more cleanup, remove supervisr imports

This commit is contained in:
Jens Langhammer 2018-11-16 10:08:15 +01:00
parent fbaab4efaf
commit a2904d3ade
42 changed files with 130 additions and 245 deletions

View file

@ -5,3 +5,4 @@ raven
djangorestframework djangorestframework
markdown markdown
django-model-utils django-model-utils
colorlog

View file

@ -60,6 +60,8 @@ INSTALLED_APPS = [
'passbook.ldap', 'passbook.ldap',
'passbook.oauth_client', 'passbook.oauth_client',
'passbook.oauth_provider', 'passbook.oauth_provider',
'passbook.saml_idp',
'passbook.tfa',
] ]
REST_FRAMEWORK = { REST_FRAMEWORK = {

View file

@ -20,7 +20,6 @@
{% block card %} {% block card %}
{% endblock %} {% endblock %}
</div><!-- card --> </div><!-- card -->
<footer class="login-pf-page-footer"> <footer class="login-pf-page-footer">
<ul class="login-pf-page-footer-links list-unstyled"> <ul class="login-pf-page-footer-links list-unstyled">
<li><a class="login-pf-page-footer-link" href="#">Terms of Use</a></li> <li><a class="login-pf-page-footer-link" href="#">Terms of Use</a></li>

View file

@ -1,7 +1,5 @@
""" """LDAP Settings"""
LDAP Settings
"""
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
'supervisr.mod.auth.ldap.auth.LDAPBackend', 'passbook.ldap.auth.LDAPBackend',
] ]

View file

@ -1,7 +1,7 @@
{% extends "_admin/module_default.html" %} {% extends "_admin/module_default.html" %}
{% load i18n %} {% load i18n %}
{% load supervisr_utils %} {% load utils %}
{% block title %} {% block title %}
{% title "Settings" %} {% title "Settings" %}

View file

@ -1,4 +1,4 @@
"""supervisr core config loader""" """passbook lib config loader"""
import os import os
from collections import Mapping from collections import Mapping
from contextlib import contextmanager from contextlib import contextmanager

View file

@ -7,7 +7,7 @@ log:
level: level:
console: DEBUG console: DEBUG
file: DEBUG file: DEBUG
file: /dev/null file: NUL
syslog: syslog:
host: 127.0.0.1 host: 127.0.0.1
port: 514 port: 514
@ -48,7 +48,7 @@ passbook:
# Override URL used for Background on Login page # Override URL used for Background on Login page
bg_url: null bg_url: null
# Optionally add a subtext, placed below logo on the login page # Optionally add a subtext, placed below logo on the login page
subtext: This is placeholder text, only. Use this area to place any information or introductory message about your application that may be relevant for users. subtext: null
footer: footer:
links: links:
# Optionally add links to the footer on the login page # Optionally add links to the footer on the login page
@ -87,7 +87,7 @@ ldap:
reset_password: true reset_password: true
oauth_client: oauth_client:
# List of python packages with sources types to load. # List of python packages with sources types to load.
source_tyoes: types:
- passbook.oauth_client.source_types.discord - passbook.oauth_client.source_types.discord
- passbook.oauth_client.source_types.facebook - passbook.oauth_client.source_types.facebook
- passbook.oauth_client.source_types.github - passbook.oauth_client.source_types.github
@ -95,3 +95,16 @@ oauth_client:
- passbook.oauth_client.source_types.reddit - passbook.oauth_client.source_types.reddit
- passbook.oauth_client.source_types.supervisr - passbook.oauth_client.source_types.supervisr
- passbook.oauth_client.source_types.twitter - passbook.oauth_client.source_types.twitter
saml_idp:
signing: true
autosubmit: false
issuer: passbook
assertion_valid_for: 86400
# List of python packages with provider types to load.
types:
- passbook.saml_idp.processors.generic
- passbook.saml_idp.processors.gitlab
- passbook.saml_idp.processors.nextcloud
- passbook.saml_idp.processors.salesforce
- passbook.saml_idp.processors.shibboleth
- passbook.saml_idp.processors.wordpress_orange

View file

@ -1,4 +1,4 @@
"""Supervisr Core Reflection templatetags Templatetag""" """passbook Core Reflection templatetags Templatetag"""
from logging import getLogger from logging import getLogger
from django import template from django import template

View file

@ -12,6 +12,7 @@ from django.template.loaders.app_directories import get_app_template_dirs
from django.urls import reverse from django.urls import reverse
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from passbook.lib.config import CONFIG
from passbook.lib.utils.reflection import path_to_class from passbook.lib.utils.reflection import path_to_class
from passbook.lib.utils.urls import is_url_absolute from passbook.lib.utils.urls import is_url_absolute
@ -75,7 +76,7 @@ def pick(cont, arg, fallback=''):
@register.simple_tag(takes_context=True) @register.simple_tag(takes_context=True)
def title(context, *title): def title(context, *title):
"""Return either just branding or title - branding""" """Return either just branding or title - branding"""
branding = Setting.get('branding', default='supervisr') branding = Setting.get('branding', default='passbook')
if not title: if not title:
return branding return branding
# Include App Title in title # Include App Title in title
@ -97,9 +98,9 @@ def title(context, *title):
@register.simple_tag @register.simple_tag
def supervisr_setting(key, namespace='supervisr.core', default=''): def config(path, default=''):
"""Get a setting from the database. Returns default is setting doesn't exist.""" """Get a setting from the database. Returns default is setting doesn't exist."""
return Setting.get(key=key, namespace=namespace, default=default) return CONFIG.y(path, default)
@register.simple_tag() @register.simple_tag()

View file

@ -0,0 +1,14 @@
"""passbook lib template utilities"""
from django.template import Context, Template, loader
def render_from_string(template: str, ctx: Context) -> str:
"""Render template from string to string"""
template = Template(template)
return template.render(ctx)
def render_to_string(template_path: str, ctx: Context) -> str:
"""Render a template to string"""
template = loader.get_template(template_path)
return template.render(ctx)

View file

@ -17,7 +17,7 @@ class PassbookOAuthClientConfig(AppConfig):
def ready(self): def ready(self):
"""Load source_types from config file""" """Load source_types from config file"""
source_types_to_load = CONFIG.y('oauth_client.source_tyoes') source_types_to_load = CONFIG.y('oauth_client.types', [])
for source_type in source_types_to_load: for source_type in source_types_to_load:
try: try:
import_module(source_type) import_module(source_type)

View file

@ -1,17 +1,11 @@
""" """passbook oauth_client Errors"""
Supervisr Mod Oauth Client Errors
"""
class OAuthClientError(Exception): class OAuthClientError(Exception):
""" """Base error for all OAuth Client errors"""
Base error for all OAuth Client errors
"""
pass pass
class OAuthClientEmailMissingError(OAuthClientError): class OAuthClientEmailMissingError(OAuthClientError):
""" """Error which is raised when user is missing email address from profile"""
Error which is raised when user is missing email address from profile
"""
pass pass

View file

@ -1,4 +1,4 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% any_provider as enabled %} {% any_provider as enabled %}
{% if enabled %} {% if enabled %}

View file

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% provider_exists 'facebook' as facebook_enabled %} {% provider_exists 'facebook' as facebook_enabled %}
{% if facebook_enabled %} {% if facebook_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a>
{% endif %} {% endif %}

View file

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% provider_exists 'twitter' as twitter_enabled %} {% provider_exists 'twitter' as twitter_enabled %}
{% if twitter_enabled %} {% if twitter_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a>
{% endif %} {% endif %}

View file

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% load static %} {% load static %}
{% provider_exists 'google' as google_enabled %} {% provider_exists 'google' as google_enabled %}
{% if google_enabled %} {% if google_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a>
{% endif %} {% endif %}

View file

@ -1,6 +1,6 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% provider_exists 'github' as github_enabled %} {% provider_exists 'github' as github_enabled %}
{% if github_enabled %} {% if github_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a>
{% endif %} {% endif %}

View file

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% load static %} {% load static %}
{% provider_exists 'discord' as discord_enabled %} {% provider_exists 'discord' as discord_enabled %}
{% if discord_enabled %} {% if discord_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a>
{% endif %} {% endif %}

View file

@ -1,7 +1,7 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% load static %} {% load static %}
{% provider_exists 'reddit' as reddit_enabled %} {% provider_exists 'reddit' as reddit_enabled %}
{% if reddit_enabled %} {% if reddit_enabled %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a>
{% endif %} {% endif %}

View file

@ -1,4 +1,4 @@
{% load supervisr_oauth_client %} {% load passbook_oauth_client %}
{% any_provider as enabled %} {% any_provider as enabled %}
{% if enabled %} {% if enabled %}

View file

@ -1,6 +1,6 @@
{% extends "user/base.html" %} {% extends "user/base.html" %}
{% load supervisr_utils %} {% load utils %}
{% load i18n %} {% load i18n %}
{% block title %} {% block title %}
@ -34,9 +34,9 @@
<td>{{ data.state|yesno:"Connected,Not Connected" }}</td> <td>{{ data.state|yesno:"Connected,Not Connected" }}</td>
<td> <td>
{% if data.state == False %} {% if data.state == False %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a> <a href="{% url 'passbook_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a>
{% else %} {% else %}
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a> <a href="{% url 'passbook_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a>
{% endif %} {% endif %}
</td> </td>
<td>{{ data.aas.first.identifier }}</td> <td>{{ data.aas.first.identifier }}</td>

View file

@ -6,40 +6,7 @@ from passbook.oauth_client.source_types.manager import RequestKind
# from passbook.oauth_client.views import core, settings # from passbook.oauth_client.views import core, settings
from passbook.oauth_client.views import dispatcher from passbook.oauth_client.views import dispatcher
# from passbook.oauth_client.views.providers import (discord, facebook, github,
# google, reddit, supervisr,
# twitter)
urlpatterns = [ urlpatterns = [
# # Supervisr
# url(r'^callback/(?P<provider>supervisr)/$',
# supervisr.SupervisrOAuthCallback.as_view(), name='oauth-client-callback'),
# # Twitter
# url(r'^callback/(?P<provider>twitter)/$',
# twitter.TwitterOAuthCallback.as_view(), name='oauth-client-callback'),
# # GitHub
# url(r'^callback/(?P<provider>github)/$',
# github.GitHubOAuth2Callback.as_view(), name='oauth-client-callback'),
# # Facebook
# url(r'^callback/(?P<provider>facebook)/$',
# facebook.FacebookOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>facebook)/$',
# facebook.FacebookOAuthRedirect.as_view(), name='oauth-client-login'),
# # Discord
# url(r'^callback/(?P<provider>discord)/$',
# discord.DiscordOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>discord)/$',
# discord.DiscordOAuthRedirect.as_view(), name='oauth-client-login'),
# # Reddit
# url(r'^callback/(?P<provider>reddit)/$',
# reddit.RedditOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>reddit)/$',
# reddit.RedditOAuthRedirect.as_view(), name='oauth-client-login'),
# # Google
# url(r'^callback/(?P<provider>google)/$',
# google.GoogleOAuth2Callback.as_view(), name='oauth-client-callback'),
# url(r'^login/(?P<provider>google)/$',
# google.GoogleOAuthRedirect.as_view(), name='oauth-client-login'),
path('login/<slug:source_slug>/', dispatcher.DispatcherView.as_view( path('login/<slug:source_slug>/', dispatcher.DispatcherView.as_view(
kind=RequestKind.redirect), name='oauth-client-login'), kind=RequestKind.redirect), name='oauth-client-login'),
path('callback/<slug:source_slug>/', dispatcher.DispatcherView.as_view( path('callback/<slug:source_slug>/', dispatcher.DispatcherView.as_view(

View file

@ -1,7 +1,12 @@
"""passbook mod saml_idp app config""" """passbook mod saml_idp app config"""
from importlib import import_module
from logging import getLogger
from django.apps.config import AppConfig from django.apps import AppConfig
from passbook.lib.config import CONFIG
LOGGER = getLogger(__name__)
class PassbookSAMLIDPConfig(AppConfig): class PassbookSAMLIDPConfig(AppConfig):
"""passbook saml_idp app config""" """passbook saml_idp app config"""
@ -9,3 +14,13 @@ class PassbookSAMLIDPConfig(AppConfig):
name = 'passbook.saml_idp' name = 'passbook.saml_idp'
label = 'passbook_saml_idp' label = 'passbook_saml_idp'
verbose_name = 'passbook SAML IDP' verbose_name = 'passbook SAML IDP'
def ready(self):
"""Load source_types from config file"""
source_types_to_load = CONFIG.y('saml_idp.types', [])
for source_type in source_types_to_load:
try:
import_module(source_type)
LOGGER.info("Loaded %s", source_type)
except ImportError as exc:
LOGGER.debug(exc)

View file

@ -6,7 +6,7 @@ from logging import getLogger
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
# from passbook.core.models import Setting from passbook.lib.config import CONFIG
from passbook.saml_idp import codex, exceptions, xml_render from passbook.saml_idp import codex, exceptions, xml_render
MINUTES = 60 MINUTES = 60
@ -53,7 +53,7 @@ class Processor:
_subject = None _subject = None
_subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email' _subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
_system_params = { _system_params = {
'ISSUER': Setting.get('issuer'), 'ISSUER': CONFIG.y('saml_idp.issuer'),
} }
@property @property
@ -84,7 +84,7 @@ class Processor:
'AUTH_INSTANT': get_time_string(), 'AUTH_INSTANT': get_time_string(),
'ISSUE_INSTANT': get_time_string(), 'ISSUE_INSTANT': get_time_string(),
'NOT_BEFORE': get_time_string(-1 * HOURS), # TODO: Make these settings. 'NOT_BEFORE': get_time_string(-1 * HOURS), # TODO: Make these settings.
'NOT_ON_OR_AFTER': get_time_string(int(Setting.get('assertion_valid_for')) * MINUTES), 'NOT_ON_OR_AFTER': get_time_string(int(CONFIG.y('saml_idp.assertion_valid_for')) * MINUTES),
'SESSION_INDEX': self._session_index, 'SESSION_INDEX': self._session_index,
'SESSION_NOT_ON_OR_AFTER': get_time_string(8 * HOURS), 'SESSION_NOT_ON_OR_AFTER': get_time_string(8 * HOURS),
'SP_NAME_QUALIFIER': self._audience, 'SP_NAME_QUALIFIER': self._audience,
@ -175,7 +175,7 @@ class Processor:
def _format_response(self): def _format_response(self):
"""Formats _response_params as _response_xml.""" """Formats _response_params as _response_xml."""
sign_it = Setting.get_bool('signing') sign_it = CONFIG.y('saml_idp.signing', True)
assertion_id = self._assertion_params['ASSERTION_ID'] assertion_id = self._assertion_params['ASSERTION_ID']
self._response_xml = xml_render.get_response_xml(self._response_params, self._response_xml = xml_render.get_response_xml(self._response_params,
signed=sign_it, signed=sign_it,
@ -187,7 +187,7 @@ class Processor:
'acs_url': self._request_params['ACS_URL'], 'acs_url': self._request_params['ACS_URL'],
'saml_response': self._saml_response, 'saml_response': self._saml_response,
'relay_state': self._relay_state, 'relay_state': self._relay_state,
'autosubmit': Setting.get('autosubmit'), 'autosubmit': CONFIG.y('saml_idp.autosubmit', False),
} }
def _parse_request(self): def _parse_request(self):
@ -228,7 +228,7 @@ class Processor:
self._subject = sp_config self._subject = sp_config
self._subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email' self._subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
self._system_params = { self._system_params = {
'ISSUER': Setting.get('issuer'), 'ISSUER': CONFIG.y('saml_idp.issuer'),
} }
def _validate_request(self): def _validate_request(self):

View file

@ -1,32 +0,0 @@
"""
Demo Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml
class DemoProcessor(Processor):
"""
Demo Response Handler Processor for testing against django-saml2-sp.
"""
def _format_assertion(self):
# NOTE: This uses the SalesForce assertion for the demo.
self._assertion_xml = get_assertion_xml(
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)
class DemoAttributeProcessor(Processor):
"""
Demo Response Handler Processor for testing against django-saml2-sp;
Adds SAML attributes to the assertion.
"""
def _format_assertion(self):
# NOTE: This uses the SalesForce assertion for the demo.
self._assertion_params['ATTRIBUTES'] = {
'foo': 'bar',
}
self._assertion_xml = get_assertion_xml(
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)

View file

@ -1,12 +1,8 @@
""" """Generic Processor"""
Generic Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor from passbook.saml_idp.base import Processor
class GenericProcessor(Processor): class GenericProcessor(Processor):
""" """Generic Response Handler Processor for testing against django-saml2-sp."""
Generic Response Handler Processor for testing against django-saml2-sp.
"""
pass pass

View file

@ -1,14 +1,10 @@
""" """GitLab Processor"""
GitLab Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor from passbook.saml_idp.base import Processor
class GitLabProcessor(Processor): class GitLabProcessor(Processor):
""" """GitLab Response Handler Processor for testing against django-saml2-sp."""
GitLab Response Handler Processor for testing against django-saml2-sp.
"""
def _determine_audience(self): def _determine_audience(self):
# Nextcloud expects an audience in this format # Nextcloud expects an audience in this format

View file

@ -1,13 +1,9 @@
""" """NextCloud Processor"""
NextCloud Processor from passbook.saml_idp.base import Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor
class NextCloudProcessor(Processor): class NextCloudProcessor(Processor):
""" """Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor."""
Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor.
"""
def _determine_audience(self): def _determine_audience(self):
# Nextcloud expects an audience in this format # Nextcloud expects an audience in this format

View file

@ -1,15 +1,11 @@
""" """Salesforce Processor"""
Salesforce Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor from passbook.saml_idp.base import Processor
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml from passbook.saml_idp.xml_render import get_assertion_xml
class SalesForceProcessor(Processor): class SalesForceProcessor(Processor):
""" """SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor."""
SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor.
"""
def _determine_audience(self): def _determine_audience(self):
self._audience = 'IAMShowcase' self._audience = 'IAMShowcase'

View file

@ -1,17 +1,11 @@
""" """Shibboleth Processor"""
Shib Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor from supervisr.mod.auth.saml.idp.base import Processor
class ShibProcessor(Processor): class ShibbolethProcessor(Processor):
""" """Shibboleth-specific Processor"""
Shib-specific Processor
"""
def _determine_audience(self): def _determine_audience(self):
""" """Determines the _audience."""
Determines the _audience.
"""
self._audience = "https://sp.testshib.org/shibboleth-sp" self._audience = "https://sp.testshib.org/shibboleth-sp"

View file

@ -1,14 +1,10 @@
""" """WordpressOrange Processor"""
WordpressOrange Processor
"""
from supervisr.mod.auth.saml.idp.base import Processor from passbook.saml_idp.base import Processor
class WordpressOrangeProcessor(Processor): class WordpressOrangeProcessor(Processor):
""" """WordpressOrange Response Handler Processor for testing against django-saml2-sp."""
WordpressOrange Response Handler Processor for testing against django-saml2-sp.
"""
def _determine_audience(self): def _determine_audience(self):
# Orange expects an audience in this format # Orange expects an audience in this format

View file

@ -1,57 +0,0 @@
"""SAML2 IDP Default settings"""
SAML2IDP_CONFIG = {
# Default metadata to configure this local IdP.
'autosubmit': True,
'certificate_data': """-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAMyu7G6V0HCtMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
ZmF1bHQwIBcNMTcwNjMwMTQzNjU2WhgPNDAxNjAzMDIxNDM2NTZaMGwxCzAJBgNV
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
ZmF1bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh+wp/kf2mSJd9
s562gH6NUAZEFpMqeicKJLLrbt0qmovEej6HIKNTTrnQUyaq5L5u6FBALwrURpx7
NztzwcNehfmKdl0n1AsHWaWuuaRSPwxv9F/YCEeq15KLC686DN0lG2MDaeFxF1xe
23FnZUQ06/G7lSGO4tZUEvEFaYX48M1txydmeLxJHyQPfsADK9ozK6h9+daDD/uJ
OSrN4kgh19hMIDg1BPJ0JldK3ohjgFNhQ+KZ9CvgfU9kVzHZ6ZbsKyG20HFCTu8D
lV5QFi+CcTj9BgkXNE1pVc15P6Ef97dg3DYgLIZNBK8gWweQzMvtAJeqd9Oj9dGY
PzONsHY5AgMBAAGjUDBOMB0GA1UdDgQWBBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAf
BgNVHSMEGDAWgBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBaITBSa75Y1dlDdvIp7/NgidRYgOx6xrVC5eYqf0X7
GNBidh3PSqBeiuK9ARtzmoWKS/G5Ufr6dvS7SglcEIqhba33iIaRtB5P14yYb8j1
lXKTy/plv+Z2DXeqcCVlFJqc9wSZx2Shkump5ctvkPIV5qW29fQA3IeM+bdNgqVr
8mEagDJEnFIpbCkkKTFNIrWR8f72SXzc0jxPi89oFlMvINc+ogaFSxwbyPMIMoaI
IPMtp3THfTObYBoLNeeWMug/ynKMcUNs4pzh97RNacAxMYSb/3rbblrnq0CYDcmG
RHlwc9dbwx1rVaCt+dYznAoD8rvZw8iCaS2m4b75uzsn
-----END CERTIFICATE-----""",
'private_key_data': """-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4fsKf5H9pkiXfbOetoB+jVAGRBaTKnonCiSy627dKpqLxHo+
hyCjU0650FMmquS+buhQQC8K1Eacezc7c8HDXoX5inZdJ9QLB1mlrrmkUj8Mb/Rf
2AhHqteSiwuvOgzdJRtjA2nhcRdcXttxZ2VENOvxu5UhjuLWVBLxBWmF+PDNbccn
Zni8SR8kD37AAyvaMyuoffnWgw/7iTkqzeJIIdfYTCA4NQTydCZXSt6IY4BTYUPi
mfQr4H1PZFcx2emW7CshttBxQk7vA5VeUBYvgnE4/QYJFzRNaVXNeT+hH/e3YNw2
ICyGTQSvIFsHkMzL7QCXqnfTo/XRmD8zjbB2OQIDAQABAoIBAQDUZ8JWZkKkKVc7
L7nekKhi6vT4yr9JDcfkINqLsIjxopH8+2oKWQMrKrQ8u+t8dcUJOhM0QQNMw5IR
vriC9X1NO2ByZQ7qgMRdBEZXFOb+54QpNulfhWjXjAiR6Umqpqy2VCec7ciZI/wO
rPTK2sRheeSdDG+eflg2bhddnvHuKaSD0N27guhRYDg8e0NpqohuWHftzC0Z3OqQ
2nTVYSNFev8V0cNN8ESK+r/S1MG0BlxuhPzdp3SolGdYvAQNp4RizZslnnYuBmMf
SMoZY689v/v622xrQ0pHiPU72lgcSXRzlFD6p4+ecxHvhtZiPVEIUtCLXdmaOs1b
6mlKZs6BAoGBAPjPdLVe9gSUB9s91RIpY7JsPyjABzH0WgLFAMat2VlZQM0b1o2y
U65kd8HY/xxzDRxzsTuE+7fusipk5zlwfmyPhxEbwHyjT6xFUneBiHamKOR5F6Xk
2HdOc4swMXitAFsHDl85ys+ovHV50nb6TilEW2vAIj7J178NdMGRbE2LAoGBAOiC
tHNOyfuUVzYU34oOhQ4B1VVLB60LJSFnPdHoFss/nt73kLWuw0Z5iuX6f3PhybiA
6qSLT53EzmcrtUUa6H9MNW2d4bGLMkGn3rku6XKBH4d4h7D3YVUQCCx0nDz30FNz
90/9J0oZbrksnUlE5EpU+vpRmvriz1AFTljDrgvLAoGBAPiLbD990+5w3YRCOSWC
WQg0H8eaQ9XADWZ02zidE+CwSw5Zf7Nebz9nN0ZaeUU3HOLOIz6cskNj23CECYMU
gAX8PmV1vowDK6SgPygIKoSzqWfKGzhp6V8M7FkfVFwDHbbQzqeLeLCGE3SatAaM
NiX9FgIGFW95e95rF7YBihnPAoGAAx8+LQ4xyB8FzMQa/E+VmcqMgsivIbO0m+42
9kqXg8Mm7veECex+0sNvCgeDDptJiiCxBeSY/RVXcCs2E+d4l7z+OqqUDT5BPoBy
jSoEGHWDZt5HdCjeNbYxZedq8aaiNXypJXnQvT36LqJaulEif50Egbf2zMee4QQx
OR/nhmECgYEAwc7/woIMJFOSfo3IgsYU8a7KKQ0w2JSvXMND9IkMjo/Oc8mT08Z1
hMv77bCX4zZr162Wg02BgA5rKPHu56ofjOBeQvabfmzB0d+H/mxv/V7PC50QBqLd
zcepulF4OHOf+b2vKPmgN/HoQQyISw6l7SwuOH0gQI+SOxyBNuIIqN0=
-----END RSA PRIVATE KEY-----""",
'issuer': 'http://localhost:8000',
'signing': True,
}

View file

@ -1,6 +1,6 @@
{% extends "core/skel.html" %} {% extends "core/skel.html" %}
{% load supervisr_utils %} {% load utils %}
{% load i18n %} {% load i18n %}
{% block title %} {% block title %}
@ -15,8 +15,8 @@
<input type="hidden" name="RelayState" value="{{ relay_state }}" /> <input type="hidden" name="RelayState" value="{{ relay_state }}" />
<input type="hidden" name="SAMLResponse" value="{{ saml_response }}" /> <input type="hidden" name="SAMLResponse" value="{{ saml_response }}" />
<label class="title"> <label class="title">
<clr-icon shape="supervisr" class="is-info" size="48"></clr-icon> <clr-icon shape="passbook" class="is-info" size="48"></clr-icon>
{% supervisr_setting 'branding' %} {% config 'passbook.branding' %}
</label> </label>
<label class="subtitle"> <label class="subtitle">
{% trans 'SSO - Authorize External Source' %} {% trans 'SSO - Authorize External Source' %}

View file

@ -1,7 +1,7 @@
{% extends "_admin/module_default.html" %} {% extends "_admin/module_default.html" %}
{% load i18n %} {% load i18n %}
{% load supervisr_utils %} {% load utils %}
{% block title %} {% block title %}
{% title "Overview" %} {% title "Overview" %}
@ -39,7 +39,7 @@
</section> </section>
</div> </div>
<div class="card-footer"> <div class="card-footer">
<a href="{% url 'supervisr_mod_auth_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a> <a href="{% url 'passbook_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a>
</div> </div>
</div> </div>
</div> </div>

View file

@ -1,4 +1,4 @@
"""Supervisr SAML IDP URLs""" """passbook SAML IDP URLs"""
from django.conf.urls import url from django.conf.urls import url
from passbook.saml_idp import views from passbook.saml_idp import views

View file

@ -2,7 +2,7 @@
from logging import getLogger from logging import getLogger
from passbook.lib.utils import render_to_string from passbook.lib.utils.template import render_to_string
from passbook.saml_idp.xml_signing import (get_signature_xml, load_certificate, from passbook.saml_idp.xml_signing import (get_signature_xml, load_certificate,
load_private_key, sign_with_signxml) load_private_key, sign_with_signxml)

View file

@ -7,15 +7,15 @@ from defusedxml import ElementTree
from signxml import XMLSigner from signxml import XMLSigner
from signxml.util import strip_pem_header from signxml.util import strip_pem_header
from passbook.core.models import Setting from passbook.lib.config import CONFIG
from passbook.lib.utils import render_to_string from passbook.lib.utils.template import render_to_string
LOGGER = getLogger(__name__) LOGGER = getLogger(__name__)
def load_certificate(strip=False): def load_certificate(strip=False):
"""Get Public key from config""" """Get Public key from config"""
cert = Setting.get('certificate') cert = CONFIG.y('saml_idp.certificate', '')
if strip: if strip:
return strip_pem_header(cert.replace('\r', '')).replace('\n', '') return strip_pem_header(cert.replace('\r', '')).replace('\n', '')
return cert return cert
@ -23,7 +23,7 @@ def load_certificate(strip=False):
def load_private_key(): def load_private_key():
"""Get Private Key from config""" """Get Private Key from config"""
return Setting.get('private_key') return CONFIG.y('saml_idp.key', '')
def sign_with_signxml(private_key, data, cert, reference_uri=None): def sign_with_signxml(private_key, data, cert, reference_uri=None):

View file

@ -1,4 +1,4 @@
"""Supervisr 2FA Forms""" """passbook 2FA Forms"""
from django import forms from django import forms
from django.core.validators import RegexValidator from django.core.validators import RegexValidator

View file

@ -1,6 +1,6 @@
{% extends "user/base.html" %} {% extends "user/base.html" %}
{% load supervisr_utils %} {% load utils %}
{% load i18n %} {% load i18n %}
{% load hostname %} {% load hostname %}
{% load setting %} {% load setting %}
@ -31,9 +31,9 @@
</p> </p>
<p> <p>
{% if not state %} {% if not state %}
<a href="{% url 'supervisr_mod_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a> <a href="{% url 'passbook_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a>
{% else %} {% else %}
<a href="{% url 'supervisr_mod_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a> <a href="{% url 'passbook_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a>
{% endif %} {% endif %}
</p> </p>
</div> </div>

View file

@ -1,6 +1,6 @@
{% extends "generic/wizard.html" %} {% extends "generic/wizard.html" %}
{% load supervisr_utils %} {% load utils %}
{% block title %} {% block title %}
{% title "Setup" %} {% title "Setup" %}

View file

@ -1,6 +1,4 @@
""" """passbook Mod 2FA Middleware Test"""
Supervisr Mod 2FA Middleware Test
"""
import os import os
@ -8,23 +6,19 @@ from django.contrib.auth.models import AnonymousUser
from django.test import RequestFactory, TestCase from django.test import RequestFactory, TestCase
from django.urls import reverse from django.urls import reverse
from supervisr.core.views import common from passbook.core.views import common
from supervisr.mod.tfa.middleware import tfa_force_verify from passbook.tfa.middleware import tfa_force_verify
class TestMiddleware(TestCase): class TestMiddleware(TestCase):
""" """passbook 2FA Middleware Test"""
Supervisr 2FA Middleware Test
"""
def setUp(self): def setUp(self):
os.environ['RECAPTCHA_TESTING'] = 'True' os.environ['RECAPTCHA_TESTING'] = 'True'
self.factory = RequestFactory() self.factory = RequestFactory()
def test_tfa_force_verify_anon(self): def test_tfa_force_verify_anon(self):
""" """Test Anonymous TFA Force"""
Test Anonymous TFA Force
"""
request = self.factory.get(reverse('common-index')) request = self.factory.get(reverse('common-index'))
request.user = AnonymousUser() request.user = AnonymousUser()
response = tfa_force_verify(common.IndexView.as_view())(request) response = tfa_force_verify(common.IndexView.as_view())(request)

View file

@ -1,4 +1,6 @@
pylint pylint
pylint-django
isort isort
autopep8 autopep8
django-debug-toolbar django-debug-toolbar
-r requirements.txt