Compare commits
13 Commits
version/0.
...
version/0.
| Author | SHA1 | Date | |
|---|---|---|---|
| 2645bd0132 | |||
| 2c4fc56b49 | |||
| 0ec1468058 | |||
| 5d1a3043b2 | |||
| b46958d1f9 | |||
| 5daa8d5fe3 | |||
| 31846f1d05 | |||
| 1fac964b8b | |||
| dfa6ed8ac2 | |||
| 66fe10299e | |||
| e0a3ec033f | |||
| 7033ec0ab9 | |||
| 4004579905 |
@ -1,5 +1,5 @@
|
|||||||
[bumpversion]
|
[bumpversion]
|
||||||
current_version = 0.1.36-beta
|
current_version = 0.1.38-beta
|
||||||
tag = True
|
tag = True
|
||||||
commit = True
|
commit = True
|
||||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
||||||
|
|||||||
@ -6,7 +6,6 @@ omit =
|
|||||||
manage.py
|
manage.py
|
||||||
*/migrations/*
|
*/migrations/*
|
||||||
*/apps.py
|
*/apps.py
|
||||||
passbook/management/commands/nexus_upload.py
|
|
||||||
passbook/management/commands/web.py
|
passbook/management/commands/web.py
|
||||||
passbook/management/commands/worker.py
|
passbook/management/commands/worker.py
|
||||||
docs/
|
docs/
|
||||||
|
|||||||
@ -22,7 +22,7 @@ create-build-image:
|
|||||||
before_script:
|
before_script:
|
||||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
script:
|
script:
|
||||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.beryju.org/passbook/build-base:latest --destination docker.beryju.org/passbook/build-base:0.1.36-beta
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.beryju.org/passbook/build-base:latest --destination docker.beryju.org/passbook/build-base:0.1.38-beta
|
||||||
stage: build-buildimage
|
stage: build-buildimage
|
||||||
only:
|
only:
|
||||||
refs:
|
refs:
|
||||||
@ -63,7 +63,7 @@ package-docker:
|
|||||||
before_script:
|
before_script:
|
||||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
script:
|
script:
|
||||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.1.36-beta
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.1.38-beta
|
||||||
stage: build
|
stage: build
|
||||||
only:
|
only:
|
||||||
- tags
|
- tags
|
||||||
|
|||||||
@ -3,7 +3,7 @@ from setuptools import setup
|
|||||||
|
|
||||||
setup(
|
setup(
|
||||||
name='django-allauth-passbook',
|
name='django-allauth-passbook',
|
||||||
version='0.1.36-beta',
|
version='0.1.38-beta',
|
||||||
description='passbook support for django-allauth',
|
description='passbook support for django-allauth',
|
||||||
# long_description='\n'.join(read_simple('docs/index.md')[2:]),
|
# long_description='\n'.join(read_simple('docs/index.md')[2:]),
|
||||||
long_description_content_type='text/markdown',
|
long_description_content_type='text/markdown',
|
||||||
|
|||||||
@ -18,7 +18,7 @@ tests_require = [
|
|||||||
|
|
||||||
setup(
|
setup(
|
||||||
name='sentry-auth-passbook',
|
name='sentry-auth-passbook',
|
||||||
version='0.1.36-beta',
|
version='0.1.38-beta',
|
||||||
author='BeryJu.org',
|
author='BeryJu.org',
|
||||||
author_email='support@beryju.org',
|
author_email='support@beryju.org',
|
||||||
url='https://passbook.beryju.org',
|
url='https://passbook.beryju.org',
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
appVersion: "0.1.36-beta"
|
appVersion: "0.1.38-beta"
|
||||||
description: A Helm chart for passbook.
|
description: A Helm chart for passbook.
|
||||||
name: passbook
|
name: passbook
|
||||||
version: "0.1.36-beta"
|
version: "0.1.38-beta"
|
||||||
icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
|
icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
image:
|
image:
|
||||||
tag: 0.1.36-beta
|
tag: 0.1.38-beta
|
||||||
|
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
|
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook"""
|
"""passbook"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook admin"""
|
"""passbook admin"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -36,7 +36,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td>{{ source.name }}</td>
|
<td>{{ source.name }}</td>
|
||||||
<td>{{ source|fieldtype }}</td>
|
<td>{{ source|fieldtype }}</td>
|
||||||
<td>{{ source.additional_info }}</td>
|
<td>{{ source.additional_info|safe }}</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
|||||||
@ -35,5 +35,4 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
|||||||
kwargs['providers_without_application'] = Provider.objects.filter(application=None)
|
kwargs['providers_without_application'] = Provider.objects.filter(application=None)
|
||||||
kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
|
kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
|
||||||
kwargs['cached_policies'] = len(cache.keys('policy_*'))
|
kwargs['cached_policies'] = len(cache.keys('policy_*'))
|
||||||
print(cache.keys('*'))
|
|
||||||
return super().get_context_data(**kwargs)
|
return super().get_context_data(**kwargs)
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook api"""
|
"""passbook api"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook Application Security Gateway Header"""
|
"""passbook Application Security Gateway Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -190,8 +190,6 @@ def cookie_from_string(cookie_string, strict_cookies=False):
|
|||||||
cookie_dict['key'], cookie_dict['value'] = \
|
cookie_dict['key'], cookie_dict['value'] = \
|
||||||
cookie_parts[0].split('=', 1)
|
cookie_parts[0].split('=', 1)
|
||||||
cookie_dict['value'] = cookie_dict['value'].replace('"', '')
|
cookie_dict['value'] = cookie_dict['value'].replace('"', '')
|
||||||
# print('aaaaaaaaaaaaaaaaaaaaaaaaaaaa')
|
|
||||||
# print(cookie_parts[0].split('=', 1))
|
|
||||||
except ValueError:
|
except ValueError:
|
||||||
logger.warning('Invalid cookie: `%s`', cookie_string)
|
logger.warning('Invalid cookie: `%s`', cookie_string)
|
||||||
return None
|
return None
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook audit Header"""
|
"""passbook audit Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook captcha_factor Header"""
|
"""passbook captcha_factor Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook core"""
|
"""passbook core"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -29,6 +29,7 @@ class AuthenticationView(UserPassesTestMixin, View):
|
|||||||
SESSION_PENDING_FACTORS = 'passbook_pending_factors'
|
SESSION_PENDING_FACTORS = 'passbook_pending_factors'
|
||||||
SESSION_PENDING_USER = 'passbook_pending_user'
|
SESSION_PENDING_USER = 'passbook_pending_user'
|
||||||
SESSION_USER_BACKEND = 'passbook_user_backend'
|
SESSION_USER_BACKEND = 'passbook_user_backend'
|
||||||
|
SESSION_IS_SSO_LOGIN = 'passbook_sso_login'
|
||||||
|
|
||||||
pending_user = None
|
pending_user = None
|
||||||
pending_factors = []
|
pending_factors = []
|
||||||
@ -79,6 +80,10 @@ class AuthenticationView(UserPassesTestMixin, View):
|
|||||||
if AuthenticationView.SESSION_FACTOR not in request.session:
|
if AuthenticationView.SESSION_FACTOR not in request.session:
|
||||||
# Case when no factors apply to user, return error denied
|
# Case when no factors apply to user, return error denied
|
||||||
if not self.pending_factors:
|
if not self.pending_factors:
|
||||||
|
# Case when user logged in from SSO provider and no more factors apply
|
||||||
|
if AuthenticationView.SESSION_IS_SSO_LOGIN in request.session:
|
||||||
|
LOGGER.debug("User authenticated with SSO, logging in...")
|
||||||
|
return self._user_passed()
|
||||||
return self.user_invalid()
|
return self.user_invalid()
|
||||||
factor_uuid, factor_class = self.pending_factors[0]
|
factor_uuid, factor_class = self.pending_factors[0]
|
||||||
else:
|
else:
|
||||||
|
|||||||
@ -27,7 +27,8 @@ class PasswordFactorForm(forms.ModelForm):
|
|||||||
'order': forms.NumberInput(),
|
'order': forms.NumberInput(),
|
||||||
'policies': FilteredSelectMultiple(_('policies'), False),
|
'policies': FilteredSelectMultiple(_('policies'), False),
|
||||||
'backends': FilteredSelectMultiple(_('backends'), False,
|
'backends': FilteredSelectMultiple(_('backends'), False,
|
||||||
choices=get_authentication_backends())
|
choices=get_authentication_backends()),
|
||||||
|
'password_policies': FilteredSelectMultiple(_('password policies'), False),
|
||||||
}
|
}
|
||||||
|
|
||||||
class DummyFactorForm(forms.ModelForm):
|
class DummyFactorForm(forms.ModelForm):
|
||||||
|
|||||||
@ -5,7 +5,7 @@ from django.utils.translation import gettext as _
|
|||||||
|
|
||||||
from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
|
from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
|
||||||
GroupMembershipPolicy, PasswordPolicy,
|
GroupMembershipPolicy, PasswordPolicy,
|
||||||
WebhookPolicy)
|
SSOLoginPolicy, WebhookPolicy)
|
||||||
|
|
||||||
GENERAL_FIELDS = ['name', 'action', 'negate', 'order', 'timeout']
|
GENERAL_FIELDS = ['name', 'action', 'negate', 'order', 'timeout']
|
||||||
|
|
||||||
@ -63,6 +63,19 @@ class GroupMembershipPolicyForm(forms.ModelForm):
|
|||||||
fields = GENERAL_FIELDS + ['group', ]
|
fields = GENERAL_FIELDS + ['group', ]
|
||||||
widgets = {
|
widgets = {
|
||||||
'name': forms.TextInput(),
|
'name': forms.TextInput(),
|
||||||
|
'order': forms.NumberInput(),
|
||||||
|
}
|
||||||
|
|
||||||
|
class SSOLoginPolicyForm(forms.ModelForm):
|
||||||
|
"""Edit SSOLoginPolicy instances"""
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
model = SSOLoginPolicy
|
||||||
|
fields = GENERAL_FIELDS
|
||||||
|
widgets = {
|
||||||
|
'name': forms.TextInput(),
|
||||||
|
'order': forms.NumberInput(),
|
||||||
}
|
}
|
||||||
|
|
||||||
class PasswordPolicyForm(forms.ModelForm):
|
class PasswordPolicyForm(forms.ModelForm):
|
||||||
|
|||||||
@ -1,63 +0,0 @@
|
|||||||
"""passbook nexus_upload management command"""
|
|
||||||
from base64 import b64decode
|
|
||||||
|
|
||||||
import requests
|
|
||||||
from django.core.management.base import BaseCommand
|
|
||||||
|
|
||||||
|
|
||||||
class Command(BaseCommand):
|
|
||||||
"""Upload debian package to nexus repository"""
|
|
||||||
|
|
||||||
url = None
|
|
||||||
user = None
|
|
||||||
password = None
|
|
||||||
|
|
||||||
def add_arguments(self, parser):
|
|
||||||
parser.add_argument(
|
|
||||||
'--repo',
|
|
||||||
action='store',
|
|
||||||
help='Repository to upload to',
|
|
||||||
required=True)
|
|
||||||
parser.add_argument(
|
|
||||||
'--url',
|
|
||||||
action='store',
|
|
||||||
help='Nexus root URL',
|
|
||||||
required=True)
|
|
||||||
parser.add_argument(
|
|
||||||
'--auth',
|
|
||||||
action='store',
|
|
||||||
help='base64-encoded string of username:password',
|
|
||||||
required=True)
|
|
||||||
parser.add_argument(
|
|
||||||
'--method',
|
|
||||||
action='store',
|
|
||||||
nargs='?',
|
|
||||||
const='post',
|
|
||||||
choices=['post', 'put'],
|
|
||||||
help=('Method used for uploading files to nexus. '
|
|
||||||
'Apt repositories use post, Helm uses put.'),
|
|
||||||
required=True)
|
|
||||||
# Positional arguments
|
|
||||||
parser.add_argument('file', nargs='+', type=str)
|
|
||||||
|
|
||||||
def handle(self, *args, **options):
|
|
||||||
"""Upload debian package to nexus repository"""
|
|
||||||
auth = tuple(b64decode(options.get('auth')).decode('utf-8').split(':', 1))
|
|
||||||
responses = {}
|
|
||||||
url = 'https://%(url)s/repository/%(repo)s/' % options
|
|
||||||
method = options.get('method')
|
|
||||||
exit_code = 0
|
|
||||||
for file in options.get('file'):
|
|
||||||
if method == 'post':
|
|
||||||
responses[file] = requests.post(url, data=open(file, mode='rb'), auth=auth)
|
|
||||||
else:
|
|
||||||
responses[file] = requests.put(url+file, data=open(file, mode='rb'), auth=auth)
|
|
||||||
self.stdout.write('Upload results:\n')
|
|
||||||
sep = '-' * 60
|
|
||||||
self.stdout.write('%s\n' % sep)
|
|
||||||
for path, response in responses.items():
|
|
||||||
self.stdout.write('%-55s: %d\n' % (path, response.status_code))
|
|
||||||
if response.status_code >= 400:
|
|
||||||
exit_code = 1
|
|
||||||
self.stdout.write('%s\n' % sep)
|
|
||||||
exit(exit_code)
|
|
||||||
@ -25,5 +25,6 @@ class Command(BaseCommand):
|
|||||||
'-p', str(CONFIG.y('web.port', 8000)),
|
'-p', str(CONFIG.y('web.port', 8000)),
|
||||||
'-b', CONFIG.y('web.listen', '0.0.0.0'), # nosec
|
'-b', CONFIG.y('web.listen', '0.0.0.0'), # nosec
|
||||||
'--access-log', '/dev/null',
|
'--access-log', '/dev/null',
|
||||||
|
'--application-close-timeout', '500',
|
||||||
'passbook.core.asgi:application'
|
'passbook.core.asgi:application'
|
||||||
])
|
])
|
||||||
|
|||||||
25
passbook/core/migrations/0024_ssologinpolicy.py
Normal file
25
passbook/core/migrations/0024_ssologinpolicy.py
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Generated by Django 2.2 on 2019-04-29 21:14
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_core', '0023_remove_user_applications'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='SSOLoginPolicy',
|
||||||
|
fields=[
|
||||||
|
('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'verbose_name': 'SSO Login Policy',
|
||||||
|
'verbose_name_plural': 'SSO Login Policies',
|
||||||
|
},
|
||||||
|
bases=('passbook_core.policy',),
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -165,9 +165,10 @@ class Source(PolicyModel):
|
|||||||
|
|
||||||
name = models.TextField()
|
name = models.TextField()
|
||||||
slug = models.SlugField()
|
slug = models.SlugField()
|
||||||
form = '' # ModelForm-based class ued to create/edit instance
|
|
||||||
enabled = models.BooleanField(default=True)
|
enabled = models.BooleanField(default=True)
|
||||||
|
|
||||||
|
form = '' # ModelForm-based class ued to create/edit instance
|
||||||
|
|
||||||
objects = InheritanceManager()
|
objects = InheritanceManager()
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@ -409,6 +410,21 @@ class GroupMembershipPolicy(Policy):
|
|||||||
verbose_name = _('Group Membership Policy')
|
verbose_name = _('Group Membership Policy')
|
||||||
verbose_name_plural = _('Group Membership Policies')
|
verbose_name_plural = _('Group Membership Policies')
|
||||||
|
|
||||||
|
class SSOLoginPolicy(Policy):
|
||||||
|
"""Policy that applies to users that have authenticated themselves through SSO"""
|
||||||
|
|
||||||
|
form = 'passbook.core.forms.policies.SSOLoginPolicyForm'
|
||||||
|
|
||||||
|
def passes(self, user):
|
||||||
|
"""Check if user instance passes this policy"""
|
||||||
|
from passbook.core.auth.view import AuthenticationView
|
||||||
|
return user.session.get(AuthenticationView.SESSION_IS_SSO_LOGIN, False), ""
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
verbose_name = _('SSO Login Policy')
|
||||||
|
verbose_name_plural = _('SSO Login Policies')
|
||||||
|
|
||||||
class Invitation(UUIDModel):
|
class Invitation(UUIDModel):
|
||||||
"""Single-use invitation link"""
|
"""Single-use invitation link"""
|
||||||
|
|
||||||
|
|||||||
@ -74,6 +74,7 @@ class PolicyEngine:
|
|||||||
cached_policies = []
|
cached_policies = []
|
||||||
kwargs = {
|
kwargs = {
|
||||||
'__password__': getattr(self.__user, '__password__', None),
|
'__password__': getattr(self.__user, '__password__', None),
|
||||||
|
'session': dict(getattr(self.__request, 'session', {}).items()),
|
||||||
}
|
}
|
||||||
if self.__request:
|
if self.__request:
|
||||||
kwargs['remote_ip'], _ = get_client_ip(self.__request)
|
kwargs['remote_ip'], _ = get_client_ip(self.__request)
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook hibp_policy"""
|
"""passbook hibp_policy"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""Passbook ldap app Header"""
|
"""Passbook ldap app Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook lib"""
|
"""passbook lib"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook oauth_client Header"""
|
"""passbook oauth_client Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -29,14 +29,13 @@ class OAuthSource(Source):
|
|||||||
def get_login_button(self):
|
def get_login_button(self):
|
||||||
url = reverse_lazy('passbook_oauth_client:oauth-client-login',
|
url = reverse_lazy('passbook_oauth_client:oauth-client-login',
|
||||||
kwargs={'source_slug': self.slug})
|
kwargs={'source_slug': self.slug})
|
||||||
# if self.provider_type == 'github':
|
|
||||||
# return url, 'github-logo', _('GitHub')
|
|
||||||
return url, self.provider_type, self.name
|
return url, self.provider_type, self.name
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def additional_info(self):
|
def additional_info(self):
|
||||||
return "Callback URL: '%s'" % reverse_lazy('passbook_oauth_client:oauth-client-callback',
|
return "Callback URL: <pre>%s</pre>" % \
|
||||||
kwargs={'source_slug': self.slug})
|
reverse_lazy('passbook_oauth_client:oauth-client-callback',
|
||||||
|
kwargs={'source_slug': self.slug})
|
||||||
|
|
||||||
def has_user_settings(self):
|
def has_user_settings(self):
|
||||||
"""Entrypoint to integrate with User settings. Can either return False if no
|
"""Entrypoint to integrate with User settings. Can either return False if no
|
||||||
|
|||||||
@ -4,7 +4,7 @@ from logging import getLogger
|
|||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.contrib.auth import authenticate, login
|
from django.contrib.auth import authenticate
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.http import Http404
|
from django.http import Http404
|
||||||
from django.shortcuts import get_object_or_404, redirect, render
|
from django.shortcuts import get_object_or_404, redirect, render
|
||||||
@ -12,6 +12,7 @@ from django.urls import reverse
|
|||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
from django.views.generic import RedirectView, View
|
from django.views.generic import RedirectView, View
|
||||||
|
|
||||||
|
from passbook.core.auth.view import AuthenticationView, _redirect_with_qs
|
||||||
from passbook.lib.utils.reflection import app
|
from passbook.lib.utils.reflection import app
|
||||||
from passbook.oauth_client.clients import get_client
|
from passbook.oauth_client.clients import get_client
|
||||||
from passbook.oauth_client.models import OAuthSource, UserOAuthSourceConnection
|
from passbook.oauth_client.models import OAuthSource, UserOAuthSourceConnection
|
||||||
@ -128,11 +129,6 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||||||
"Return url to redirect on login failure."
|
"Return url to redirect on login failure."
|
||||||
return settings.LOGIN_URL
|
return settings.LOGIN_URL
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
|
||||||
def get_login_redirect(self, source, user, access, new=False):
|
|
||||||
"Return url to redirect authenticated users."
|
|
||||||
return 'passbook_core:overview'
|
|
||||||
|
|
||||||
def get_or_create_user(self, source, access, info):
|
def get_or_create_user(self, source, access, info):
|
||||||
"Create a shell auth.User."
|
"Create a shell auth.User."
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
@ -149,14 +145,22 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||||||
except KeyError:
|
except KeyError:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def handle_login(self, user, source, access):
|
||||||
|
"""Prepare AuthenticationView, redirect users to remaining Factors"""
|
||||||
|
user = authenticate(source=access.source,
|
||||||
|
identifier=access.identifier, request=self.request)
|
||||||
|
self.request.session[AuthenticationView.SESSION_PENDING_USER] = user.pk
|
||||||
|
self.request.session[AuthenticationView.SESSION_USER_BACKEND] = user.backend
|
||||||
|
self.request.session[AuthenticationView.SESSION_IS_SSO_LOGIN] = True
|
||||||
|
return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def handle_existing_user(self, source, user, access, info):
|
def handle_existing_user(self, source, user, access, info):
|
||||||
"Login user and redirect."
|
"Login user and redirect."
|
||||||
login(self.request, user)
|
|
||||||
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
||||||
'source': self.source.name
|
'source': self.source.name
|
||||||
}))
|
}))
|
||||||
return redirect(self.get_login_redirect(source, user, access))
|
return self.handle_login(user, source, access)
|
||||||
|
|
||||||
def handle_login_failure(self, source, reason):
|
def handle_login_failure(self, source, reason):
|
||||||
"Message user and redirect on error."
|
"Message user and redirect on error."
|
||||||
@ -176,12 +180,9 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||||||
access.user = user
|
access.user = user
|
||||||
access.save()
|
access.save()
|
||||||
UserOAuthSourceConnection.objects.filter(pk=access.pk).update(user=user)
|
UserOAuthSourceConnection.objects.filter(pk=access.pk).update(user=user)
|
||||||
if not was_authenticated:
|
|
||||||
user = authenticate(source=access.source,
|
|
||||||
identifier=access.identifier, request=self.request)
|
|
||||||
login(self.request, user)
|
|
||||||
if app('passbook_audit'):
|
if app('passbook_audit'):
|
||||||
pass
|
pass
|
||||||
|
# TODO: Create audit entry
|
||||||
# from passbook.audit.models import something
|
# from passbook.audit.models import something
|
||||||
# something.event(user=user,)
|
# something.event(user=user,)
|
||||||
# Event.create(
|
# Event.create(
|
||||||
@ -197,10 +198,13 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||||||
return redirect(reverse('passbook_oauth_client:oauth-client-user', kwargs={
|
return redirect(reverse('passbook_oauth_client:oauth-client-user', kwargs={
|
||||||
'source_slug': self.source.slug
|
'source_slug': self.source.slug
|
||||||
}))
|
}))
|
||||||
|
# User was not authenticated, new user has been created
|
||||||
|
user = authenticate(source=access.source,
|
||||||
|
identifier=access.identifier, request=self.request)
|
||||||
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
||||||
'source': self.source.name
|
'source': self.source.name
|
||||||
}))
|
}))
|
||||||
return redirect(self.get_login_redirect(source, user, access, True))
|
return self.handle_login(user, source, access)
|
||||||
|
|
||||||
|
|
||||||
class DisconnectView(LoginRequiredMixin, View):
|
class DisconnectView(LoginRequiredMixin, View):
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook oauth_provider Header"""
|
"""passbook oauth_provider Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook otp Header"""
|
"""passbook otp Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook password_expiry"""
|
"""passbook password_expiry"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook saml_idp Header"""
|
"""passbook saml_idp Header"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
@ -33,6 +33,8 @@ class Processor:
|
|||||||
"""Base SAML 2.0 AuthnRequest to Response Processor.
|
"""Base SAML 2.0 AuthnRequest to Response Processor.
|
||||||
Sub-classes should provide Service Provider-specific functionality."""
|
Sub-classes should provide Service Provider-specific functionality."""
|
||||||
|
|
||||||
|
is_idp_initiated = False
|
||||||
|
|
||||||
_audience = ''
|
_audience = ''
|
||||||
_assertion_params = None
|
_assertion_params = None
|
||||||
_assertion_xml = None
|
_assertion_xml = None
|
||||||
@ -291,7 +293,10 @@ class Processor:
|
|||||||
def generate_response(self):
|
def generate_response(self):
|
||||||
"""Processes request and returns template variables suitable for a response."""
|
"""Processes request and returns template variables suitable for a response."""
|
||||||
# Build the assertion and response.
|
# Build the assertion and response.
|
||||||
self.can_handle(self._django_request)
|
# Only call can_handle if SP initiated Request, otherwise we have no Request
|
||||||
|
if not self.is_idp_initiated:
|
||||||
|
self.can_handle(self._django_request)
|
||||||
|
|
||||||
self._validate_user()
|
self._validate_user()
|
||||||
self._build_assertion()
|
self._build_assertion()
|
||||||
self._format_assertion()
|
self._format_assertion()
|
||||||
|
|||||||
@ -54,3 +54,6 @@ class SAMLPropertyMappingForm(forms.ModelForm):
|
|||||||
field_classes = {
|
field_classes = {
|
||||||
'values': DynamicArrayField
|
'values': DynamicArrayField
|
||||||
}
|
}
|
||||||
|
help_texts = {
|
||||||
|
'values': 'String substitution uses a syntax like "{variable} test}".'
|
||||||
|
}
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
"""passbook saml_idp Models"""
|
"""passbook saml_idp Models"""
|
||||||
|
from logging import getLogger
|
||||||
|
|
||||||
from django.contrib.postgres.fields import ArrayField
|
from django.contrib.postgres.fields import ArrayField
|
||||||
from django.db import models
|
from django.db import models
|
||||||
@ -9,6 +10,8 @@ from passbook.core.models import PropertyMapping, Provider
|
|||||||
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
||||||
from passbook.saml_idp.base import Processor
|
from passbook.saml_idp.base import Processor
|
||||||
|
|
||||||
|
LOGGER = getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class SAMLProvider(Provider):
|
class SAMLProvider(Provider):
|
||||||
"""Model to save information about a Remote SAML Endpoint"""
|
"""Model to save information about a Remote SAML Endpoint"""
|
||||||
@ -36,7 +39,8 @@ class SAMLProvider(Provider):
|
|||||||
if not self._processor:
|
if not self._processor:
|
||||||
try:
|
try:
|
||||||
self._processor = path_to_class(self.processor_path)(self)
|
self._processor = path_to_class(self.processor_path)(self)
|
||||||
except ModuleNotFoundError:
|
except ModuleNotFoundError as exc:
|
||||||
|
LOGGER.warning(exc)
|
||||||
self._processor = None
|
self._processor = None
|
||||||
return self._processor
|
return self._processor
|
||||||
|
|
||||||
|
|||||||
@ -231,4 +231,5 @@ class InitiateLoginView(AccessRequiredView):
|
|||||||
def get(self, request, application):
|
def get(self, request, application):
|
||||||
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
||||||
self.provider.processor.init_deep_link(request, '')
|
self.provider.processor.init_deep_link(request, '')
|
||||||
|
self.provider.processor.is_idp_initiated = True
|
||||||
return _generate_response(request, self.provider)
|
return _generate_response(request, self.provider)
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook suspicious_policy"""
|
"""passbook suspicious_policy"""
|
||||||
__version__ = '0.1.36-beta'
|
__version__ = '0.1.38-beta'
|
||||||
|
|||||||
Reference in New Issue
Block a user