Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai
sso
Commits
fcb7aaee
Commit
fcb7aaee
authored
Oct 15, 2016
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
allow auth backends to provide user emails
Uses the email as a SAML attribute.
parent
14c4c555
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
22 additions
and
3 deletions
+22
-3
src/sso_server/sso_server/auth/__init__.py
src/sso_server/sso_server/auth/__init__.py
+3
-0
src/sso_server/sso_server/auth/auth_machdb.py
src/sso_server/sso_server/auth/auth_machdb.py
+10
-3
src/sso_server/sso_server/auth/auth_test.py
src/sso_server/sso_server/auth/auth_test.py
+3
-0
src/sso_server/sso_server/saml/flask_views.py
src/sso_server/sso_server/saml/flask_views.py
+4
-0
src/sso_server/sso_server/saml/registry.py
src/sso_server/sso_server/saml/registry.py
+2
-0
No files found.
src/sso_server/sso_server/auth/__init__.py
View file @
fcb7aaee
...
@@ -33,3 +33,6 @@ class AuthBase(object):
...
@@ -33,3 +33,6 @@ class AuthBase(object):
def
match_groups
(
self
,
username
,
groups
):
def
match_groups
(
self
,
username
,
groups
):
return
set
()
return
set
()
def
get_user_email
(
self
,
username
):
return
None
src/sso_server/sso_server/auth/auth_machdb.py
View file @
fcb7aaee
...
@@ -17,11 +17,12 @@ class _CredentialsCache(dict):
...
@@ -17,11 +17,12 @@ class _CredentialsCache(dict):
self
.
_lock
=
threading
.
Lock
()
self
.
_lock
=
threading
.
Lock
()
self
.
_data
=
{
'pwcache'
:
{},
'otpcache'
:
{},
'grpcache'
:
{}}
self
.
_data
=
{
'pwcache'
:
{},
'otpcache'
:
{},
'grpcache'
:
{}}
def
update
(
self
,
pwcache
,
otpcache
,
grpcache
):
def
update
(
self
,
pwcache
,
otpcache
,
grpcache
,
mailcache
):
with
self
.
_lock
:
with
self
.
_lock
:
self
.
_data
[
'pwcache'
]
=
pwcache
self
.
_data
[
'pwcache'
]
=
pwcache
self
.
_data
[
'otpcache'
]
=
otpcache
self
.
_data
[
'otpcache'
]
=
otpcache
self
.
_data
[
'grpcache'
]
=
grpcache
self
.
_data
[
'grpcache'
]
=
grpcache
self
.
_data
[
'mailcache'
]
=
mailcache
def
get
(
self
,
tag
):
def
get
(
self
,
tag
):
with
self
.
_lock
:
with
self
.
_lock
:
...
@@ -44,7 +45,7 @@ class Updater(threading.Thread):
...
@@ -44,7 +45,7 @@ class Updater(threading.Thread):
time
.
sleep
(
600
)
time
.
sleep
(
600
)
def
update_auth_cache
(
self
):
def
update_auth_cache
(
self
):
pwcache
,
otpcache
,
grpcache
=
{},
{},
{}
pwcache
,
otpcache
,
grpcache
,
mailcache
=
{},
{},
{},
{}
for
user
in
mdb
.
User
.
find
():
for
user
in
mdb
.
User
.
find
():
if
not
user
.
enabled
:
if
not
user
.
enabled
:
continue
continue
...
@@ -52,7 +53,9 @@ class Updater(threading.Thread):
...
@@ -52,7 +53,9 @@ class Updater(threading.Thread):
if
user
.
totp_key
:
if
user
.
totp_key
:
otpcache
[
user
.
name
]
=
user
.
totp_key
otpcache
[
user
.
name
]
=
user
.
totp_key
grpcache
[
user
.
name
]
=
set
(
x
.
name
for
x
in
user
.
groups
)
grpcache
[
user
.
name
]
=
set
(
x
.
name
for
x
in
user
.
groups
)
self
.
auth_cache
.
update
(
pwcache
,
otpcache
,
grpcache
)
if
user
.
email
:
mailcache
[
user
.
name
]
=
user
.
email
self
.
auth_cache
.
update
(
pwcache
,
otpcache
,
grpcache
,
mailcache
)
class
Auth
(
AuthBase
):
class
Auth
(
AuthBase
):
...
@@ -87,3 +90,7 @@ class Auth(AuthBase):
...
@@ -87,3 +90,7 @@ class Auth(AuthBase):
user_groups
.
intersection_update
(
groups
)
user_groups
.
intersection_update
(
groups
)
return
user_groups
return
user_groups
def
get_user_email
(
self
,
username
):
mailcache
=
self
.
auth_cache
.
get
(
'mailcache'
)
return
mailcache
.
get
(
username
)
src/sso_server/sso_server/auth/auth_test.py
View file @
fcb7aaee
...
@@ -43,3 +43,6 @@ class Auth(AuthBase):
...
@@ -43,3 +43,6 @@ class Auth(AuthBase):
allowed_groups
=
set
([
"group1"
,
"group2"
])
allowed_groups
=
set
([
"group1"
,
"group2"
])
allowed_groups
.
intersection_update
(
groups
)
allowed_groups
.
intersection_update
(
groups
)
return
allowed_groups
return
allowed_groups
def
get_user_email
(
self
,
u
):
return
u
+
'@example.com'
src/sso_server/sso_server/saml/flask_views.py
View file @
fcb7aaee
...
@@ -55,6 +55,10 @@ def login_required(fn):
...
@@ -55,6 +55,10 @@ def login_required(fn):
raise
NoCookieError
(
'no cookie'
)
raise
NoCookieError
(
'no cookie'
)
current_app
.
logger
.
info
(
'retrieved cookie: %s'
,
cookie
)
current_app
.
logger
.
info
(
'retrieved cookie: %s'
,
cookie
)
g
.
sso_ticket
=
saml_app
.
sso_verifier
.
verify
(
str
(
cookie
))
g
.
sso_ticket
=
saml_app
.
sso_verifier
.
verify
(
str
(
cookie
))
# Cheat by looking up the email using the LoginService
# private to the main app.
g
.
user_email
=
current_app
.
login_service
.
auth
.
get_user_email
(
g
.
sso_ticket
.
user
())
return
fn
(
*
args
,
**
kwargs
)
return
fn
(
*
args
,
**
kwargs
)
except
(
NoCookieError
,
TypeError
,
sso
.
Error
)
as
e
:
except
(
NoCookieError
,
TypeError
,
sso
.
Error
)
as
e
:
current_app
.
logger
.
error
(
'auth failed: %s'
,
str
(
e
))
current_app
.
logger
.
error
(
'auth failed: %s'
,
str
(
e
))
...
...
src/sso_server/sso_server/saml/registry.py
View file @
fcb7aaee
...
@@ -8,6 +8,7 @@ import logging
...
@@ -8,6 +8,7 @@ import logging
import
warnings
import
warnings
import
zlib
import
zlib
from
flask
import
g
from
importlib
import
import_module
from
importlib
import
import_module
from
.
import
base
from
.
import
base
...
@@ -37,6 +38,7 @@ class SSOProcessor(base.Processor):
...
@@ -37,6 +38,7 @@ class SSOProcessor(base.Processor):
# Add attributes that gitlab needs (?).
# Add attributes that gitlab needs (?).
self
.
_assertion_params
[
'ATTRIBUTES'
]
=
{
self
.
_assertion_params
[
'ATTRIBUTES'
]
=
{
'name'
:
self
.
_subject
,
'name'
:
self
.
_subject
,
'email'
:
g
.
user_email
,
}
}
self
.
_assertion_xml
=
xml_render
.
get_assertion_salesforce_xml
(
self
.
_assertion_params
,
signed
=
True
)
self
.
_assertion_xml
=
xml_render
.
get_assertion_salesforce_xml
(
self
.
_assertion_params
,
signed
=
True
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment