authentik/passbook/sources/saml/models.py

"""saml sp models"""
from django.db import models
from django.urls import reverse_lazy
from django.utils.translation import gettext_lazy as _

from passbook.core.models import Source
from passbook.core.types import UILoginButton
from passbook.crypto.models import CertificateKeyPair
from passbook.providers.saml.utils.time import timedelta_string_validator


class SAMLBindingTypes(models.TextChoices):
    """SAML Binding types"""

    Redirect = "REDIRECT"
    POST = "POST"


class SAMLSource(Source):
    """Authenticate using an external SAML Identity Provider."""

    issuer = models.TextField(
        blank=True,
        default=None,
        verbose_name=_("Issuer"),
        help_text=_("Also known as Entity ID. Defaults the Metadata URL."),
    )

    sso_url = models.URLField(
        verbose_name=_("SSO URL"),
        help_text=_("URL that the initial Login request is sent to."),
    )
    binding_type = models.CharField(
        max_length=100,
        choices=SAMLBindingTypes.choices,
        default=SAMLBindingTypes.Redirect,
    )

    slo_url = models.URLField(
        default=None,
        blank=True,
        null=True,
        verbose_name=_("SLO URL"),
        help_text=_("Optional URL if your IDP supports Single-Logout."),
    )

    temporary_user_delete_after = models.TextField(
        default="days=1",
        verbose_name=_("Delete temporary users after"),
        validators=[timedelta_string_validator],
        help_text=_(
            (
                "Time offset when temporary users should be deleted. This only applies if your IDP "
                "uses the NameID Format 'transient', and the user doesn't log out manually. "
                "(Format: hours=1;minutes=2;seconds=3)."
            )
        ),
    )

    signing_kp = models.ForeignKey(
        CertificateKeyPair,
        verbose_name=_("Singing Keypair"),
        help_text=_(
            "Certificate Key Pair of the IdP which Assertion's Signature is validated against."
        ),
        on_delete=models.PROTECT,
    )

    form = "passbook.sources.saml.forms.SAMLSourceForm"

    @property
    def ui_login_button(self) -> UILoginButton:
        return UILoginButton(
            name=self.name,
            url=reverse_lazy(
                "passbook_sources_saml:login", kwargs={"source_slug": self.slug}
            ),
            icon_path="",
        )

    @property
    def ui_additional_info(self) -> str:
        metadata_url = reverse_lazy(
            "passbook_sources_saml:metadata", kwargs={"source_slug": self.slug}
        )
        return f'<a href="{metadata_url}" class="btn btn-default btn-sm">Metadata Download</a>'

    def __str__(self):
        return f"SAML Source {self.name}"

    class Meta:

        verbose_name = _("SAML Source")
        verbose_name_plural = _("SAML Sources")
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00			`"""saml sp models"""`
			`from django.db import models`
			`from django.urls import reverse_lazy`
sources/saml: move labels from forms to models 2020-02-16 11:34:46 +00:00			`from django.utils.translation import gettext_lazy as _`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
			`from passbook.core.models import Source`
sources/saml: entity_id -> issuer 2020-02-20 16:23:27 +00:00			`from passbook.core.types import UILoginButton`
sources/saml: switch to new crypto 2020-03-03 22:35:38 +00:00			`from passbook.crypto.models import CertificateKeyPair`
sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`from passbook.providers.saml.utils.time import timedelta_string_validator`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00

WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`class SAMLBindingTypes(models.TextChoices):`
			`"""SAML Binding types"""`

			`Redirect = "REDIRECT"`
			`POST = "POST"`


sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00			`class SAMLSource(Source):`
*: rephrase strings 2020-07-01 16:40:52 +00:00			`"""Authenticate using an external SAML Identity Provider."""`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
sources/saml: entity_id -> issuer 2020-02-20 16:23:27 +00:00			`issuer = models.TextField(`
			`blank=True,`
			`default=None,`
			`verbose_name=_("Issuer"),`
			`help_text=_("Also known as Entity ID. Defaults the Metadata URL."),`
			`)`
sources/saml: fix `build_full_url` using incorrect URL parameter 2020-02-20 16:04:54 +00:00
sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`sso_url = models.URLField(`
			`verbose_name=_("SSO URL"),`
			`help_text=_("URL that the initial Login request is sent to."),`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`)`
			`binding_type = models.CharField(`
			`max_length=100,`
			`choices=SAMLBindingTypes.choices,`
			`default=SAMLBindingTypes.Redirect,`
			`)`

sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`slo_url = models.URLField(`
			`default=None,`
			`blank=True,`
			`null=True,`
			`verbose_name=_("SLO URL"),`
			`help_text=_("Optional URL if your IDP supports Single-Logout."),`
			`)`

			`temporary_user_delete_after = models.TextField(`
			`default="days=1",`
			`verbose_name=_("Delete temporary users after"),`
			`validators=[timedelta_string_validator],`
			`help_text=_(`
			`(`
			`"Time offset when temporary users should be deleted. This only applies if your IDP "`
			`"uses the NameID Format 'transient', and the user doesn't log out manually. "`
			`"(Format: hours=1;minutes=2;seconds=3)."`
			`)`
			`),`
sources/saml: move labels from forms to models 2020-02-16 11:34:46 +00:00			`)`
sources/saml: switch to new crypto 2020-03-03 22:35:38 +00:00
			`signing_kp = models.ForeignKey(`
			`CertificateKeyPair,`
sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`verbose_name=_("Singing Keypair"),`
sources/saml: switch to new crypto 2020-03-03 22:35:38 +00:00			`help_text=_(`
sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`"Certificate Key Pair of the IdP which Assertion's Signature is validated against."`
sources/saml: switch to new crypto 2020-03-03 22:35:38 +00:00			`),`
sources/saml: correctly cleanup transient users, update forms 2020-06-24 20:27:14 +00:00			`on_delete=models.PROTECT,`
sources/saml: switch to new crypto 2020-03-03 22:35:38 +00:00			`)`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`form = "passbook.sources.saml.forms.SAMLSourceForm"`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
			`@property`
all: prefix all UI related methods with ui_, switch to property and return dataclass 2020-02-20 12:51:41 +00:00			`def ui_login_button(self) -> UILoginButton:`
			`return UILoginButton(`
			`name=self.name,`
			`url=reverse_lazy(`
			`"passbook_sources_saml:login", kwargs={"source_slug": self.slug}`
			`),`
			`icon_path="",`
all: general maintenance, prepare for pyright 2020-02-18 21:12:51 +00:00			`)`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
			`@property`
all: prefix all UI related methods with ui_, switch to property and return dataclass 2020-02-20 12:51:41 +00:00			`def ui_additional_info(self) -> str:`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`metadata_url = reverse_lazy(`
sources/saml: fix `build_full_url` using incorrect URL parameter 2020-02-20 16:04:54 +00:00			`"passbook_sources_saml:metadata", kwargs={"source_slug": self.slug}`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`)`
			`return f'<a href="{metadata_url}" class="btn btn-default btn-sm">Metadata Download</a>'`
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00
providers/saml: fix 500 when SAML Provider not assigned to application 2020-02-21 19:54:00 +00:00			`def __str__(self):`
			`return f"SAML Source {self.name}"`

sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00			`class Meta:`

all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`verbose_name = _("SAML Source")`
			`verbose_name_plural = _("SAML Sources")`