providers/saml: make metadata accessible without authentication
This commit is contained in:
parent
e4cb9b7ff9
commit
3753275453
|
@ -0,0 +1,22 @@
|
|||
# Generated by Django 3.0.7 on 2020-06-20 19:50
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("passbook_providers_saml", "0003_samlprovider_sp_binding"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="samlprovider",
|
||||
name="sp_binding",
|
||||
field=models.TextField(
|
||||
choices=[("redirect", "Redirect"), ("post", "Post")],
|
||||
default="redirect",
|
||||
verbose_name="Service Prodier Binding",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -34,7 +34,9 @@ class SAMLProvider(Provider):
|
|||
audience = models.TextField(default="")
|
||||
issuer = models.TextField(help_text=_("Also known as EntityID"))
|
||||
sp_binding = models.TextField(
|
||||
choices=SAMLBindings.choices, default=SAMLBindings.REDIRECT
|
||||
choices=SAMLBindings.choices,
|
||||
default=SAMLBindings.REDIRECT,
|
||||
verbose_name=_("Service Prodier Binding"),
|
||||
)
|
||||
|
||||
assertion_valid_not_before = models.TextField(
|
||||
|
@ -142,7 +144,7 @@ class SAMLProvider(Provider):
|
|||
# pylint: disable=no-member
|
||||
metadata = DescriptorDownloadView.get_metadata(request, self)
|
||||
return render_to_string(
|
||||
"saml/idp/admin_metadata_modal.html",
|
||||
"providers/saml/admin_metadata_modal.html",
|
||||
{"provider": self, "metadata": metadata},
|
||||
)
|
||||
except Provider.application.RelatedObjectDoesNotExist:
|
||||
|
|
|
@ -132,7 +132,9 @@ class Processor:
|
|||
continue
|
||||
self._assertion_params["ATTRIBUTES"] = attributes
|
||||
self._assertion_xml = get_assertion_xml(
|
||||
"providers/saml/xml/assertions/generic.xml", self._assertion_params, signed=True
|
||||
"providers/saml/xml/assertions/generic.xml",
|
||||
self._assertion_params,
|
||||
signed=True,
|
||||
)
|
||||
|
||||
def _format_response(self):
|
||||
|
|
|
@ -10,5 +10,7 @@ class SalesForceProcessor(GenericProcessor):
|
|||
def _format_assertion(self):
|
||||
super()._format_assertion()
|
||||
self._assertion_xml = get_assertion_xml(
|
||||
"providers/saml/xml/assertions/salesforce.xml", self._assertion_params, signed=True
|
||||
"providers/saml/xml/assertions/salesforce.xml",
|
||||
self._assertion_params,
|
||||
signed=True,
|
||||
)
|
||||
|
|
|
@ -48,7 +48,9 @@ def _get_in_response_to(params):
|
|||
|
||||
def _get_subject(params):
|
||||
"""Insert Subject. Modifies the params dict."""
|
||||
params["SUBJECT_STATEMENT"] = render_to_string("providers/saml/xml/subject.xml", params)
|
||||
params["SUBJECT_STATEMENT"] = render_to_string(
|
||||
"providers/saml/xml/subject.xml", params
|
||||
)
|
||||
|
||||
|
||||
def get_assertion_xml(template, parameters, signed=False):
|
||||
|
|
|
@ -229,7 +229,7 @@ class SAMLFlowFinalView(StageView):
|
|||
return bad_request_message(request, "Invalid sp_binding specified")
|
||||
|
||||
|
||||
class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
|
||||
class DescriptorDownloadView(View):
|
||||
"""Replies with the XML Metadata IDSSODescriptor."""
|
||||
|
||||
@staticmethod
|
||||
|
@ -263,14 +263,12 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
|
|||
|
||||
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
|
||||
"""Replies with the XML Metadata IDSSODescriptor."""
|
||||
self.application = get_object_or_404(Application, slug=application_slug)
|
||||
self.provider: SAMLProvider = get_object_or_404(
|
||||
SAMLProvider, pk=self.application.provider_id
|
||||
application = get_object_or_404(Application, slug=application_slug)
|
||||
provider: SAMLProvider = get_object_or_404(
|
||||
SAMLProvider, pk=application.provider_id
|
||||
)
|
||||
if not self._has_access():
|
||||
raise PermissionDenied()
|
||||
try:
|
||||
metadata = DescriptorDownloadView.get_metadata(request, self.provider)
|
||||
metadata = DescriptorDownloadView.get_metadata(request, provider)
|
||||
except Provider.application.RelatedObjectDoesNotExist: # pylint: disable=no-member
|
||||
return bad_request_message(
|
||||
request, "Provider is not assigned to an application."
|
||||
|
@ -279,5 +277,5 @@ class DescriptorDownloadView(LoginRequiredMixin, SAMLAccessMixin, View):
|
|||
response = HttpResponse(metadata, content_type="application/xml")
|
||||
response[
|
||||
"Content-Disposition"
|
||||
] = f'attachment; filename="{self.provider.name}_passbook_meta.xml"'
|
||||
] = f'attachment; filename="{provider.name}_passbook_meta.xml"'
|
||||
return response
|
||||
|
|
Reference in a new issue