Commit de37aca9 authored by ale's avatar ale

use sso ticket to provide username

parent 67fc4602
......@@ -4,7 +4,7 @@ import base64
import time
import uuid
from flask import request, session, current_app
from flask import request, session, current_app, g
from BeautifulSoup import BeautifulStoneSoup
from . import codex
......@@ -138,14 +138,14 @@ class Processor(object):
def _determine_session_index(self):
# TODO: find a replacement for Flask!
self._session_index = self._django_request.session.session_key
#self._session_index = self._django_request.session.session_key
self._session_index = 42
def _determine_subject(self):
"""
Determines _subject and _subject_type for Assertion Subject.
"""
# TODO: Fetch user from request!
self._subject = self._django_request.user.email
self._subject = g.sso_ticket.user()
def _encode_response(self):
"""
......
from __future__ import absolute_import
import os
import urllib
from flask import Blueprint, current_app, request, session, abort, redirect, make_response, url_for
from flask import Blueprint, current_app, request, session, abort, redirect, make_response, url_for, g
from . import exceptions
from . import xml_signing
......@@ -15,27 +16,31 @@ logger = get_saml_logger()
sso_cookie_name = 'SSO_SAML'
def _verifier():
if not hasattr(current_app, 'saml_sso_verifier'):
current_app.saml_sso_verifier = sso.Verifier(
current_app.config['PUBLIC_KEY'],
current_app.config['SAML_SSO_SERVICE'],
current_app.config['SSO_DOMAIN'],
def init_app(app):
app.register_blueprint(saml_app, url_prefix='/saml/')
saml_app.login_server = app.config['SSO_LOGIN_SERVER']
saml_app.sso_service = saml_app.login_server + 'saml/'
with open(app.config['SSO_PUBLIC_KEY']) as fd:
public_key = fd.read()
saml_app.sso_verifier = sso.Verifier(
public_key,
saml_app.sso_service,
app.config['SSO_DOMAIN'],
[])
return current_app.saml_sso_verifier
def login_required(fn):
def _wrapper(*args, **kwargs):
# Try to fetch the cookie.
try:
tkt = _verifier().verify(request.cookies.get(sso_cookie_name))
g.sso_ticket = saml_app.sso_verifier.verify(request.cookies.get(sso_cookie_name))
return fn(*args, **kwargs)
except (TypeError, sso.Error) as e:
redir_url = 'https://%s?%s' % (
login_server, urllib.urlencode({
's': service,
'd': _make_absolute_url()}))
saml_app.login_server, urllib.urlencode({
's': saml_app.sso_service,
'd': request.url}))
return redirect(redir_url)
return functools.wraps(_wrapper)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment