbook_core:overview"))
+            return processor.prepare_flow(request)
        except UnsupportedNameIDFormat as exc:
            return bad_request_message(request, str(exc))