Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai
sso
Commits
fcb7aaee
Commit
fcb7aaee
authored
Oct 15, 2016
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
allow auth backends to provide user emails
Uses the email as a SAML attribute.
parent
14c4c555
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
22 additions
and
3 deletions
+22
-3
src/sso_server/sso_server/auth/__init__.py
src/sso_server/sso_server/auth/__init__.py
+3
-0
src/sso_server/sso_server/auth/auth_machdb.py
src/sso_server/sso_server/auth/auth_machdb.py
+10
-3
src/sso_server/sso_server/auth/auth_test.py
src/sso_server/sso_server/auth/auth_test.py
+3
-0
src/sso_server/sso_server/saml/flask_views.py
src/sso_server/sso_server/saml/flask_views.py
+4
-0
src/sso_server/sso_server/saml/registry.py
src/sso_server/sso_server/saml/registry.py
+2
-0
No files found.
src/sso_server/sso_server/auth/__init__.py
View file @
fcb7aaee
...
...
@@ -33,3 +33,6 @@ class AuthBase(object):
def
match_groups
(
self
,
username
,
groups
):
return
set
()
def
get_user_email
(
self
,
username
):
return
None
src/sso_server/sso_server/auth/auth_machdb.py
View file @
fcb7aaee
...
...
@@ -17,11 +17,12 @@ class _CredentialsCache(dict):
self
.
_lock
=
threading
.
Lock
()
self
.
_data
=
{
'pwcache'
:
{},
'otpcache'
:
{},
'grpcache'
:
{}}
def
update
(
self
,
pwcache
,
otpcache
,
grpcache
):
def
update
(
self
,
pwcache
,
otpcache
,
grpcache
,
mailcache
):
with
self
.
_lock
:
self
.
_data
[
'pwcache'
]
=
pwcache
self
.
_data
[
'otpcache'
]
=
otpcache
self
.
_data
[
'grpcache'
]
=
grpcache
self
.
_data
[
'mailcache'
]
=
mailcache
def
get
(
self
,
tag
):
with
self
.
_lock
:
...
...
@@ -44,7 +45,7 @@ class Updater(threading.Thread):
time
.
sleep
(
600
)
def
update_auth_cache
(
self
):
pwcache
,
otpcache
,
grpcache
=
{},
{},
{}
pwcache
,
otpcache
,
grpcache
,
mailcache
=
{},
{},
{},
{}
for
user
in
mdb
.
User
.
find
():
if
not
user
.
enabled
:
continue
...
...
@@ -52,7 +53,9 @@ class Updater(threading.Thread):
if
user
.
totp_key
:
otpcache
[
user
.
name
]
=
user
.
totp_key
grpcache
[
user
.
name
]
=
set
(
x
.
name
for
x
in
user
.
groups
)
self
.
auth_cache
.
update
(
pwcache
,
otpcache
,
grpcache
)
if
user
.
email
:
mailcache
[
user
.
name
]
=
user
.
email
self
.
auth_cache
.
update
(
pwcache
,
otpcache
,
grpcache
,
mailcache
)
class
Auth
(
AuthBase
):
...
...
@@ -87,3 +90,7 @@ class Auth(AuthBase):
user_groups
.
intersection_update
(
groups
)
return
user_groups
def
get_user_email
(
self
,
username
):
mailcache
=
self
.
auth_cache
.
get
(
'mailcache'
)
return
mailcache
.
get
(
username
)
src/sso_server/sso_server/auth/auth_test.py
View file @
fcb7aaee
...
...
@@ -43,3 +43,6 @@ class Auth(AuthBase):
allowed_groups
=
set
([
"group1"
,
"group2"
])
allowed_groups
.
intersection_update
(
groups
)
return
allowed_groups
def
get_user_email
(
self
,
u
):
return
u
+
'@example.com'
src/sso_server/sso_server/saml/flask_views.py
View file @
fcb7aaee
...
...
@@ -55,6 +55,10 @@ def login_required(fn):
raise
NoCookieError
(
'no cookie'
)
current_app
.
logger
.
info
(
'retrieved cookie: %s'
,
cookie
)
g
.
sso_ticket
=
saml_app
.
sso_verifier
.
verify
(
str
(
cookie
))
# Cheat by looking up the email using the LoginService
# private to the main app.
g
.
user_email
=
current_app
.
login_service
.
auth
.
get_user_email
(
g
.
sso_ticket
.
user
())
return
fn
(
*
args
,
**
kwargs
)
except
(
NoCookieError
,
TypeError
,
sso
.
Error
)
as
e
:
current_app
.
logger
.
error
(
'auth failed: %s'
,
str
(
e
))
...
...
src/sso_server/sso_server/saml/registry.py
View file @
fcb7aaee
...
...
@@ -8,6 +8,7 @@ import logging
import
warnings
import
zlib
from
flask
import
g
from
importlib
import
import_module
from
.
import
base
...
...
@@ -37,6 +38,7 @@ class SSOProcessor(base.Processor):
# Add attributes that gitlab needs (?).
self
.
_assertion_params
[
'ATTRIBUTES'
]
=
{
'name'
:
self
.
_subject
,
'email'
:
g
.
user_email
,
}
self
.
_assertion_xml
=
xml_render
.
get_assertion_salesforce_xml
(
self
.
_assertion_params
,
signed
=
True
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment