providers/saml: make metadata accessible without authentication

This commit is contained in:
Jens Langhammer 2020-06-20 21:51:52 +02:00
parent e4cb9b7ff9
commit 3753275453
6 changed files with 41 additions and 13 deletions

View File

@ -0,0 +1,22 @@
# Generated by Django 3.0.7 on 2020-06-20 19:50
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("passbook_providers_saml", "0003_samlprovider_sp_binding"),
]
operations = [
migrations.AlterField(
model_name="samlprovider",
name="sp_binding",
field=models.TextField(
choices=[("redirect", "Redirect"), ("post", "Post")],
default="redirect",
verbose_name="Service Prodier Binding",
),
),
]

View File

@ -34,7 +34,9 @@ class SAMLProvider(Provider):
audience = models.TextField(default="")
issuer = models.TextField(help_text=_("Also known as EntityID"))
sp_binding = models.TextField(
choices=SAMLBindings.choices, default=SAMLBindings.REDIRECT
choices=SAMLBindings.choices,
default=SAMLBindings.REDIRECT,
verbose_name=_("Service Prodier Binding"),
)
assertion_valid_not_before = models.TextField(
@ -142,7 +144,7 @@ class SAMLProvider(Provider):
# pylint: disable=no-member
metadata = DescriptorDownloadView.get_metadata(request, self)
return render_to_string(
"saml/idp/admin_metadata_modal.html",
"providers/saml/admin_metadata_modal.html",
{"provider": self, "metadata": metadata},
)
except Provider.application.RelatedObjectDoesNotExist:

View File

@ -132,7 +132,9 @@ class Processor:
continue
self._assertion_params["ATTRIBUTES"] = attributes
self._assertion_xml = get_assertion_xml(
"providers/saml/xml/assertions/generic.xml", self._assertion_params, signed=True
"providers/saml/xml/assertions/generic.xml",
self._assertion_params,
signed=True,
)
def _format_response(self):

View File

@ -10,5 +10,7 @@ class SalesForceProcessor(GenericProcessor):
def _format_assertion(self):
super()._format_assertion()
self._assertion_xml = get_assertion_xml(
"providers/saml/xml/assertions/salesforce.xml", self._assertion_params, signed=True
"providers/saml/xml/assertions/salesforce.xml",
self._assertion_params,
signed=True,
)

View File

@ -48,7 +48,9 @@ def _get_in_response_to(params):
def _get_subject(params):
"""Insert Subject. Modifies the params dict."""
params["SUBJECT_STATEMENT"] = render_to_string("providers/saml/xml/subject.xml", params)
params["SUBJECT_STATEMENT"] = render_to_string(
"providers/saml/xml/subject.xml", params
)
def get_assertion_xml(template, parameters, signed=False):

View File

@ -229,7 +229,7 @@ class SAMLFlowFinalView(StageView):
return bad_request_message(request, "Invalid sp_binding specified")
class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
class DescriptorDownloadView(View):
"""Replies with the XML Metadata IDSSODescriptor."""
@staticmethod
@ -263,14 +263,12 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
"""Replies with the XML Metadata IDSSODescriptor."""
self.application = get_object_or_404(Application, slug=application_slug)
self.provider: SAMLProvider = get_object_or_404(
SAMLProvider, pk=self.application.provider_id
application = get_object_or_404(Application, slug=application_slug)
provider: SAMLProvider = get_object_or_404(
SAMLProvider, pk=application.provider_id
)
if not self._has_access():
raise PermissionDenied()
try:
metadata = DescriptorDownloadView.get_metadata(request, self.provider)
metadata = DescriptorDownloadView.get_metadata(request, provider)
except Provider.application.RelatedObjectDoesNotExist: # pylint: disable=no-member
return bad_request_message(
request, "Provider is not assigned to an application."
@ -279,5 +277,5 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
response = HttpResponse(metadata, content_type="application/xml")
response[
"Content-Disposition"
] = f'attachment; filename="{self.provider.name}_passbook_meta.xml"'
] = f'attachment; filename="{provider.name}_passbook_meta.xml"'
return response