providers/saml: update to new PropertyMappings
This commit is contained in:
parent
205183445c
commit
7268afaaf9
|
@ -14,12 +14,16 @@ class SAMLProviderSerializer(ModelSerializer):
|
||||||
fields = [
|
fields = [
|
||||||
"pk",
|
"pk",
|
||||||
"name",
|
"name",
|
||||||
"property_mappings",
|
"processor_path",
|
||||||
"acs_url",
|
"acs_url",
|
||||||
"audience",
|
"audience",
|
||||||
"processor_path",
|
|
||||||
"issuer",
|
"issuer",
|
||||||
"assertion_valid_for",
|
"assertion_valid_not_before",
|
||||||
|
"assertion_valid_not_on_or_after",
|
||||||
|
"session_valid_not_on_or_after",
|
||||||
|
"property_mappings",
|
||||||
|
"digest_algorithm",
|
||||||
|
"signature_algorithm",
|
||||||
"signing",
|
"signing",
|
||||||
"signing_cert",
|
"signing_cert",
|
||||||
"signing_key",
|
"signing_key",
|
||||||
|
@ -39,7 +43,7 @@ class SAMLPropertyMappingSerializer(ModelSerializer):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = SAMLPropertyMapping
|
model = SAMLPropertyMapping
|
||||||
fields = ["pk", "name", "saml_name", "friendly_name", "values"]
|
fields = ["pk", "name", "saml_name", "friendly_name", "template"]
|
||||||
|
|
||||||
|
|
||||||
class SAMLPropertyMappingViewSet(ModelViewSet):
|
class SAMLPropertyMappingViewSet(ModelViewSet):
|
||||||
|
|
|
@ -4,7 +4,6 @@ from django import forms
|
||||||
from django.contrib.admin.widgets import FilteredSelectMultiple
|
from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
from passbook.lib.fields import DynamicArrayField
|
|
||||||
from passbook.providers.saml.models import (
|
from passbook.providers.saml.models import (
|
||||||
SAMLPropertyMapping,
|
SAMLPropertyMapping,
|
||||||
SAMLProvider,
|
SAMLProvider,
|
||||||
|
@ -63,10 +62,9 @@ class SAMLPropertyMappingForm(forms.ModelForm):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = SAMLPropertyMapping
|
model = SAMLPropertyMapping
|
||||||
fields = ["name", "saml_name", "friendly_name", "values"]
|
fields = ["name", "saml_name", "friendly_name", "template"]
|
||||||
widgets = {
|
widgets = {
|
||||||
"name": forms.TextInput(),
|
"name": forms.TextInput(),
|
||||||
"saml_name": forms.TextInput(),
|
"saml_name": forms.TextInput(),
|
||||||
"friendly_name": forms.TextInput(),
|
"friendly_name": forms.TextInput(),
|
||||||
}
|
}
|
||||||
field_classes = {"values": DynamicArrayField}
|
|
||||||
|
|
|
@ -4,46 +4,6 @@ import django.contrib.postgres.fields
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
def create_default_property_mappings(apps, schema_editor):
|
|
||||||
"""Create default SAML Property Mappings"""
|
|
||||||
SAMLPropertyMapping = apps.get_model(
|
|
||||||
"passbook_providers_saml", "SAMLPropertyMapping"
|
|
||||||
)
|
|
||||||
db_alias = schema_editor.connection.alias
|
|
||||||
defaults = [
|
|
||||||
{
|
|
||||||
"FriendlyName": "eduPersonPrincipalName",
|
|
||||||
"Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
|
|
||||||
"Value": "{user.email}",
|
|
||||||
},
|
|
||||||
{"FriendlyName": "cn", "Name": "urn:oid:2.5.4.3", "Value": "{user.name}",},
|
|
||||||
{
|
|
||||||
"FriendlyName": "mail",
|
|
||||||
"Name": "urn:oid:0.9.2342.19200300.100.1.3",
|
|
||||||
"Value": "{user.email}",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"FriendlyName": "displayName",
|
|
||||||
"Name": "urn:oid:2.16.840.1.113730.3.1.241",
|
|
||||||
"Value": "{user.username}",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"FriendlyName": "uid",
|
|
||||||
"Name": "urn:oid:0.9.2342.19200300.100.1.1",
|
|
||||||
"Value": "{user.pk}",
|
|
||||||
},
|
|
||||||
]
|
|
||||||
for default in defaults:
|
|
||||||
SAMLPropertyMapping.objects.using(db_alias).get_or_create(
|
|
||||||
saml_name=default["Name"],
|
|
||||||
friendly_name=default["FriendlyName"],
|
|
||||||
values=[default["Value"]],
|
|
||||||
defaults={
|
|
||||||
"name": f"Autogenerated SAML Mapping: {default['FriendlyName']} -> {default['Value']}"
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -75,5 +35,4 @@ class Migration(migrations.Migration):
|
||||||
name="signing_cert",
|
name="signing_cert",
|
||||||
field=models.TextField(verbose_name="Singing Certificate"),
|
field=models.TextField(verbose_name="Singing Certificate"),
|
||||||
),
|
),
|
||||||
migrations.RunPython(create_default_property_mappings),
|
|
||||||
]
|
]
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
# Generated by Django 3.0.3 on 2020-02-17 16:15
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
def cleanup_old_autogenerated(apps, schema_editor):
|
||||||
|
SAMLPropertyMapping = apps.get_model(
|
||||||
|
"passbook_providers_saml", "SAMLPropertyMapping"
|
||||||
|
)
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
SAMLPropertyMapping.objects.using(db_alias).filter(
|
||||||
|
name__startswith="Autogenerated"
|
||||||
|
).delete()
|
||||||
|
|
||||||
|
|
||||||
|
def create_default_property_mappings(apps, schema_editor):
|
||||||
|
"""Create default SAML Property Mappings"""
|
||||||
|
SAMLPropertyMapping = apps.get_model(
|
||||||
|
"passbook_providers_saml", "SAMLPropertyMapping"
|
||||||
|
)
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
defaults = [
|
||||||
|
{
|
||||||
|
"FriendlyName": "eduPersonPrincipalName",
|
||||||
|
"Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
|
||||||
|
"Template": "{{ user.email }}",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"FriendlyName": "cn",
|
||||||
|
"Name": "urn:oid:2.5.4.3",
|
||||||
|
"Template": "{{ user.name }}",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"FriendlyName": "mail",
|
||||||
|
"Name": "urn:oid:0.9.2342.19200300.100.1.3",
|
||||||
|
"Template": "{{ user.email }}",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"FriendlyName": "displayName",
|
||||||
|
"Name": "urn:oid:2.16.840.1.113730.3.1.241",
|
||||||
|
"Template": "{{ user.username }}",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"FriendlyName": "uid",
|
||||||
|
"Name": "urn:oid:0.9.2342.19200300.100.1.1",
|
||||||
|
"Template": "{{ user.pk }}",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"FriendlyName": "member-of",
|
||||||
|
"Name": "member-of",
|
||||||
|
"Template": "[{% for group in user.groups.all() %}'{{ group.name }}',{% endfor %}]",
|
||||||
|
},
|
||||||
|
]
|
||||||
|
for default in defaults:
|
||||||
|
SAMLPropertyMapping.objects.using(db_alias).get_or_create(
|
||||||
|
saml_name=default["Name"],
|
||||||
|
friendly_name=default["FriendlyName"],
|
||||||
|
template=default["Template"],
|
||||||
|
defaults={
|
||||||
|
"name": f"Autogenerated SAML Mapping: {default['FriendlyName']} -> {default['Template']}"
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("passbook_providers_saml", "0004_auto_20200217_1526"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RunPython(cleanup_old_autogenerated),
|
||||||
|
migrations.RemoveField(model_name="samlpropertymapping", name="values",),
|
||||||
|
migrations.RunPython(create_default_property_mappings),
|
||||||
|
]
|
|
@ -1,5 +1,4 @@
|
||||||
"""passbook saml_idp Models"""
|
"""passbook saml_idp Models"""
|
||||||
from django.contrib.postgres.fields import ArrayField
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.shortcuts import reverse
|
from django.shortcuts import reverse
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
@ -118,15 +117,6 @@ class SAMLPropertyMapping(PropertyMapping):
|
||||||
|
|
||||||
saml_name = models.TextField(verbose_name="SAML Name")
|
saml_name = models.TextField(verbose_name="SAML Name")
|
||||||
friendly_name = models.TextField(default=None, blank=True, null=True)
|
friendly_name = models.TextField(default=None, blank=True, null=True)
|
||||||
values = ArrayField(
|
|
||||||
models.TextField(),
|
|
||||||
help_text=_(
|
|
||||||
(
|
|
||||||
"This string can contain string substitutions delimited by {}."
|
|
||||||
" The following Variables are available: user, request"
|
|
||||||
)
|
|
||||||
),
|
|
||||||
)
|
|
||||||
|
|
||||||
form = "passbook.providers.saml.forms.SAMLPropertyMappingForm"
|
form = "passbook.providers.saml.forms.SAMLPropertyMappingForm"
|
||||||
|
|
||||||
|
|
|
@ -98,17 +98,19 @@ class Processor:
|
||||||
|
|
||||||
for mapping in self._remote.property_mappings.all().select_subclasses():
|
for mapping in self._remote.property_mappings.all().select_subclasses():
|
||||||
if isinstance(mapping, SAMLPropertyMapping):
|
if isinstance(mapping, SAMLPropertyMapping):
|
||||||
|
value = mapping.render(
|
||||||
|
user=self._http_request.user,
|
||||||
|
request=self._http_request,
|
||||||
|
provider=self._remote,
|
||||||
|
)
|
||||||
mapping_payload = {
|
mapping_payload = {
|
||||||
"Name": mapping.saml_name,
|
"Name": mapping.saml_name,
|
||||||
"ValueArray": [],
|
|
||||||
"FriendlyName": mapping.friendly_name,
|
"FriendlyName": mapping.friendly_name,
|
||||||
}
|
}
|
||||||
for value in mapping.values:
|
if isinstance(value, list):
|
||||||
mapping_payload["ValueArray"].append(
|
mapping_payload["ValueArray"] = value
|
||||||
value.format(
|
else:
|
||||||
user=self._http_request.user, request=self._http_request
|
mapping_payload["Value"] = value
|
||||||
)
|
|
||||||
)
|
|
||||||
attributes.append(mapping_payload)
|
attributes.append(mapping_payload)
|
||||||
self._assertion_params["ATTRIBUTES"] = attributes
|
self._assertion_params["ATTRIBUTES"] = attributes
|
||||||
self._assertion_xml = get_assertion_xml(
|
self._assertion_xml = get_assertion_xml(
|
||||||
|
|
Reference in a new issue