2019-11-07 16:02:56 +00:00
|
|
|
"""saml sp models"""
|
|
|
|
from django.db import models
|
|
|
|
from django.urls import reverse_lazy
|
2020-02-16 11:34:46 +00:00
|
|
|
from django.utils.translation import gettext_lazy as _
|
2019-11-07 16:02:56 +00:00
|
|
|
|
|
|
|
from passbook.core.models import Source
|
2020-02-20 16:23:27 +00:00
|
|
|
from passbook.core.types import UILoginButton
|
2020-03-03 22:35:38 +00:00
|
|
|
from passbook.crypto.models import CertificateKeyPair
|
2020-06-24 20:27:14 +00:00
|
|
|
from passbook.providers.saml.utils.time import timedelta_string_validator
|
2019-11-07 16:02:56 +00:00
|
|
|
|
|
|
|
|
2020-06-07 14:35:08 +00:00
|
|
|
class SAMLBindingTypes(models.TextChoices):
|
|
|
|
"""SAML Binding types"""
|
|
|
|
|
|
|
|
Redirect = "REDIRECT"
|
|
|
|
POST = "POST"
|
|
|
|
|
|
|
|
|
2019-11-07 16:02:56 +00:00
|
|
|
class SAMLSource(Source):
|
2020-07-01 16:40:52 +00:00
|
|
|
"""Authenticate using an external SAML Identity Provider."""
|
2019-11-07 16:02:56 +00:00
|
|
|
|
2020-02-20 16:23:27 +00:00
|
|
|
issuer = models.TextField(
|
|
|
|
blank=True,
|
|
|
|
default=None,
|
|
|
|
verbose_name=_("Issuer"),
|
|
|
|
help_text=_("Also known as Entity ID. Defaults the Metadata URL."),
|
|
|
|
)
|
2020-02-20 16:04:54 +00:00
|
|
|
|
2020-06-24 20:27:14 +00:00
|
|
|
sso_url = models.URLField(
|
|
|
|
verbose_name=_("SSO URL"),
|
|
|
|
help_text=_("URL that the initial Login request is sent to."),
|
2020-06-07 14:35:08 +00:00
|
|
|
)
|
|
|
|
binding_type = models.CharField(
|
|
|
|
max_length=100,
|
|
|
|
choices=SAMLBindingTypes.choices,
|
|
|
|
default=SAMLBindingTypes.Redirect,
|
|
|
|
)
|
|
|
|
|
2020-06-24 20:27:14 +00:00
|
|
|
slo_url = models.URLField(
|
|
|
|
default=None,
|
|
|
|
blank=True,
|
|
|
|
null=True,
|
|
|
|
verbose_name=_("SLO URL"),
|
|
|
|
help_text=_("Optional URL if your IDP supports Single-Logout."),
|
|
|
|
)
|
|
|
|
|
|
|
|
temporary_user_delete_after = models.TextField(
|
|
|
|
default="days=1",
|
|
|
|
verbose_name=_("Delete temporary users after"),
|
|
|
|
validators=[timedelta_string_validator],
|
|
|
|
help_text=_(
|
|
|
|
(
|
|
|
|
"Time offset when temporary users should be deleted. This only applies if your IDP "
|
|
|
|
"uses the NameID Format 'transient', and the user doesn't log out manually. "
|
|
|
|
"(Format: hours=1;minutes=2;seconds=3)."
|
|
|
|
)
|
|
|
|
),
|
2020-02-16 11:34:46 +00:00
|
|
|
)
|
2020-03-03 22:35:38 +00:00
|
|
|
|
|
|
|
signing_kp = models.ForeignKey(
|
|
|
|
CertificateKeyPair,
|
2020-06-24 20:27:14 +00:00
|
|
|
verbose_name=_("Singing Keypair"),
|
2020-03-03 22:35:38 +00:00
|
|
|
help_text=_(
|
2020-06-24 20:27:14 +00:00
|
|
|
"Certificate Key Pair of the IdP which Assertion's Signature is validated against."
|
2020-03-03 22:35:38 +00:00
|
|
|
),
|
2020-06-24 20:27:14 +00:00
|
|
|
on_delete=models.PROTECT,
|
2020-03-03 22:35:38 +00:00
|
|
|
)
|
2019-11-07 16:02:56 +00:00
|
|
|
|
2019-12-31 11:51:16 +00:00
|
|
|
form = "passbook.sources.saml.forms.SAMLSourceForm"
|
2019-11-07 16:02:56 +00:00
|
|
|
|
|
|
|
@property
|
2020-02-20 12:51:41 +00:00
|
|
|
def ui_login_button(self) -> UILoginButton:
|
|
|
|
return UILoginButton(
|
|
|
|
name=self.name,
|
|
|
|
url=reverse_lazy(
|
|
|
|
"passbook_sources_saml:login", kwargs={"source_slug": self.slug}
|
|
|
|
),
|
|
|
|
icon_path="",
|
2020-02-18 21:12:51 +00:00
|
|
|
)
|
2019-11-07 16:02:56 +00:00
|
|
|
|
|
|
|
@property
|
2020-02-20 12:51:41 +00:00
|
|
|
def ui_additional_info(self) -> str:
|
2019-12-31 11:51:16 +00:00
|
|
|
metadata_url = reverse_lazy(
|
2020-02-20 16:04:54 +00:00
|
|
|
"passbook_sources_saml:metadata", kwargs={"source_slug": self.slug}
|
2019-12-31 11:51:16 +00:00
|
|
|
)
|
|
|
|
return f'<a href="{metadata_url}" class="btn btn-default btn-sm">Metadata Download</a>'
|
2019-11-07 16:02:56 +00:00
|
|
|
|
2020-02-21 19:54:00 +00:00
|
|
|
def __str__(self):
|
|
|
|
return f"SAML Source {self.name}"
|
|
|
|
|
2019-11-07 16:02:56 +00:00
|
|
|
class Meta:
|
|
|
|
|
2019-12-31 11:51:16 +00:00
|
|
|
verbose_name = _("SAML Source")
|
|
|
|
verbose_name_plural = _("SAML Sources")
|