Commit de37aca9 authored by ale's avatar ale

use sso ticket to provide username

parent 67fc4602
...@@ -4,7 +4,7 @@ import base64 ...@@ -4,7 +4,7 @@ import base64
import time import time
import uuid import uuid
from flask import request, session, current_app from flask import request, session, current_app, g
from BeautifulSoup import BeautifulStoneSoup from BeautifulSoup import BeautifulStoneSoup
from . import codex from . import codex
...@@ -138,14 +138,14 @@ class Processor(object): ...@@ -138,14 +138,14 @@ class Processor(object):
def _determine_session_index(self): def _determine_session_index(self):
# TODO: find a replacement for Flask! # TODO: find a replacement for Flask!
self._session_index = self._django_request.session.session_key #self._session_index = self._django_request.session.session_key
self._session_index = 42
def _determine_subject(self): def _determine_subject(self):
""" """
Determines _subject and _subject_type for Assertion Subject. Determines _subject and _subject_type for Assertion Subject.
""" """
# TODO: Fetch user from request! self._subject = g.sso_ticket.user()
self._subject = self._django_request.user.email
def _encode_response(self): def _encode_response(self):
""" """
......
from __future__ import absolute_import from __future__ import absolute_import
import os import os
import urllib
from flask import Blueprint, current_app, request, session, abort, redirect, make_response, url_for from flask import Blueprint, current_app, request, session, abort, redirect, make_response, url_for, g
from . import exceptions from . import exceptions
from . import xml_signing from . import xml_signing
...@@ -15,27 +16,31 @@ logger = get_saml_logger() ...@@ -15,27 +16,31 @@ logger = get_saml_logger()
sso_cookie_name = 'SSO_SAML' sso_cookie_name = 'SSO_SAML'
def _verifier(): def init_app(app):
if not hasattr(current_app, 'saml_sso_verifier'): app.register_blueprint(saml_app, url_prefix='/saml/')
current_app.saml_sso_verifier = sso.Verifier(
current_app.config['PUBLIC_KEY'], saml_app.login_server = app.config['SSO_LOGIN_SERVER']
current_app.config['SAML_SSO_SERVICE'], saml_app.sso_service = saml_app.login_server + 'saml/'
current_app.config['SSO_DOMAIN'], with open(app.config['SSO_PUBLIC_KEY']) as fd:
[]) public_key = fd.read()
return current_app.saml_sso_verifier saml_app.sso_verifier = sso.Verifier(
public_key,
saml_app.sso_service,
app.config['SSO_DOMAIN'],
[])
def login_required(fn): def login_required(fn):
def _wrapper(*args, **kwargs): def _wrapper(*args, **kwargs):
# Try to fetch the cookie. # Try to fetch the cookie.
try: try:
tkt = _verifier().verify(request.cookies.get(sso_cookie_name)) g.sso_ticket = saml_app.sso_verifier.verify(request.cookies.get(sso_cookie_name))
return fn(*args, **kwargs) return fn(*args, **kwargs)
except (TypeError, sso.Error) as e: except (TypeError, sso.Error) as e:
redir_url = 'https://%s?%s' % ( redir_url = 'https://%s?%s' % (
login_server, urllib.urlencode({ saml_app.login_server, urllib.urlencode({
's': service, 's': saml_app.sso_service,
'd': _make_absolute_url()})) 'd': request.url}))
return redirect(redir_url) return redirect(redir_url)
return functools.wraps(_wrapper) return functools.wraps(_wrapper)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment