bump version: 0.1.4-beta -> 0.1.5-beta

Resolve "Custom Property Mapping"

Closes #22

See merge request BeryJu.org/passbook!8

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.1.2-beta
+current_version = 0.1.5-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)

.gitlab-ci.yml

@@ -53,7 +53,7 @@ package-docker:
   before_script:
     - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
   script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.2-beta
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.5-beta
   stage: build
   only:
     - tags
@@ -68,54 +68,29 @@ package-helm:
   only:
     - tags
     - /^version/.*$/
-# package-3.5:
+package-debian:
-#   before_script:
+  before_script:
-#     - apt update
+    - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
+    - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev
-#     - cp debian/control-3.5 debian/control
+    - mk-build-deps debian/control
-#     - mk-build-deps debian/control
+    - apt install ./*build-deps*deb -f -y
-#     - apt install ./*build-deps*deb -f -y
+    - python3 -m pip install -U virtualenv pip
-#     - "python3 -m pip install -U virtualenv"
+    - virtualenv env
-#     - "virtualenv env"
+    - source env/bin/activate
-#     - "source env/bin/activate"
+    - pip3 install -U -r requirements.txt -r requirements-dev.txt
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
+  image: ubuntu:18.04
-#   image: debian
+  script:
-#   script:
+    - debuild -us -uc
-#     - debuild -us -uc
+    - cp ../passbook*.deb .
-#     - cp ../passbook*.deb .
+    - ./manage.py nexus_upload --method post --url $NEXUS_URL --auth $NEXUS_AUTH --repo apt passbook*deb
-#     - python manage.py nexus_upload
+  artifacts:
-#   artifacts:
+    paths:
-#     paths:
+    - passbook*deb
-#     - passbook-python3.5*deb
+    expire_in: 2 days
-#     expire_in: 2 days
+  stage: build
-#   stage: build
+  only:
-#   only:
+  - tags
-#   - tags
+  - /^version/.*$/
-#   - /^debian/.*$/
-# package-3.6:
-#   before_script:
-#     - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
-#     - cp debian/control-3.6 debian/control
-#     - mk-build-deps debian/control
-#     - apt install ./*build-deps*deb -f -y
-#     - "python3 -m pip install -U virtualenv"
-#     - "virtualenv env"
-#     - "source env/bin/activate"
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
-#   image: debian:buster
-#   script:
-#     - debuild -us -uc
-#     - cp ../passbook*.deb .
-#     - python manage.py nexus_upload
-#   artifacts:
-#     paths:
-#     - passbook-python3.6*deb
-#     expire_in: 2 days
-#   stage: build
-#   only:
-#     - tags
-#     - /^debian/.*$r
 
 # docs:
 #   stage: docs

debian/changelog

@@ -0,0 +1,5 @@
+passbook (0.1.4) stable; urgency=medium
+
+  * initial debian package release
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 06 Mar 2019 18:22:41 +0000

debian/compat

@@ -0,0 +1 @@
+10

debian/config

@@ -0,0 +1,20 @@
+#!/bin/sh
+# config maintainer script for passbook
+set -e
+
+# source debconf stuff
+. /usr/share/debconf/confmodule
+
+dbc_first_version=1.0.0
+dbc_dbuser=passbook
+dbc_dbname=passbook
+
+# source dbconfig-common shell library, and call the hook function
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/config.pgsql
+    dbc_go passbook "$@"
+fi
+
+#DEBHELPER#
+
+exit 0

debian/control

@@ -0,0 +1,14 @@
+Source: passbook
+Section: admin
+Priority: optional
+Maintainer: BeryJu.org <support@beryju.org>
+Uploaders: Jens Langhammer <jens@beryju.org>, BeryJu.org <support@beryju.org>
+Build-Depends: debhelper (>= 10), dh-systemd (>= 1.5), dh-exec, wget, dh-exec, python3 (>= 3.5) | python3.6 | python3.7
+Standards-Version: 3.9.6
+
+Package: passbook
+Architecture: all
+Recommends: mysql-server, redis-server
+Pre-Depends: adduser, libldap2-dev, libsasl2-dev
+Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}
+Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more.

debian/copyright

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2019 BeryJu.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

debian/dirs

@@ -0,0 +1,4 @@
+etc/passbook/
+etc/passbook/config.d/
+var/log/passbook/
+usr/share/passbook/

debian/etc/passbook/config.yml

@@ -0,0 +1,44 @@
+debug: false
+http:
+    host: 0.0.0.0
+    port: 8000
+secret_key_file: /etc/passbook/secret_key
+log:
+    level:
+        console: INFO
+        file: DEBUG
+    file: /var/log/passbook/passbook.log
+# Error reporting, disabled by default
+# error_report_enabled: true
+
+# Set this to the server's external address.
+# This is used to generate external URLs
+external_url: http://image.example.com
+
+# This dictates how the Path is generated
+# can be either of:
+# - view_sha512_short
+# - view_md5
+# - view_sha256
+# - view_sha512
+default_return_view: view_sha256
+
+# Set this to true if you only want to use external authentication
+external_auth_only: false
+
+# If this is true, images are automatically claimed if the windows user exists
+# in django
+auto_claim_enabled: true
+
+# LDAP Authentication
+# ldap:
+#     enabled: false
+#     server:
+#         uri: 'ldap://dc1.example.com'
+#         tls: false
+#     bind:
+#         dn: ''
+#         password: ''
+#     search_base: ''
+#     filter: '(sAMAccountName=%(user)s)'
+#     require_group: ''

debian/gbp.conf

@@ -0,0 +1,2 @@
+[buildpackage]
+export-dir=../build-area

debian/install

@@ -0,0 +1,8 @@
+passbook		/usr/share/passbook/
+static			/usr/share/passbook/
+manage.py		/usr/share/passbook/
+passbook.sh		/usr/share/passbook/
+vendor			/usr/share/passbook/
+
+debian/etc/passbook								/etc/
+debian/templates/database.yml					/usr/share/passbook/

debian/passbook-worker.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy (Background worker)
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh worker
+
+[Install]
+WantedBy=multi-user.target

debian/passbook.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh web
+
+[Install]
+WantedBy=multi-user.target

debian/postinst

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/postinst.pgsql
+
+# you can set the default database encoding to something else
+dbc_pgsql_createdb_encoding="UTF8"
+dbc_generate_include=template:/etc/passbook/config.d/database.yml
+dbc_generate_include_args="-o template_infile=/usr/share/passbook/database.yml"
+dbc_go passbook "$@"
+
+if [ -z "`getent group passbook`" ]; then
+	addgroup --quiet --system passbook
+fi
+if [ -z "`getent passwd passbook`" ]; then
+	echo " * Creating user and group passbook..."
+	adduser --quiet --system --home /usr/share/passbook --shell /bin/false --ingroup passbook --disabled-password --disabled-login --gecos "passbook User" passbook  >> /var/log/passbook/passbook.log 2>&1
+fi
+echo " * Updating binary packages (psycopg2)"
+python3 -m pip install --target=/usr/share/passbook/vendor/ --no-cache-dir --upgrade --force-reinstall psycopg2 >> /var/log/passbook/passbook.log 2>&1
+if [ ! -f '/etc/passbook/secret_key' ]; then
+	echo " * Generating Secret Key"
+	python3 -c 'import random; result = "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)]); print(result)' > /etc/passbook/secret_key 2> /dev/null
+fi
+chown -R passbook: /usr/share/passbook/
+chown -R passbook: /etc/passbook/
+chown -R passbook: /var/log/passbook/
+chmod 440 /etc/passbook/secret_key
+echo " * Running Database Migration"
+/usr/share/passbook/passbook.sh migrate
+echo " * A superuser can be created with this command '/usr/share/passbook/passbook.sh createsuperuser'"
+echo " * You should probably also adjust your settings in '/etc/passbook/config.yml'"
+
+#DEBHELPER#

debian/postrm

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+if [ -f /usr/share/debconf/confmodule ]; then
+    . /usr/share/debconf/confmodule
+fi
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+    dbc_go passbook "$@"
+fi
+
+
+if [ "$1" = "purge" ]; then
+    if which ucf >/dev/null 2>&1; then
+        ucf --purge /etc/passbook/config.d/database.yml
+        ucfr --purge passbook /etc/passbook/config.d/database.yml
+    fi
+    rm -rf /etc/passbook/
+    rm -rf /usr/share/passbook/
+fi
+
+#DEBHELPER#
+

debian/prerm

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/prerm.pgsql
+dbc_go passbook "$@"
+
+#DEBHELPER#
+

debian/rules

@@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+
+%:
+	dh $@ --with=systemd
+
+build-arch:
+	python3 -m pip install setuptools
+	python3 -m pip install --target=vendor/ -r requirements.txt
+
+override_dh_strip:
+	dh_strip --exclude=psycopg2
+
+override_dh_shlibdeps:
+	dh_shlibdeps --exclude=psycopg2
+
+override_dh_installinit:
+	dh_installinit --name=passbook
+	dh_installinit --name=passbook-worker
+	dh_systemd_enable --name=passbook
+	dh_systemd_enable --name=passbook-worker
+	dh_systemd_start
+
+# override_dh_usrlocal to do nothing
+override_dh_usrlocal:

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

debian/templates/database.yml

@@ -0,0 +1,8 @@
+databases:
+  default:
+    engine: django.db.backends.postgresql
+    name: _DBC_DBNAME_
+    user: _DBC_DBUSER_
+    password: _DBC_DBPASS_
+    host: _DBC_DBSERVER_
+    port: _DBC_DBPORT_

helm/passbook/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.1.2-beta"
+appVersion: "0.1.5-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.1.2-beta"
+version: "0.1.5-beta"
 icon: https://passbook.beryju.org/images/logo.png

helm/passbook/templates/passbook-configmap.yaml

@@ -50,6 +50,7 @@ data:
         {{- range .Values.ingress.hosts }}
         - {{ . | quote }}
         {{- end }}
+        - kubernetes-healthcheck-host
 
     passbook:
       sign_up:
@@ -130,6 +131,7 @@ data:
       # List of python packages with provider types to load.
       types:
         - passbook.saml_idp.processors.generic
+        - passbook.saml_idp.processors.aws
         - passbook.saml_idp.processors.gitlab
         - passbook.saml_idp.processors.nextcloud
         - passbook.saml_idp.processors.salesforce

helm/passbook/values.yaml

@@ -5,7 +5,7 @@
 replicaCount: 1
 
 image:
-  tag: 0.1.2-beta
+  tag: 0.1.5-beta
 
 nameOverride: ""
 

passbook.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Check if this file is a symlink, if so, read real base dir
+BASE_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
+
+cd $BASE_DIR
+PYTHONPATH="${BASE_DIR}/vendor/" python3 manage.py $@

passbook/__init__.py

@@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/admin/__init__.py

@@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/admin/templates/administration/base.html

@@ -8,22 +8,32 @@
     <li class="{% is_active 'passbook_admin:overview' %}">
         <a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
+    <li
+        class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
         <a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
+    <li
+        class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
         <a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
+    <li
+        class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
         <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
+    <li
+        class="{% is_active 'passbook_admin:property-mappings' 'passbook_admin:property-mapping-create' 'passbook_admin:property-mapping-update' 'passbook_admin:property-mapping-delete' %}">
+        <a href="{% url 'passbook_admin:property-mappings' %}">{% trans 'Property Mappings' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
         <a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
+    <li
+        class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
         <a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
     </li>
-  <li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
+    <li
+        class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
         <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
     </li>
     <li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">

passbook/admin/templates/administration/property_mapping/list.html

@@ -0,0 +1,52 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
+    <span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for property_mapping in object_list %}
+            <tr>
+                <td>{{ property_mapping.name }} ({{ property_mapping.slug }})</td>
+                <td>{{ property_mapping|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/generic/form.html

@@ -3,6 +3,11 @@
 {% load i18n %}
 {% load utils %}
 
+{% block head %}
+{{ block.super }}
+{{ form.media.css }}
+{% endblock %}
+
 {% block content %}
 <div class="container">
   {% block above_form %}
@@ -16,3 +21,8 @@
   </div>
 </div>
 {% endblock %}
+
+{% block scripts %}
+{{ block.super }}
+{{ form.media.js }}
+{% endblock %}

passbook/admin/urls.py

@@ -2,8 +2,8 @@
 from django.urls import include, path
 
 from passbook.admin.views import (applications, audit, factors, groups,
-                                  invitations, overview, policy, providers,
+                                  invitations, overview, policy,
-                                  sources, users)
+                                  property_mapping, providers, sources, users)
 
 urlpatterns = [
     path('', overview.AdministrationOverviewView.as_view(), name='overview'),
@@ -43,6 +43,15 @@ urlpatterns = [
          factors.FactorUpdateView.as_view(), name='factor-update'),
     path('factors/<uuid:pk>/delete/',
          factors.FactorDeleteView.as_view(), name='factor-delete'),
+    # Factors
+    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
+         name='property-mappings'),
+    path('property-mappings/create/',
+         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
+    path('property-mappings/<uuid:pk>/update/',
+         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
+    path('property-mappings/<uuid:pk>/delete/',
+         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
     # Invitations
     path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
     path('invitations/create/',

passbook/admin/views/property_mapping.py

@@ -0,0 +1,90 @@
+"""passbook PropertyMapping administration"""
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.http import Http404
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView
+
+from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.models import PropertyMapping
+from passbook.lib.utils.reflection import path_to_class
+
+
+def all_subclasses(cls):
+    """Recursively return all subclassess of cls"""
+    return set(cls.__subclasses__()).union(
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+
+
+class PropertyMappingListView(AdminRequiredMixin, ListView):
+    """Show list of all property_mappings"""
+
+    model = PropertyMapping
+    template_name = 'administration/property_mapping/list.html'
+    ordering = 'name'
+
+    def get_context_data(self, **kwargs):
+        kwargs['types'] = {
+            x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().select_subclasses()
+
+
+class PropertyMappingCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new PropertyMapping"""
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully created Property Mapping')
+
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
+        property_mapping_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(PropertyMapping)
+                     if x.__name__ == property_mapping_type)
+        kwargs['type'] = model._meta.verbose_name
+        return kwargs
+
+    def get_form_class(self):
+        property_mapping_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(PropertyMapping)
+                     if x.__name__ == property_mapping_type)
+        if not model:
+            raise Http404
+        return path_to_class(model.form)
+
+
+class PropertyMappingUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update property_mapping"""
+
+    model = PropertyMapping
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully updated Property Mapping')
+
+    def get_form_class(self):
+        form_class_path = self.get_object().form
+        form_class = path_to_class(form_class_path)
+        return form_class
+
+    def get_object(self, queryset=None):
+        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+
+class PropertyMappingDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete property_mapping"""
+
+    model = PropertyMapping
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully deleted Property Mapping')
+
+    def get_object(self, queryset=None):
+        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)

passbook/api/__init__.py

@@ -1,2 +1,2 @@
 """passbook api"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/audit/__init__.py

@@ -1,2 +1,2 @@
 """passbook audit Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/captcha_factor/__init__.py

@@ -1,2 +1,2 @@
 """passbook captcha_factor Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/core/__init__.py

@@ -1,2 +1,2 @@
 """passbook core"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/core/auth/factors/password.py

@@ -37,7 +37,7 @@ class PasswordFactor(FormView, AuthenticationFactor):
             send_email.delay(self.pending_user.email, _('Forgotten password'),
                              'email/account_password_reset.html', {
                                  'url': self.request.build_absolute_uri(
-                                     reverse('passbook_core:passbook_core:auth-password-reset',
+                                     reverse('passbook_core:auth-password-reset',
                                              kwargs={
                                                  'nonce': nonce.uuid
                                              })

passbook/core/forms/factors.py

@@ -2,6 +2,7 @@
 from django import forms
 
 from passbook.core.models import DummyFactor, PasswordFactor
+from passbook.lib.fields import DynamicArrayField
 
 GENERAL_FIELDS = ['name', 'slug', 'order', 'policies', 'enabled']
 
@@ -16,6 +17,9 @@ class PasswordFactorForm(forms.ModelForm):
             'name': forms.TextInput(),
             'order': forms.NumberInput(),
         }
+        field_classes = {
+            'backends': DynamicArrayField
+        }
 
 class DummyFactorForm(forms.ModelForm):
     """Form to create/edit Dummy Factor"""

passbook/core/migrations/0017_propertymapping.py

@@ -0,0 +1,26 @@
+# Generated by Django 2.1.7 on 2019-03-08 10:40
+
+import uuid
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0016_auto_20190227_1355'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PropertyMapping',
+            fields=[
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('name', models.TextField()),
+            ],
+            options={
+                'verbose_name': 'Property Mapping',
+                'verbose_name_plural': 'Property Mappings',
+            },
+        ),
+    ]

passbook/core/migrations/0018_provider_property_mappings.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.1.7 on 2019-03-08 10:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0017_propertymapping'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='provider',
+            name='property_mappings',
+            field=models.ManyToManyField(blank=True, default=None, to='passbook_core.PropertyMapping'),
+        ),
+    ]

passbook/core/models.py

@@ -60,6 +60,8 @@ class User(AbstractUser):
 class Provider(models.Model):
     """Application-independent Provider instance. For example SAML2 Remote, OAuth2 Application"""
 
+    property_mappings = models.ManyToManyField('PropertyMapping', default=None, blank=True)
+
     objects = InheritanceManager()
 
     # This class defines no field for easier inheritance
@@ -412,7 +414,7 @@ class Invitation(UUIDModel):
         verbose_name_plural = _('Invitations')
 
 class Nonce(UUIDModel):
-    """One-time link for password resets/signup-confirmations"""
+    """One-time link for password resets/sign-up-confirmations"""
 
     expires = models.DateTimeField(default=default_nonce_duration)
     user = models.ForeignKey('User', on_delete=models.CASCADE)
@@ -424,3 +426,19 @@ class Nonce(UUIDModel):
 
         verbose_name = _('Nonce')
         verbose_name_plural = _('Nonces')
+
+class PropertyMapping(UUIDModel):
+    """User-defined key -> x mapping which can be used by providers to expose extra data."""
+
+    name = models.TextField()
+
+    form = ''
+    objects = InheritanceManager()
+
+    def __str__(self):
+        return "Property Mapping %s" % self.name
+
+    class Meta:
+
+        verbose_name = _('Property Mapping')
+        verbose_name_plural = _('Property Mappings')

passbook/core/requirements.txt

@@ -7,7 +7,7 @@ raven
 markdown
 colorlog
 celery
-redis<3.0
+redis
 psycopg2
 idna<2.8,>=2.5
 cherrypy

passbook/core/static/css/passbook.css

@@ -0,0 +1,23 @@
+.dynamic-array-widget .array-item {
+  display: flex;
+  align-items: center;
+  margin-bottom: 15px;
+}
+
+.dynamic-array-widget .remove_sign {
+  width: 10px;
+  height: 2px;
+  background: #a41515;
+  border-radius: 1px;
+}
+
+.dynamic-array-widget .remove {
+  height: 15px;
+  display: flex;
+  align-items: center;
+  margin-left: 5px;
+}
+
+.dynamic-array-widget .remove:hover {
+  cursor: pointer;
+}

passbook/core/static/js/passbook.js

@@ -16,3 +16,33 @@ const typeHandler = function (e) {
 
 $source.on('input', typeHandler) // register for oninput
 $source.on('propertychange', typeHandler) // for IE8
+
+window.addEventListener('load', function () {
+
+    function addRemoveEventListener(widgetElement) {
+        widgetElement.querySelectorAll('.array-remove').forEach(function (element) {
+            element.addEventListener('click', function () {
+                this.parentNode.parentNode.remove();
+            });
+        });
+    }
+
+    document.querySelectorAll('.dynamic-array-widget').forEach(function (widgetElement) {
+
+        addRemoveEventListener(widgetElement);
+
+        widgetElement.querySelector('.add-array-item').addEventListener('click', function () {
+            var first = widgetElement.querySelector('.array-item');
+            var newElement = first.cloneNode(true);
+            var id_parts = newElement.querySelector('input').getAttribute('id').split('_');
+            var id = id_parts.slice(0, -1).join('_') + '_' + String(parseInt(id_parts.slice(-1)[0]) + 1);
+            newElement.querySelector('input').setAttribute('id', id);
+            newElement.querySelector('input').value = '';
+
+            addRemoveEventListener(newElement);
+            first.parentElement.insertBefore(newElement, first.parentNode.lastChild);
+        });
+
+    });
+
+});

passbook/core/templates/base/skeleton.html

@@ -16,6 +16,7 @@
     <link rel="shortcut icon" type="image/png" href="{% static 'img/logo.png' %}">
     <link rel="stylesheet" type="text/css" href="{% static 'css/patternfly.min.css' %}">
     <link rel="stylesheet" type="text/css" href="{% static 'css/patternfly-additions.min.css' %}">
+    <link rel="stylesheet" type="text/css" href="{% static 'css/passbook.css' %}">
     <style>
         .login-pf {
             background-attachment: fixed;

passbook/core/templates/generic/delete.html

@@ -6,13 +6,13 @@
 {% block content %}
 <div class="container">
     {% block above_form %}
-    <h1>{% blocktrans with object_type=object|fieldtype|title %}Delete {{ object_type }}{% endblocktrans %}</h1>
+    <h1>{% blocktrans with object_type=object|verbose_name %}Delete {{ object_type }}{% endblocktrans %}</h1>
     {% endblock %}
     <div class="">
         <form method="post" class="form-horizontal">
             {% csrf_token %}
             <p>
-                {% blocktrans with object_type=object|fieldtype|title name=object %}
+                {% blocktrans with object_type=object|verbose_name name=object %}
                 Are you sure you want to delete {{ object_type }} "{{ object }}"?
                 {% endblocktrans %}
             </p>

passbook/hibp_policy/__init__.py

@@ -1,2 +1,2 @@
 """passbook hibp_policy"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/ldap/__init__.py

@@ -1,2 +1,2 @@
 """Passbook ldap app Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/lib/__init__.py

@@ -1,2 +1,2 @@
 """passbook lib"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/lib/fields.py

@@ -0,0 +1,44 @@
+"""passbook lib fields"""
+from itertools import chain
+
+from django import forms
+from django.contrib.postgres.utils import prefix_validation_error
+
+from passbook.lib.widgets import DynamicArrayWidget
+
+
+class DynamicArrayField(forms.Field):
+    """Show array field as a dynamic amount of textboxes"""
+
+    default_error_messages = {"item_invalid": "Item %(nth)s in the array did not validate: "}
+
+    def __init__(self, base_field, **kwargs):
+        self.base_field = base_field
+        self.max_length = kwargs.pop("max_length", None)
+        kwargs.setdefault("widget", DynamicArrayWidget)
+        super().__init__(**kwargs)
+
+    def clean(self, value):
+        cleaned_data = []
+        errors = []
+        value = [x for x in value if x]
+        for index, item in enumerate(value):
+            try:
+                cleaned_data.append(self.base_field.clean(item))
+            except forms.ValidationError as error:
+                errors.append(
+                    prefix_validation_error(
+                        error, self.error_messages["item_invalid"],
+                        code="item_invalid", params={"nth": index}
+                    )
+                )
+        if errors:
+            raise forms.ValidationError(list(chain.from_iterable(errors)))
+        if not cleaned_data and self.required:
+            raise forms.ValidationError(self.error_messages["required"])
+        return cleaned_data
+
+    def has_changed(self, initial, data):
+        if not data and not initial:
+            return False
+        return super().has_changed(initial, data)

passbook/lib/templates/lib/arrayfield.html

@@ -0,0 +1,17 @@
+{% load utils %}
+
+{% spaceless %}
+<div class="dynamic-array-widget">
+    {% for widget in widget.subwidgets %}
+    <div class="array-item input-group">
+        {% include widget.template_name %}
+        <div class="input-group-btn">
+            <button class="array-remove btn btn-danger" type="button">
+                <span class="pficon-delete"></span>
+            </button>
+        </div>
+    </div>
+    {% endfor %}
+    <div><button type="button" class="add-array-item btn btn-default">Add another</button></div>
+</div>
+{% endspaceless %}

passbook/lib/widgets.py

@@ -0,0 +1,36 @@
+"""Dynamic array widget"""
+from django import forms
+
+
+class DynamicArrayWidget(forms.TextInput):
+    """Dynamic array widget"""
+
+    template_name = "lib/arrayfield.html"
+
+    def get_context(self, name, value, attrs):
+        value = value or [""]
+        context = super().get_context(name, value, attrs)
+        final_attrs = context["widget"]["attrs"]
+        id_ = context["widget"]["attrs"].get("id")
+
+        subwidgets = []
+        for index, item in enumerate(context["widget"]["value"]):
+            widget_attrs = final_attrs.copy()
+            if id_:
+                widget_attrs["id"] = "{id_}_{index}".format(id_=id_, index=index)
+            widget = forms.TextInput()
+            widget.is_required = self.is_required
+            subwidgets.append(widget.get_context(name, item, widget_attrs)["widget"])
+
+        context["widget"]["subwidgets"] = subwidgets
+        return context
+
+    def value_from_datadict(self, data, files, name):
+        try:
+            getter = data.getlist
+            return [value for value in getter(name) if value]
+        except AttributeError:
+            return data.get(name)
+
+    def format_value(self, value):
+        return value or []

passbook/oauth_client/__init__.py

@@ -1,2 +1,2 @@
 """passbook oauth_client Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/oauth_provider/__init__.py

@@ -1,2 +1,2 @@
 """passbook oauth_provider Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/otp/__init__.py

@@ -1,2 +1,2 @@
 """passbook otp Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/password_expiry_policy/__init__.py

@@ -1,2 +1,2 @@
 """passbook password_expiry"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/saml_idp/__init__.py

@@ -1,2 +1,2 @@
 """passbook saml_idp Header"""
-__version__ = '0.1.2-beta'
+__version__ = '0.1.5-beta'

passbook/saml_idp/base.py

@@ -6,7 +6,6 @@ from logging import getLogger
 
 from bs4 import BeautifulSoup
 
-from passbook.lib.config import CONFIG
 from passbook.saml_idp import exceptions, utils, xml_render
 
 MINUTES = 60
@@ -52,9 +51,7 @@ class Processor:
     _session_index = None
     _subject = None
     _subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
-    _system_params = {
+    _system_params = {}
-        'ISSUER': CONFIG.y('saml_idp.issuer'),
-    }
 
     @property
     def dotted_path(self):
@@ -67,7 +64,7 @@ class Processor:
         self.name = remote.name
         self._remote = remote
         self._logger = getLogger(__name__)
-
+        self._system_params['ISSUER'] = self._remote.issuer
         self._logger.info('processor configured')
 
     def _build_assertion(self):
@@ -170,6 +167,20 @@ class Processor:
                 'Value': self._django_request.user.username,
             },
         ]
+        from passbook.saml_idp.models import SAMLPropertyMapping
+        for mapping in self._remote.property_mappings.all().select_subclasses():
+            if isinstance(mapping, SAMLPropertyMapping):
+                mapping_payload = {
+                    'Name': mapping.saml_name,
+                    'ValueArray': [],
+                    'FriendlyName': mapping.friendly_name
+                }
+                for value in mapping.values:
+                    mapping_payload['ValueArray'].append(value.format(
+                        user=self._django_request.user,
+                        request=self._django_request
+                    ))
+                self._assertion_params['ATTRIBUTES'].append(mapping_payload)
         self._assertion_xml = xml_render.get_assertion_xml(
             'saml/xml/assertions/generic.xml', self._assertion_params, signed=True)
 
@@ -227,7 +238,7 @@ class Processor:
         self._subject = sp_config
         self._subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
         self._system_params = {
-            'ISSUER': CONFIG.y('saml_idp.issuer'),
+            'ISSUER': self._remote.issuer
         }
 
     def _validate_request(self):

passbook/saml_idp/forms.py

@@ -2,7 +2,9 @@
 
 from django import forms
 
-from passbook.saml_idp.models import SAMLProvider, get_provider_choices
+from passbook.lib.fields import DynamicArrayField
+from passbook.saml_idp.models import (SAMLPropertyMapping, SAMLProvider,
+                                      get_provider_choices)
 from passbook.saml_idp.utils import CertificateBuilder
 
 
@@ -21,7 +23,7 @@ class SAMLProviderForm(forms.ModelForm):
     class Meta:
 
         model = SAMLProvider
-        fields = ['name', 'acs_url', 'processor_path', 'issuer',
+        fields = ['name', 'property_mappings', 'acs_url', 'processor_path', 'issuer',
                   'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ]
         labels = {
             'acs_url': 'ACS URL',
@@ -31,3 +33,20 @@ class SAMLProviderForm(forms.ModelForm):
             'name': forms.TextInput(),
             'issuer': forms.TextInput(),
         }
+
+
+class SAMLPropertyMappingForm(forms.ModelForm):
+    """SAML Property Mapping form"""
+
+    class Meta:
+
+        model = SAMLPropertyMapping
+        fields = ['name', 'saml_name', 'friendly_name', 'values']
+        widgets = {
+            'name': forms.TextInput(),
+            'saml_name': forms.TextInput(),
+            'friendly_name': forms.TextInput(),
+        }
+        field_classes = {
+            'values': DynamicArrayField
+        }

passbook/saml_idp/migrations/0002_samlpropertymapping.py

@@ -0,0 +1,30 @@
+# Generated by Django 2.1.7 on 2019-03-08 10:40
+
+import django.contrib.postgres.fields
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0017_propertymapping'),
+        ('passbook_saml_idp', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='SAMLPropertyMapping',
+            fields=[
+                ('propertymapping_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PropertyMapping')),
+                ('saml_name', models.TextField()),
+                ('friendly_name', models.TextField(blank=True, default=None, null=True)),
+                ('values', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
+            ],
+            options={
+                'verbose_name': 'SAML Property Mapping',
+                'verbose_name_plural': 'SAML Property Mappings',
+            },
+            bases=('passbook_core.propertymapping',),
+        ),
+    ]

passbook/saml_idp/models.py

@@ -1,10 +1,11 @@
 """passbook saml_idp Models"""
 
+from django.contrib.postgres.fields import ArrayField
 from django.db import models
 from django.shortcuts import reverse
 from django.utils.translation import gettext as _
 
-from passbook.core.models import Provider
+from passbook.core.models import PropertyMapping, Provider
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 from passbook.saml_idp.base import Processor
 
@@ -53,6 +54,23 @@ class SAMLProvider(Provider):
         verbose_name_plural = _('SAML Providers')
 
 
+class SAMLPropertyMapping(PropertyMapping):
+    """SAML Property mapping, allowing Name/FriendlyName mapping to a list of strings"""
+
+    saml_name = models.TextField()
+    friendly_name = models.TextField(default=None, blank=True, null=True)
+    values = ArrayField(models.TextField())
+
+    form = 'passbook.saml_idp.forms.SAMLPropertyMappingForm'
+
+    def __str__(self):
+        return "SAML Property Mapping %s" % self.saml_name
+
+    class Meta:
+
+        verbose_name = _('SAML Property Mapping')
+        verbose_name_plural = _('SAML Property Mappings')
+
 def get_provider_choices():
     """Return tuple of class_path, class name of all providers."""
     return [(class_to_path(x), x.__name__) for x in Processor.__subclasses__()]

passbook/saml_idp/processors/aws.py

@@ -11,16 +11,12 @@ class AWSProcessor(Processor):
 
     def _format_assertion(self):
         """Formats _assertion_params as _assertion_xml."""
-        self._assertion_params['ATTRIBUTES'] = [
+        super()._format_assertion()
+        self._assertion_params['ATTRIBUTES'].append(
             {
                 'Name': 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
                 'Value': self._django_request.user.username,
-            },
-            {
-                'Name': 'https://aws.amazon.com/SAML/Attributes/Role',
-                # 'Value': 'arn:aws:iam::471432361072:saml-provider/passbook_dev,
-                # arn:aws:iam::471432361072:role/saml_role'
             }
-        ]
+        )
         self._assertion_xml = xml_render.get_assertion_xml(
             'saml/xml/assertions/generic.xml', self._assertion_params, signed=True)

passbook/saml_idp/templates/saml/idp/login.html

@@ -11,38 +11,24 @@
 <header class="login-pf-header">
     <h1>{% trans 'Authorize Application' %}</h1>
 </header>
-<form method="POST" action="{{ acs_url }}">>
+<form method="POST" action="{{ acs_url }}">
     {% csrf_token %}
     <input type="hidden" name="ACSUrl" value="{{ acs_url }}">
     <input type="hidden" name="RelayState" value="{{ relay_state }}" />
     <input type="hidden" name="SAMLResponse" value="{{ saml_response }}" />
-  <label class="title">
-    <clr-icon shape="passbook" class="is-info" size="48"></clr-icon>
-    {% config 'passbook.branding' %}
-  </label>
-  <label class="subtitle">
-    {% trans 'SSO - Authorize External Source' %}
-  </label>
     <div class="login-group">
-    <p class="subtitle">
+        <h3>
             {% blocktrans with remote=remote.name %}
             You're about to sign into {{ remote }}
             {% endblocktrans %}
-    </p>
+        </h3>
         <p>
             {% blocktrans with user=user %}
-        You are logged in as {{ user }}. Not you?
+            You are logged in as {{ user }}.
             {% endblocktrans %}
-      <a href="{% url 'passbook_core:auth-logout' %}">{% trans 'Logout' %}</a>
+            <a href="{% url 'passbook_core:auth-logout' %}">{% trans 'Not you?' %}</a>
         </p>
-    <div class="row">
+        <input class="btn btn-primary btn-block btn-lg" type="submit" value="{% trans 'Continue' %}" />
-      <div class="col-md-6">
-        <input class="btn btn-success btn-block" type="submit" value="{% trans "Continue" %}" />
-      </div>
-      <div class="col-md-6">
-        <a href="{% url 'passbook_core:overview' %}" class="btn btn-outline btn-block">{% trans "Cancel" %}</a>
-      </div>
-    </div>
     </div>
 </form>
 {% endblock %}

passbook/saml_idp/templates/saml/xml/attributes.xml

@@ -1,7 +1,14 @@
 <saml:AttributeStatement>
     {% for attr in attributes %}
         <saml:Attribute {% if attr.FriendlyName %}FriendlyName="{{ attr.FriendlyName }}" {% endif %}Name="{{ attr.Name }}">
+            {% if attr.Value %}
             <saml:AttributeValue>{{ attr.Value }}</saml:AttributeValue>
+            {% endif %}
+            {% if attr.ValueArray %}
+                {% for value in attr.ValueArray %}
+                <saml:AttributeValue>{{ value }}</saml:AttributeValue>
+                {% endfor %}
+            {% endif %}
         </saml:Attribute>
     {% endfor %}
 </saml:AttributeStatement>