providers/saml: more typehints
This commit is contained in:
parent
773a9c0692
commit
32a48fa07a
|
@ -27,7 +27,7 @@ LOGGER = get_logger()
|
||||||
URL_VALIDATOR = URLValidator(schemes=("http", "https"))
|
URL_VALIDATOR = URLValidator(schemes=("http", "https"))
|
||||||
|
|
||||||
|
|
||||||
def _generate_response(request: HttpRequest, provider: SAMLProvider):
|
def _generate_response(request: HttpRequest, provider: SAMLProvider) -> HttpResponse:
|
||||||
"""Generate a SAML response using processor_instance and return it in the proper Django
|
"""Generate a SAML response using processor_instance and return it in the proper Django
|
||||||
response."""
|
response."""
|
||||||
try:
|
try:
|
||||||
|
@ -58,13 +58,16 @@ class AccessRequiredView(AccessMixin, View):
|
||||||
|
|
||||||
def _has_access(self) -> bool:
|
def _has_access(self) -> bool:
|
||||||
"""Check if user has access to application"""
|
"""Check if user has access to application"""
|
||||||
|
LOGGER.debug(
|
||||||
|
"_has_access", user=self.request.user, app=self.provider.application
|
||||||
|
)
|
||||||
policy_engine = PolicyEngine(
|
policy_engine = PolicyEngine(
|
||||||
self.provider.application.policies.all(), self.request.user, self.request
|
self.provider.application.policies.all(), self.request.user, self.request
|
||||||
)
|
)
|
||||||
policy_engine.build()
|
policy_engine.build()
|
||||||
return policy_engine.passing
|
return policy_engine.passing
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
|
||||||
if not request.user.is_authenticated:
|
if not request.user.is_authenticated:
|
||||||
return self.handle_no_permission()
|
return self.handle_no_permission()
|
||||||
if not self._has_access():
|
if not self._has_access():
|
||||||
|
@ -84,7 +87,7 @@ class LoginBeginView(AccessRequiredView):
|
||||||
stores it in the session prior to enforcing login."""
|
stores it in the session prior to enforcing login."""
|
||||||
|
|
||||||
@method_decorator(csrf_exempt)
|
@method_decorator(csrf_exempt)
|
||||||
def dispatch(self, request, application):
|
def dispatch(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
source = request.POST
|
source = request.POST
|
||||||
else:
|
else:
|
||||||
|
@ -108,7 +111,9 @@ class LoginBeginView(AccessRequiredView):
|
||||||
class RedirectToSPView(AccessRequiredView):
|
class RedirectToSPView(AccessRequiredView):
|
||||||
"""Return autosubmit form"""
|
"""Return autosubmit form"""
|
||||||
|
|
||||||
def get(self, request, acs_url, saml_response, relay_state):
|
def get(
|
||||||
|
self, request: HttpRequest, acs_url: str, saml_response: str, relay_state: str
|
||||||
|
) -> HttpResponse:
|
||||||
"""Return autosubmit form"""
|
"""Return autosubmit form"""
|
||||||
return render(
|
return render(
|
||||||
request,
|
request,
|
||||||
|
@ -149,7 +154,7 @@ class LoginProcessView(AccessRequiredView):
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def post(self, request, application: str) -> HttpResponse:
|
def post(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
"""Handle post request, return back to ACS"""
|
"""Handle post request, return back to ACS"""
|
||||||
# User access gets checked in dispatch
|
# User access gets checked in dispatch
|
||||||
if request.POST.get("ACSUrl", None):
|
if request.POST.get("ACSUrl", None):
|
||||||
|
@ -178,7 +183,7 @@ class LogoutView(CSRFExemptMixin, AccessRequiredView):
|
||||||
though it's technically not SAML 2.0)."""
|
though it's technically not SAML 2.0)."""
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def get(self, request, application):
|
def get(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
"""Perform logout"""
|
"""Perform logout"""
|
||||||
logout(request)
|
logout(request)
|
||||||
|
|
||||||
|
@ -199,7 +204,7 @@ class SLOLogout(CSRFExemptMixin, AccessRequiredView):
|
||||||
logs out the user and returns a standard logged-out page."""
|
logs out the user and returns a standard logged-out page."""
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def post(self, request, application):
|
def post(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
"""Perform logout"""
|
"""Perform logout"""
|
||||||
request.session["SAMLRequest"] = request.POST["SAMLRequest"]
|
request.session["SAMLRequest"] = request.POST["SAMLRequest"]
|
||||||
# TODO: Parse SAML LogoutRequest from POST data, similar to login_process().
|
# TODO: Parse SAML LogoutRequest from POST data, similar to login_process().
|
||||||
|
@ -214,7 +219,7 @@ class SLOLogout(CSRFExemptMixin, AccessRequiredView):
|
||||||
class DescriptorDownloadView(AccessRequiredView):
|
class DescriptorDownloadView(AccessRequiredView):
|
||||||
"""Replies with the XML Metadata IDSSODescriptor."""
|
"""Replies with the XML Metadata IDSSODescriptor."""
|
||||||
|
|
||||||
def get(self, request, application):
|
def get(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
"""Replies with the XML Metadata IDSSODescriptor."""
|
"""Replies with the XML Metadata IDSSODescriptor."""
|
||||||
entity_id = self.provider.issuer
|
entity_id = self.provider.issuer
|
||||||
slo_url = request.build_absolute_uri(
|
slo_url = request.build_absolute_uri(
|
||||||
|
@ -250,7 +255,7 @@ class InitiateLoginView(AccessRequiredView):
|
||||||
"""IdP-initiated Login"""
|
"""IdP-initiated Login"""
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
def get(self, request, application):
|
def get(self, request: HttpRequest, application: str) -> HttpResponse:
|
||||||
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
||||||
self.provider.processor.init_deep_link(request, "")
|
self.provider.processor.init_deep_link(request, "")
|
||||||
self.provider.processor.is_idp_initiated = True
|
self.provider.processor.is_idp_initiated = True
|
||||||
|
|
Reference in a new issue