trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more cleanup, remove supervisr imports

This commit is contained in:
Jens Langhammer 2018-11-16 10:08:15 +01:00
parent fbaab4efaf
commit a2904d3ade
42 changed files with 130 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
passbook/core/requirements.txt
View File

@ -4,4 +4,5 @@ PyYAML
raven
djangorestframework
markdown
django-model-utils
django-model-utils
colorlog

2
passbook/core/settings.py
View File

@ -60,6 +60,8 @@ INSTALLED_APPS = [
'passbook.ldap',
'passbook.oauth_client',
'passbook.oauth_provider',
'passbook.saml_idp',
'passbook.tfa',
]
REST_FRAMEWORK = {

1
passbook/core/templates/login/base.html
View File

@ -20,7 +20,6 @@
{% block card %}
{% endblock %}
</div><!-- card -->
<footer class="login-pf-page-footer">
<ul class="login-pf-page-footer-links list-unstyled">
<li><a class="login-pf-page-footer-link" href="#">Terms of Use</a></li>

6
passbook/ldap/settings.py
View File

@ -1,7 +1,5 @@
"""
LDAP Settings
"""
"""LDAP Settings"""
AUTHENTICATION_BACKENDS = [
'supervisr.mod.auth.ldap.auth.LDAPBackend',
'passbook.ldap.auth.LDAPBackend',
]

2
passbook/ldap/templates/ldap/settings.html
View File

@ -1,7 +1,7 @@
{% extends "_admin/module_default.html" %}
{% load i18n %}
{% load supervisr_utils %}
{% load utils %}
{% block title %}
{% title "Settings" %}

2
passbook/lib/config.py
View File

@ -1,4 +1,4 @@
"""supervisr core config loader"""
"""passbook lib config loader"""
import os
from collections import Mapping
from contextlib import contextmanager

19
passbook/lib/default.yml
View File

@ -7,7 +7,7 @@ log:
level:
console: DEBUG
file: DEBUG
file: /dev/null
file: NUL
syslog:
host: 127.0.0.1
port: 514
@ -48,7 +48,7 @@ passbook:
# Override URL used for Background on Login page
bg_url: null
# Optionally add a subtext, placed below logo on the login page
subtext: This is placeholder text, only. Use this area to place any information or introductory message about your application that may be relevant for users.
subtext: null
footer:
links:
# Optionally add links to the footer on the login page
@ -87,7 +87,7 @@ ldap:
reset_password: true
oauth_client:
# List of python packages with sources types to load.
source_tyoes:
types:
- passbook.oauth_client.source_types.discord
- passbook.oauth_client.source_types.facebook
- passbook.oauth_client.source_types.github
@ -95,3 +95,16 @@ oauth_client:
- passbook.oauth_client.source_types.reddit
- passbook.oauth_client.source_types.supervisr
- passbook.oauth_client.source_types.twitter
saml_idp:
signing: true
autosubmit: false
issuer: passbook
assertion_valid_for: 86400
# List of python packages with provider types to load.
types:
- passbook.saml_idp.processors.generic
- passbook.saml_idp.processors.gitlab
- passbook.saml_idp.processors.nextcloud
- passbook.saml_idp.processors.salesforce
- passbook.saml_idp.processors.shibboleth
- passbook.saml_idp.processors.wordpress_orange

2
passbook/lib/templatetags/reflection.py
View File

@ -1,4 +1,4 @@
"""Supervisr Core Reflection templatetags Templatetag"""
"""passbook Core Reflection templatetags Templatetag"""
from logging import getLogger
from django import template

7
passbook/lib/templatetags/utils.py
View File

@ -12,6 +12,7 @@ from django.template.loaders.app_directories import get_app_template_dirs
from django.urls import reverse
from django.utils.translation import ugettext as _
from passbook.lib.config import CONFIG
from passbook.lib.utils.reflection import path_to_class
from passbook.lib.utils.urls import is_url_absolute
@ -75,7 +76,7 @@ def pick(cont, arg, fallback=''):
@register.simple_tag(takes_context=True)
def title(context, *title):
"""Return either just branding or title - branding"""
branding = Setting.get('branding', default='supervisr')
branding = Setting.get('branding', default='passbook')
if not title:
return branding
# Include App Title in title
@ -97,9 +98,9 @@ def title(context, *title):
@register.simple_tag
def supervisr_setting(key, namespace='supervisr.core', default=''):
def config(path, default=''):
"""Get a setting from the database. Returns default is setting doesn't exist."""
return Setting.get(key=key, namespace=namespace, default=default)
return CONFIG.y(path, default)
@register.simple_tag()

14
passbook/lib/utils/template.py Normal file
View File

@ -0,0 +1,14 @@
"""passbook lib template utilities"""
from django.template import Context, Template, loader
def render_from_string(template: str, ctx: Context) -> str:
"""Render template from string to string"""
template = Template(template)
return template.render(ctx)
def render_to_string(template_path: str, ctx: Context) -> str:
"""Render a template to string"""
template = loader.get_template(template_path)
return template.render(ctx)

2
passbook/oauth_client/apps.py
View File

@ -17,7 +17,7 @@ class PassbookOAuthClientConfig(AppConfig):
def ready(self):
"""Load source_types from config file"""
source_types_to_load = CONFIG.y('oauth_client.source_tyoes')
source_types_to_load = CONFIG.y('oauth_client.types', [])
for source_type in source_types_to_load:
try:
import_module(source_type)

12
passbook/oauth_client/errors.py
View File

@ -1,17 +1,11 @@
"""
Supervisr Mod Oauth Client Errors
"""
"""passbook oauth_client Errors"""
class OAuthClientError(Exception):
"""
Base error for all OAuth Client errors
"""
"""Base error for all OAuth Client errors"""
pass
class OAuthClientEmailMissingError(OAuthClientError):
"""
Error which is raised when user is missing email address from profile
"""
"""Error which is raised when user is missing email address from profile"""
pass

2
passbook/oauth_client/templates/account/dyn_extra/10_pre.html
View File

@ -1,4 +1,4 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% any_provider as enabled %}
{% if enabled %}

4
passbook/oauth_client/templates/account/dyn_extra/11_facebook.html
View File

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% provider_exists 'facebook' as facebook_enabled %}
{% if facebook_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a>
{% endif %}

4
passbook/oauth_client/templates/account/dyn_extra/12_twitter.html
View File

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% provider_exists 'twitter' as twitter_enabled %}
{% if twitter_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a>
{% endif %}

4
passbook/oauth_client/templates/account/dyn_extra/13_google.html
View File

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% load static %}
{% provider_exists 'google' as google_enabled %}
{% if google_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a>
{% endif %}

4
passbook/oauth_client/templates/account/dyn_extra/15_github.html
View File

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% provider_exists 'github' as github_enabled %}
{% if github_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a>
{% endif %}

4
passbook/oauth_client/templates/account/dyn_extra/16_discord.html
View File

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% load static %}
{% provider_exists 'discord' as discord_enabled %}
{% if discord_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a>
{% endif %}

4
passbook/oauth_client/templates/account/dyn_extra/17_reddit.html
View File

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% load static %}
{% provider_exists 'reddit' as reddit_enabled %}
{% if reddit_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a>
{% endif %}

2
passbook/oauth_client/templates/account/dyn_extra/19_post.html
View File

@ -1,4 +1,4 @@
{% load supervisr_oauth_client %}
{% load passbook_oauth_client %}
{% any_provider as enabled %}
{% if enabled %}

6
passbook/oauth_client/templates/mod/auth/oauth/client/settings.html
View File

@ -1,6 +1,6 @@
{% extends "user/base.html" %}
{% load supervisr_utils %}
{% load utils %}
{% load i18n %}
{% block title %}
@ -34,9 +34,9 @@
<td>{{ data.state|yesno:"Connected,Not Connected" }}</td>
<td>
{% if data.state == False %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a>
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a>
{% else %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a>
<a href="{% url 'passbook_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a>
{% endif %}
</td>
<td>{{ data.aas.first.identifier }}</td>

33
passbook/oauth_client/urls.py
View File

@ -6,40 +6,7 @@ from passbook.oauth_client.source_types.manager import RequestKind
# from passbook.oauth_client.views import core, settings
from passbook.oauth_client.views import dispatcher
# from passbook.oauth_client.views.providers import (discord, facebook, github,
# google, reddit, supervisr,
# twitter)
urlpatterns = [
# # Supervisr
# url(r'^callback/(?P<provider>supervisr)/$',
# supervisr.SupervisrOAuthCallback.as_view(), name='oauth-client-callback'),
# # Twitter
# url(r'^callback/(?P<provider>twitter)/$',
# twitter.TwitterOAuthCallback.as_view(), name='oauth-client-callback'),
# # GitHub
# url(r'^callback/(?P<provider>github)/$',
# github.GitHubOAuth2Callback.as_view(), name='oauth-client-callback'),
# # Facebook
# url(r'^callback/(?P<provider>facebook)/$',
# facebook.FacebookOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>facebook)/$',
# facebook.FacebookOAuthRedirect.as_view(), name='oauth-client-login'),
# # Discord
# url(r'^callback/(?P<provider>discord)/$',
# discord.DiscordOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>discord)/$',
# discord.DiscordOAuthRedirect.as_view(), name='oauth-client-login'),
# # Reddit
# url(r'^callback/(?P<provider>reddit)/$',
# reddit.RedditOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>reddit)/$',
# reddit.RedditOAuthRedirect.as_view(), name='oauth-client-login'),
# # Google
# url(r'^callback/(?P<provider>google)/$',
# google.GoogleOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>google)/$',
# google.GoogleOAuthRedirect.as_view(), name='oauth-client-login'),
path('login/<slug:source_slug>/', dispatcher.DispatcherView.as_view(
kind=RequestKind.redirect), name='oauth-client-login'),
path('callback/<slug:source_slug>/', dispatcher.DispatcherView.as_view(

17
passbook/saml_idp/apps.py
View File

@ -1,7 +1,12 @@
"""passbook mod saml_idp app config"""
from importlib import import_module
from logging import getLogger
from django.apps.config import AppConfig
from django.apps import AppConfig
from passbook.lib.config import CONFIG
LOGGER = getLogger(__name__)
class PassbookSAMLIDPConfig(AppConfig):
"""passbook saml_idp app config"""
@ -9,3 +14,13 @@ class PassbookSAMLIDPConfig(AppConfig):
name = 'passbook.saml_idp'
label = 'passbook_saml_idp'
verbose_name = 'passbook SAML IDP'
def ready(self):
"""Load source_types from config file"""
source_types_to_load = CONFIG.y('saml_idp.types', [])
for source_type in source_types_to_load:
try:
import_module(source_type)
LOGGER.info("Loaded %s", source_type)
except ImportError as exc:
LOGGER.debug(exc)

12
passbook/saml_idp/base.py
View File

@ -6,7 +6,7 @@ from logging import getLogger
from bs4 import BeautifulSoup
# from passbook.core.models import Setting
from passbook.lib.config import CONFIG
from passbook.saml_idp import codex, exceptions, xml_render
MINUTES = 60
@ -53,7 +53,7 @@ class Processor:
_subject = None
_subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
_system_params = {
'ISSUER': Setting.get('issuer'),
'ISSUER': CONFIG.y('saml_idp.issuer'),
}
@property
@ -84,7 +84,7 @@ class Processor:
'AUTH_INSTANT': get_time_string(),
'ISSUE_INSTANT': get_time_string(),
'NOT_BEFORE': get_time_string(-1 * HOURS), # TODO: Make these settings.
'NOT_ON_OR_AFTER': get_time_string(int(Setting.get('assertion_valid_for')) * MINUTES),
'NOT_ON_OR_AFTER': get_time_string(int(CONFIG.y('saml_idp.assertion_valid_for')) * MINUTES),
'SESSION_INDEX': self._session_index,
'SESSION_NOT_ON_OR_AFTER': get_time_string(8 * HOURS),
'SP_NAME_QUALIFIER': self._audience,
@ -175,7 +175,7 @@ class Processor:
def _format_response(self):
"""Formats _response_params as _response_xml."""
sign_it = Setting.get_bool('signing')
sign_it = CONFIG.y('saml_idp.signing', True)
assertion_id = self._assertion_params['ASSERTION_ID']
self._response_xml = xml_render.get_response_xml(self._response_params,
signed=sign_it,
@ -187,7 +187,7 @@ class Processor:
'acs_url': self._request_params['ACS_URL'],
'saml_response': self._saml_response,
'relay_state': self._relay_state,
'autosubmit': Setting.get('autosubmit'),
'autosubmit': CONFIG.y('saml_idp.autosubmit', False),
}
def _parse_request(self):
@ -228,7 +228,7 @@ class Processor:
self._subject = sp_config
self._subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
self._system_params = {
'ISSUER': Setting.get('issuer'),
'ISSUER': CONFIG.y('saml_idp.issuer'),
}
def _validate_request(self):

32
passbook/saml_idp/processors/demo.py
View File

@ -1,32 +0,0 @@
"""
Demo Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml
class DemoProcessor(Processor):
"""
Demo Response Handler Processor for testing against django-saml2-sp.
"""
def _format_assertion(self):
# NOTE: This uses the SalesForce assertion for the demo.
self._assertion_xml = get_assertion_xml(
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)
class DemoAttributeProcessor(Processor):
"""
Demo Response Handler Processor for testing against django-saml2-sp;
Adds SAML attributes to the assertion.
"""
def _format_assertion(self):
# NOTE: This uses the SalesForce assertion for the demo.
self._assertion_params['ATTRIBUTES'] = {
'foo': 'bar',
}
self._assertion_xml = get_assertion_xml(
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)

10
passbook/saml_idp/processors/generic.py
View File

@ -1,12 +1,8 @@
"""
Generic Processor
"""
"""Generic Processor"""
from supervisr.mod.auth.saml.idp.base import Processor
from passbook.saml_idp.base import Processor
class GenericProcessor(Processor):
"""
Generic Response Handler Processor for testing against django-saml2-sp.
"""
"""Generic Response Handler Processor for testing against django-saml2-sp."""
pass

10
passbook/saml_idp/processors/gitlab.py
View File

@ -1,14 +1,10 @@
"""
GitLab Processor
"""
"""GitLab Processor"""
from supervisr.mod.auth.saml.idp.base import Processor
from passbook.saml_idp.base import Processor
class GitLabProcessor(Processor):
"""
GitLab Response Handler Processor for testing against django-saml2-sp.
"""
"""GitLab Response Handler Processor for testing against django-saml2-sp."""
def _determine_audience(self):
# Nextcloud expects an audience in this format

10
passbook/saml_idp/processors/nextcloud.py
View File

@ -1,13 +1,9 @@
"""
NextCloud Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor
"""NextCloud Processor"""
from passbook.saml_idp.base import Processor
class NextCloudProcessor(Processor):
"""
Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor.
"""
"""Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor."""
def _determine_audience(self):
# Nextcloud expects an audience in this format

12
passbook/saml_idp/processors/salesforce.py
View File

@ -1,15 +1,11 @@
"""
Salesforce Processor
"""
"""Salesforce Processor"""
from supervisr.mod.auth.saml.idp.base import Processor
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml
from passbook.saml_idp.base import Processor
from passbook.saml_idp.xml_render import get_assertion_xml
class SalesForceProcessor(Processor):
"""
SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor.
"""
"""SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor."""
def _determine_audience(self):
self._audience = 'IAMShowcase'

14
passbook/saml_idp/processors/shib.py → passbook/saml_idp/processors/shibboleth.py
View File

@ -1,17 +1,11 @@
"""
Shib Processor
"""
"""Shibboleth Processor"""
from supervisr.mod.auth.saml.idp.base import Processor
class ShibProcessor(Processor):
"""
Shib-specific Processor
"""
class ShibbolethProcessor(Processor):
"""Shibboleth-specific Processor"""
def _determine_audience(self):
"""
Determines the _audience.
"""
"""Determines the _audience."""
self._audience = "https://sp.testshib.org/shibboleth-sp"

10
passbook/saml_idp/processors/wordpress_orange.py
View File

@ -1,14 +1,10 @@
"""
WordpressOrange Processor
"""
"""WordpressOrange Processor"""
from supervisr.mod.auth.saml.idp.base import Processor
from passbook.saml_idp.base import Processor
class WordpressOrangeProcessor(Processor):
"""
WordpressOrange Response Handler Processor for testing against django-saml2-sp.
"""
"""WordpressOrange Response Handler Processor for testing against django-saml2-sp."""
def _determine_audience(self):
# Orange expects an audience in this format

57
passbook/saml_idp/settings.py
View File

@ -1,57 +0,0 @@
"""SAML2 IDP Default settings"""
SAML2IDP_CONFIG = {
# Default metadata to configure this local IdP.
'autosubmit': True,
'certificate_data': """-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAMyu7G6V0HCtMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
ZmF1bHQwIBcNMTcwNjMwMTQzNjU2WhgPNDAxNjAzMDIxNDM2NTZaMGwxCzAJBgNV
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
ZmF1bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh+wp/kf2mSJd9
s562gH6NUAZEFpMqeicKJLLrbt0qmovEej6HIKNTTrnQUyaq5L5u6FBALwrURpx7
NztzwcNehfmKdl0n1AsHWaWuuaRSPwxv9F/YCEeq15KLC686DN0lG2MDaeFxF1xe
23FnZUQ06/G7lSGO4tZUEvEFaYX48M1txydmeLxJHyQPfsADK9ozK6h9+daDD/uJ
OSrN4kgh19hMIDg1BPJ0JldK3ohjgFNhQ+KZ9CvgfU9kVzHZ6ZbsKyG20HFCTu8D
lV5QFi+CcTj9BgkXNE1pVc15P6Ef97dg3DYgLIZNBK8gWweQzMvtAJeqd9Oj9dGY
PzONsHY5AgMBAAGjUDBOMB0GA1UdDgQWBBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAf
BgNVHSMEGDAWgBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBaITBSa75Y1dlDdvIp7/NgidRYgOx6xrVC5eYqf0X7
GNBidh3PSqBeiuK9ARtzmoWKS/G5Ufr6dvS7SglcEIqhba33iIaRtB5P14yYb8j1
lXKTy/plv+Z2DXeqcCVlFJqc9wSZx2Shkump5ctvkPIV5qW29fQA3IeM+bdNgqVr
8mEagDJEnFIpbCkkKTFNIrWR8f72SXzc0jxPi89oFlMvINc+ogaFSxwbyPMIMoaI
IPMtp3THfTObYBoLNeeWMug/ynKMcUNs4pzh97RNacAxMYSb/3rbblrnq0CYDcmG
RHlwc9dbwx1rVaCt+dYznAoD8rvZw8iCaS2m4b75uzsn
-----END CERTIFICATE-----""",
'private_key_data': """-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4fsKf5H9pkiXfbOetoB+jVAGRBaTKnonCiSy627dKpqLxHo+
hyCjU0650FMmquS+buhQQC8K1Eacezc7c8HDXoX5inZdJ9QLB1mlrrmkUj8Mb/Rf
2AhHqteSiwuvOgzdJRtjA2nhcRdcXttxZ2VENOvxu5UhjuLWVBLxBWmF+PDNbccn
Zni8SR8kD37AAyvaMyuoffnWgw/7iTkqzeJIIdfYTCA4NQTydCZXSt6IY4BTYUPi
mfQr4H1PZFcx2emW7CshttBxQk7vA5VeUBYvgnE4/QYJFzRNaVXNeT+hH/e3YNw2
ICyGTQSvIFsHkMzL7QCXqnfTo/XRmD8zjbB2OQIDAQABAoIBAQDUZ8JWZkKkKVc7
L7nekKhi6vT4yr9JDcfkINqLsIjxopH8+2oKWQMrKrQ8u+t8dcUJOhM0QQNMw5IR
vriC9X1NO2ByZQ7qgMRdBEZXFOb+54QpNulfhWjXjAiR6Umqpqy2VCec7ciZI/wO
rPTK2sRheeSdDG+eflg2bhddnvHuKaSD0N27guhRYDg8e0NpqohuWHftzC0Z3OqQ
2nTVYSNFev8V0cNN8ESK+r/S1MG0BlxuhPzdp3SolGdYvAQNp4RizZslnnYuBmMf
SMoZY689v/v622xrQ0pHiPU72lgcSXRzlFD6p4+ecxHvhtZiPVEIUtCLXdmaOs1b
6mlKZs6BAoGBAPjPdLVe9gSUB9s91RIpY7JsPyjABzH0WgLFAMat2VlZQM0b1o2y
U65kd8HY/xxzDRxzsTuE+7fusipk5zlwfmyPhxEbwHyjT6xFUneBiHamKOR5F6Xk
2HdOc4swMXitAFsHDl85ys+ovHV50nb6TilEW2vAIj7J178NdMGRbE2LAoGBAOiC
tHNOyfuUVzYU34oOhQ4B1VVLB60LJSFnPdHoFss/nt73kLWuw0Z5iuX6f3PhybiA
6qSLT53EzmcrtUUa6H9MNW2d4bGLMkGn3rku6XKBH4d4h7D3YVUQCCx0nDz30FNz
90/9J0oZbrksnUlE5EpU+vpRmvriz1AFTljDrgvLAoGBAPiLbD990+5w3YRCOSWC
WQg0H8eaQ9XADWZ02zidE+CwSw5Zf7Nebz9nN0ZaeUU3HOLOIz6cskNj23CECYMU
gAX8PmV1vowDK6SgPygIKoSzqWfKGzhp6V8M7FkfVFwDHbbQzqeLeLCGE3SatAaM
NiX9FgIGFW95e95rF7YBihnPAoGAAx8+LQ4xyB8FzMQa/E+VmcqMgsivIbO0m+42
9kqXg8Mm7veECex+0sNvCgeDDptJiiCxBeSY/RVXcCs2E+d4l7z+OqqUDT5BPoBy
jSoEGHWDZt5HdCjeNbYxZedq8aaiNXypJXnQvT36LqJaulEif50Egbf2zMee4QQx
OR/nhmECgYEAwc7/woIMJFOSfo3IgsYU8a7KKQ0w2JSvXMND9IkMjo/Oc8mT08Z1
hMv77bCX4zZr162Wg02BgA5rKPHu56ofjOBeQvabfmzB0d+H/mxv/V7PC50QBqLd
zcepulF4OHOf+b2vKPmgN/HoQQyISw6l7SwuOH0gQI+SOxyBNuIIqN0=
-----END RSA PRIVATE KEY-----""",
'issuer': 'http://localhost:8000',
'signing': True,
}

6
passbook/saml_idp/templates/saml/idp/login.html
View File

@ -1,6 +1,6 @@
{% extends "core/skel.html" %}
{% load supervisr_utils %}
{% load utils %}
{% load i18n %}
{% block title %}
@ -15,8 +15,8 @@
<input type="hidden" name="RelayState" value="{{ relay_state }}" />
<input type="hidden" name="SAMLResponse" value="{{ saml_response }}" />
<label class="title">
<clr-icon shape="supervisr" class="is-info" size="48"></clr-icon>
{% supervisr_setting 'branding' %}
<clr-icon shape="passbook" class="is-info" size="48"></clr-icon>
{% config 'passbook.branding' %}
</label>
<label class="subtitle">
{% trans 'SSO - Authorize External Source' %}

4
passbook/saml_idp/templates/saml/idp/settings.html
View File

@ -1,7 +1,7 @@
{% extends "_admin/module_default.html" %}
{% load i18n %}
{% load supervisr_utils %}
{% load utils %}
{% block title %}
{% title "Overview" %}
@ -39,7 +39,7 @@
</section>
</div>
<div class="card-footer">
<a href="{% url 'supervisr_mod_auth_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a>
<a href="{% url 'passbook_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a>
</div>
</div>
</div>

2
passbook/saml_idp/urls.py
View File

@ -1,4 +1,4 @@
"""Supervisr SAML IDP URLs"""
"""passbook SAML IDP URLs"""
from django.conf.urls import url
from passbook.saml_idp import views

2
passbook/saml_idp/xml_render.py
View File

@ -2,7 +2,7 @@
from logging import getLogger
from passbook.lib.utils import render_to_string
from passbook.lib.utils.template import render_to_string
from passbook.saml_idp.xml_signing import (get_signature_xml, load_certificate,
load_private_key, sign_with_signxml)

8
passbook/saml_idp/xml_signing.py
View File

@ -7,15 +7,15 @@ from defusedxml import ElementTree
from signxml import XMLSigner
from signxml.util import strip_pem_header
from passbook.core.models import Setting
from passbook.lib.utils import render_to_string
from passbook.lib.config import CONFIG
from passbook.lib.utils.template import render_to_string
LOGGER = getLogger(__name__)
def load_certificate(strip=False):
"""Get Public key from config"""
cert = Setting.get('certificate')
cert = CONFIG.y('saml_idp.certificate', '')
if strip:
return strip_pem_header(cert.replace('\r', '')).replace('\n', '')
return cert
@ -23,7 +23,7 @@ def load_certificate(strip=False):
def load_private_key():
"""Get Private Key from config"""
return Setting.get('private_key')
return CONFIG.y('saml_idp.key', '')
def sign_with_signxml(private_key, data, cert, reference_uri=None):

2
passbook/tfa/forms.py
View File

@ -1,4 +1,4 @@
"""Supervisr 2FA Forms"""
"""passbook 2FA Forms"""
from django import forms
from django.core.validators import RegexValidator

6
passbook/tfa/templates/tfa/user_settings.html
View File

@ -1,6 +1,6 @@
{% extends "user/base.html" %}
{% load supervisr_utils %}
{% load utils %}
{% load i18n %}
{% load hostname %}
{% load setting %}
@ -31,9 +31,9 @@
</p>
<p>
{% if not state %}
<a href="{% url 'supervisr_mod_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a>
<a href="{% url 'passbook_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a>
{% else %}
<a href="{% url 'supervisr_mod_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a>
<a href="{% url 'passbook_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a>
{% endif %}
</p>
</div>

2
passbook/tfa/templates/tfa/wizard_setup_static.html
View File

@ -1,6 +1,6 @@
{% extends "generic/wizard.html" %}
{% load supervisr_utils %}
{% load utils %}
{% block title %}
{% title "Setup" %}

16
passbook/tfa/tests/test_middleware.py
View File

@ -1,6 +1,4 @@
"""
Supervisr Mod 2FA Middleware Test
"""
"""passbook Mod 2FA Middleware Test"""
import os
@ -8,23 +6,19 @@ from django.contrib.auth.models import AnonymousUser
from django.test import RequestFactory, TestCase
from django.urls import reverse
from supervisr.core.views import common
from supervisr.mod.tfa.middleware import tfa_force_verify
from passbook.core.views import common
from passbook.tfa.middleware import tfa_force_verify
class TestMiddleware(TestCase):
"""
Supervisr 2FA Middleware Test
"""
"""passbook 2FA Middleware Test"""
def setUp(self):
os.environ['RECAPTCHA_TESTING'] = 'True'
self.factory = RequestFactory()
def test_tfa_force_verify_anon(self):
"""
Test Anonymous TFA Force
"""
"""Test Anonymous TFA Force"""
request = self.factory.get(reverse('common-index'))
request.user = AnonymousUser()
response = tfa_force_verify(common.IndexView.as_view())(request)

4
requirements-dev.txt
View File

@ -1,4 +1,6 @@
pylint
pylint-django
isort
autopep8
django-debug-toolbar
django-debug-toolbar
-r requirements.txt