providers/saml: big cleanup, simplify base processor

add New fields for - assertion_valid_not_before - assertion_valid_not_on_or_after - session_valid_not_on_or_after allow flexible time durations for these fields fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00
parent 2be026dd44
commit e36d7928e4
19 changed files with 495 additions and 392 deletions
--- a/passbook/providers/saml/models.py
+++ b/passbook/providers/saml/models.py
@ -7,7 +7,8 @@ from structlog import get_logger

 from passbook.core.models import PropertyMapping, Provider
 from passbook.lib.utils.reflection import class_to_path, path_to_class
-from passbook.providers.saml.base import Processor
+from passbook.providers.saml.processors.base import Processor
+from passbook.providers.saml.utils.time import timedelta_string_validator

 LOGGER = get_logger()

@ -16,11 +17,44 @@ class SAMLProvider(Provider):
    """Model to save information about a Remote SAML Endpoint"""

    name = models.TextField()
+    processor_path = models.CharField(max_length=255, choices=[])
+
    acs_url = models.URLField()
    audience = models.TextField(default="")
-    processor_path = models.CharField(max_length=255, choices=[])
    issuer = models.TextField()
-    assertion_valid_for = models.IntegerField(default=86400)
+
+    assertion_valid_not_before = models.TextField(
+        default="minutes=5",
+        validators=[timedelta_string_validator],
+        help_text=_(
+            (
+                "Assertion valid not before current time - this value "
+                "(Format: hours=1;minutes=2;seconds=3)."
+            )
+        ),
+    )
+    assertion_valid_not_on_or_after = models.TextField(
+        default="minutes=5",
+        validators=[timedelta_string_validator],
+        help_text=_(
+            (
+                "Assertion not valid on or after current time + this value "
+                "(Format: hours=1;minutes=2;seconds=3)."
+            )
+        ),
+    )
+
+    session_valid_not_on_or_after = models.TextField(
+        default="minutes=86400",
+        validators=[timedelta_string_validator],
+        help_text=_(
+            (
+                "Session not valid on or after current time + this value "
+                "(Format: hours=1;minutes=2;seconds=3)."
+            )
+        ),
+    )
+
    signing = models.BooleanField(default=True)
    signing_cert = models.TextField()
    signing_key = models.TextField()
@ -44,7 +78,7 @@ class SAMLProvider(Provider):
        return self._processor

    def __str__(self):
-        return "SAML Provider %s" % self.name
+        return f"SAML Provider {self.name}"

    def link_download_metadata(self):
        """Get link to download XML metadata for admin interface"""
@ -73,7 +107,7 @@ class SAMLPropertyMapping(PropertyMapping):
    form = "passbook.providers.saml.forms.SAMLPropertyMappingForm"

    def __str__(self):
-        return "SAML Property Mapping %s" % self.saml_name
+        return f"SAML Property Mapping {self.saml_name}"

    class Meta: