This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/providers/saml/models.py

169 lines
5.4 KiB
Python
Raw Normal View History

2018-11-16 08:10:35 +00:00
"""passbook saml_idp Models"""
from typing import Optional
2018-11-16 08:10:35 +00:00
from django.db import models
from django.http import HttpRequest
from django.shortcuts import reverse
from django.utils.translation import ugettext_lazy as _
2019-10-01 08:24:10 +00:00
from structlog import get_logger
2018-11-16 08:10:35 +00:00
from passbook.core.models import PropertyMapping, Provider
2020-03-03 22:35:50 +00:00
from passbook.crypto.models import CertificateKeyPair
from passbook.lib.utils.reflection import class_to_path, path_to_class
from passbook.lib.utils.template import render_to_string
from passbook.providers.saml.processors.base import Processor
from passbook.providers.saml.utils.time import timedelta_string_validator
2018-11-16 08:10:35 +00:00
LOGGER = get_logger()
2019-04-29 19:39:41 +00:00
2018-11-16 08:10:35 +00:00
class SAMLProvider(Provider):
2018-11-16 08:10:35 +00:00
"""Model to save information about a Remote SAML Endpoint"""
2018-11-26 16:17:32 +00:00
name = models.TextField()
processor_path = models.CharField(max_length=255, choices=[])
acs_url = models.URLField(verbose_name=_("ACS URL"))
2019-12-31 11:51:16 +00:00
audience = models.TextField(default="")
issuer = models.TextField(help_text=_("Also known as EntityID"))
assertion_valid_not_before = models.TextField(
default="minutes=-5",
validators=[timedelta_string_validator],
help_text=_(
(
"Assertion valid not before current time + this value "
"(Format: hours=-1;minutes=-2;seconds=-3)."
)
),
)
assertion_valid_not_on_or_after = models.TextField(
default="minutes=5",
validators=[timedelta_string_validator],
help_text=_(
(
"Assertion not valid on or after current time + this value "
"(Format: hours=1;minutes=2;seconds=3)."
)
),
)
session_valid_not_on_or_after = models.TextField(
default="minutes=86400",
validators=[timedelta_string_validator],
help_text=_(
(
"Session not valid on or after current time + this value "
"(Format: hours=1;minutes=2;seconds=3)."
)
),
)
digest_algorithm = models.CharField(
max_length=50,
choices=(("sha1", _("SHA1")), ("sha256", _("SHA256")),),
default="sha256",
)
signature_algorithm = models.CharField(
max_length=50,
choices=(
("rsa-sha1", _("RSA-SHA1")),
("rsa-sha256", _("RSA-SHA256")),
("ecdsa-sha256", _("ECDSA-SHA256")),
("dsa-sha1", _("DSA-SHA1")),
),
default="rsa-sha256",
)
2020-03-05 16:09:08 +00:00
signing_kp = models.ForeignKey(
2020-03-03 22:35:50 +00:00
CertificateKeyPair,
default=None,
null=True,
help_text=_("Singing is enabled upon selection of a Key Pair."),
on_delete=models.SET_NULL,
verbose_name=_("Signing Keypair"),
)
require_signing = models.BooleanField(
default=False,
help_text=_(
"Require Requests to be signed by an X509 Certificate. "
"Must match the Certificate selected in `Singing Keypair`."
),
2020-03-03 22:35:50 +00:00
)
2018-11-16 08:10:35 +00:00
form = "passbook.providers.saml.forms.SAMLProviderForm"
_processor = None
2018-11-26 21:40:10 +00:00
2018-11-16 08:10:35 +00:00
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
2019-12-31 11:51:16 +00:00
self._meta.get_field("processor_path").choices = get_provider_choices()
2018-11-16 08:10:35 +00:00
@property
2020-05-06 22:32:03 +00:00
def processor(self) -> Optional[Processor]:
2018-12-26 16:26:17 +00:00
"""Return selected processor as instance"""
if not self._processor:
try:
self._processor = path_to_class(self.processor_path)(self)
except ImportError as exc:
2019-04-29 19:39:41 +00:00
LOGGER.warning(exc)
self._processor = None
return self._processor
2018-11-16 08:10:35 +00:00
def __str__(self):
return f"SAML Provider {self.name}"
def link_download_metadata(self):
"""Get link to download XML metadata for admin interface"""
try:
2018-12-26 20:56:08 +00:00
# pylint: disable=no-member
2019-12-31 11:51:16 +00:00
return reverse(
"passbook_providers_saml:saml-metadata",
2019-12-31 11:51:16 +00:00
kwargs={"application": self.application.slug},
)
except Provider.application.RelatedObjectDoesNotExist:
return None
def html_metadata_view(self, request: HttpRequest) -> Optional[str]:
"""return template and context modal with to view Metadata without downloading it"""
from passbook.providers.saml.views import DescriptorDownloadView
try:
# pylint: disable=no-member
metadata = DescriptorDownloadView.get_metadata(request, self)
return render_to_string(
"saml/idp/admin_metadata_modal.html",
{"provider": self, "metadata": metadata,},
)
except Provider.application.RelatedObjectDoesNotExist:
return None
2018-11-26 16:17:32 +00:00
class Meta:
verbose_name = _("SAML Provider")
verbose_name_plural = _("SAML Providers")
class SAMLPropertyMapping(PropertyMapping):
"""SAML Property mapping, allowing Name/FriendlyName mapping to a list of strings"""
saml_name = models.TextField(verbose_name="SAML Name")
friendly_name = models.TextField(default=None, blank=True, null=True)
form = "passbook.providers.saml.forms.SAMLPropertyMappingForm"
def __str__(self):
return f"SAML Property Mapping {self.saml_name}"
class Meta:
2019-12-31 11:51:16 +00:00
verbose_name = _("SAML Property Mapping")
verbose_name_plural = _("SAML Property Mappings")
def get_provider_choices():
"""Return tuple of class_path, class name of all providers."""
2020-05-06 22:32:03 +00:00
return [
(class_to_path(x), x.__name__) for x in getattr(Processor, "__subclasses__")()
2020-05-06 22:32:03 +00:00
]