more cleanup, remove supervisr imports
This commit is contained in:
parent
fbaab4efaf
commit
a2904d3ade
|
@ -5,3 +5,4 @@ raven
|
|||
djangorestframework
|
||||
markdown
|
||||
django-model-utils
|
||||
colorlog
|
|
@ -60,6 +60,8 @@ INSTALLED_APPS = [
|
|||
'passbook.ldap',
|
||||
'passbook.oauth_client',
|
||||
'passbook.oauth_provider',
|
||||
'passbook.saml_idp',
|
||||
'passbook.tfa',
|
||||
]
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
{% block card %}
|
||||
{% endblock %}
|
||||
</div><!-- card -->
|
||||
|
||||
<footer class="login-pf-page-footer">
|
||||
<ul class="login-pf-page-footer-links list-unstyled">
|
||||
<li><a class="login-pf-page-footer-link" href="#">Terms of Use</a></li>
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
"""
|
||||
LDAP Settings
|
||||
"""
|
||||
"""LDAP Settings"""
|
||||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
'supervisr.mod.auth.ldap.auth.LDAPBackend',
|
||||
'passbook.ldap.auth.LDAPBackend',
|
||||
]
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{% extends "_admin/module_default.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title "Settings" %}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""supervisr core config loader"""
|
||||
"""passbook lib config loader"""
|
||||
import os
|
||||
from collections import Mapping
|
||||
from contextlib import contextmanager
|
||||
|
|
|
@ -7,7 +7,7 @@ log:
|
|||
level:
|
||||
console: DEBUG
|
||||
file: DEBUG
|
||||
file: /dev/null
|
||||
file: NUL
|
||||
syslog:
|
||||
host: 127.0.0.1
|
||||
port: 514
|
||||
|
@ -48,7 +48,7 @@ passbook:
|
|||
# Override URL used for Background on Login page
|
||||
bg_url: null
|
||||
# Optionally add a subtext, placed below logo on the login page
|
||||
subtext: This is placeholder text, only. Use this area to place any information or introductory message about your application that may be relevant for users.
|
||||
subtext: null
|
||||
footer:
|
||||
links:
|
||||
# Optionally add links to the footer on the login page
|
||||
|
@ -87,7 +87,7 @@ ldap:
|
|||
reset_password: true
|
||||
oauth_client:
|
||||
# List of python packages with sources types to load.
|
||||
source_tyoes:
|
||||
types:
|
||||
- passbook.oauth_client.source_types.discord
|
||||
- passbook.oauth_client.source_types.facebook
|
||||
- passbook.oauth_client.source_types.github
|
||||
|
@ -95,3 +95,16 @@ oauth_client:
|
|||
- passbook.oauth_client.source_types.reddit
|
||||
- passbook.oauth_client.source_types.supervisr
|
||||
- passbook.oauth_client.source_types.twitter
|
||||
saml_idp:
|
||||
signing: true
|
||||
autosubmit: false
|
||||
issuer: passbook
|
||||
assertion_valid_for: 86400
|
||||
# List of python packages with provider types to load.
|
||||
types:
|
||||
- passbook.saml_idp.processors.generic
|
||||
- passbook.saml_idp.processors.gitlab
|
||||
- passbook.saml_idp.processors.nextcloud
|
||||
- passbook.saml_idp.processors.salesforce
|
||||
- passbook.saml_idp.processors.shibboleth
|
||||
- passbook.saml_idp.processors.wordpress_orange
|
|
@ -1,4 +1,4 @@
|
|||
"""Supervisr Core Reflection templatetags Templatetag"""
|
||||
"""passbook Core Reflection templatetags Templatetag"""
|
||||
from logging import getLogger
|
||||
|
||||
from django import template
|
||||
|
|
|
@ -12,6 +12,7 @@ from django.template.loaders.app_directories import get_app_template_dirs
|
|||
from django.urls import reverse
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from passbook.lib.config import CONFIG
|
||||
from passbook.lib.utils.reflection import path_to_class
|
||||
from passbook.lib.utils.urls import is_url_absolute
|
||||
|
||||
|
@ -75,7 +76,7 @@ def pick(cont, arg, fallback=''):
|
|||
@register.simple_tag(takes_context=True)
|
||||
def title(context, *title):
|
||||
"""Return either just branding or title - branding"""
|
||||
branding = Setting.get('branding', default='supervisr')
|
||||
branding = Setting.get('branding', default='passbook')
|
||||
if not title:
|
||||
return branding
|
||||
# Include App Title in title
|
||||
|
@ -97,9 +98,9 @@ def title(context, *title):
|
|||
|
||||
|
||||
@register.simple_tag
|
||||
def supervisr_setting(key, namespace='supervisr.core', default=''):
|
||||
def config(path, default=''):
|
||||
"""Get a setting from the database. Returns default is setting doesn't exist."""
|
||||
return Setting.get(key=key, namespace=namespace, default=default)
|
||||
return CONFIG.y(path, default)
|
||||
|
||||
|
||||
@register.simple_tag()
|
||||
|
|
14
passbook/lib/utils/template.py
Normal file
14
passbook/lib/utils/template.py
Normal file
|
@ -0,0 +1,14 @@
|
|||
"""passbook lib template utilities"""
|
||||
from django.template import Context, Template, loader
|
||||
|
||||
|
||||
def render_from_string(template: str, ctx: Context) -> str:
|
||||
"""Render template from string to string"""
|
||||
template = Template(template)
|
||||
return template.render(ctx)
|
||||
|
||||
|
||||
def render_to_string(template_path: str, ctx: Context) -> str:
|
||||
"""Render a template to string"""
|
||||
template = loader.get_template(template_path)
|
||||
return template.render(ctx)
|
|
@ -17,7 +17,7 @@ class PassbookOAuthClientConfig(AppConfig):
|
|||
|
||||
def ready(self):
|
||||
"""Load source_types from config file"""
|
||||
source_types_to_load = CONFIG.y('oauth_client.source_tyoes')
|
||||
source_types_to_load = CONFIG.y('oauth_client.types', [])
|
||||
for source_type in source_types_to_load:
|
||||
try:
|
||||
import_module(source_type)
|
||||
|
|
|
@ -1,17 +1,11 @@
|
|||
"""
|
||||
Supervisr Mod Oauth Client Errors
|
||||
"""
|
||||
"""passbook oauth_client Errors"""
|
||||
|
||||
|
||||
class OAuthClientError(Exception):
|
||||
"""
|
||||
Base error for all OAuth Client errors
|
||||
"""
|
||||
"""Base error for all OAuth Client errors"""
|
||||
pass
|
||||
|
||||
|
||||
class OAuthClientEmailMissingError(OAuthClientError):
|
||||
"""
|
||||
Error which is raised when user is missing email address from profile
|
||||
"""
|
||||
"""Error which is raised when user is missing email address from profile"""
|
||||
pass
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
|
||||
{% any_provider as enabled %}
|
||||
{% if enabled %}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
|
||||
{% provider_exists 'facebook' as facebook_enabled %}
|
||||
{% if facebook_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='facebook' %}" class="btn" style="background-color:#4267b2;color:white;margin-top:10px;width:100%;"><i class="fa fa-facebook-official" aria-hidden="true"></i></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
|
||||
{% provider_exists 'twitter' as twitter_enabled %}
|
||||
{% if twitter_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='twitter' %}" class="btn" style="background-color:#55ACEE;color:white;margin-top:10px;width:100%;"><i class="fa fa-twitter" aria-hidden="true"></i></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
{% load static %}
|
||||
|
||||
{% provider_exists 'google' as google_enabled %}
|
||||
{% if google_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='google' %}" class="btn" style="background-color:white;color:black;margin-top:10px;width:100%;"><img src="{% static 'img/google.svg' %}" style="height:12px"></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
|
||||
{% provider_exists 'github' as github_enabled %}
|
||||
{% if github_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='github' %}" class="btn" style="background-color:#444444;color:white;margin-top:10px;width:100%;"><i class="fa fa-github" aria-hidden="true"></i></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
{% load static %}
|
||||
|
||||
{% provider_exists 'discord' as discord_enabled %}
|
||||
{% if discord_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='discord' %}" class="btn" style="background-color:#2C2F33;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/discord.svg' %}" style="height:12px"></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
{% load static %}
|
||||
|
||||
{% provider_exists 'reddit' as reddit_enabled %}
|
||||
{% if reddit_enabled %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider='reddit' %}" class="btn" style="background-color:#ff4500;color:white;margin-top:10px;width:100%;"><img src="{% static 'img/reddit.svg' %}" style="height:20px;margin-top:-5px;"></a>
|
||||
{% endif %}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{% load supervisr_oauth_client %}
|
||||
{% load passbook_oauth_client %}
|
||||
|
||||
{% any_provider as enabled %}
|
||||
{% if enabled %}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% extends "user/base.html" %}
|
||||
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block title %}
|
||||
|
@ -34,9 +34,9 @@
|
|||
<td>{{ data.state|yesno:"Connected,Not Connected" }}</td>
|
||||
<td>
|
||||
{% if data.state == False %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-login' provider=data.provider.name %}">Connect</a>
|
||||
{% else %}
|
||||
<a href="{% url 'supervisr_mod_auth_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a>
|
||||
<a href="{% url 'passbook_oauth_client:oauth-client-disconnect' provider=data.provider.name %}">Disconnect</a>
|
||||
{% endif %}
|
||||
</td>
|
||||
<td>{{ data.aas.first.identifier }}</td>
|
||||
|
|
|
@ -6,40 +6,7 @@ from passbook.oauth_client.source_types.manager import RequestKind
|
|||
# from passbook.oauth_client.views import core, settings
|
||||
from passbook.oauth_client.views import dispatcher
|
||||
|
||||
# from passbook.oauth_client.views.providers import (discord, facebook, github,
|
||||
# google, reddit, supervisr,
|
||||
# twitter)
|
||||
|
||||
urlpatterns = [
|
||||
# # Supervisr
|
||||
# url(r'^callback/(?P<provider>supervisr)/$',
|
||||
# supervisr.SupervisrOAuthCallback.as_view(), name='oauth-client-callback'),
|
||||
# # Twitter
|
||||
# url(r'^callback/(?P<provider>twitter)/$',
|
||||
# twitter.TwitterOAuthCallback.as_view(), name='oauth-client-callback'),
|
||||
# # GitHub
|
||||
# url(r'^callback/(?P<provider>github)/$',
|
||||
# github.GitHubOAuth2Callback.as_view(), name='oauth-client-callback'),
|
||||
# # Facebook
|
||||
# url(r'^callback/(?P<provider>facebook)/$',
|
||||
# facebook.FacebookOAuth2Callback.as_view(), name='oauth-client-callback'),
|
||||
# url(r'^login/(?P<provider>facebook)/$',
|
||||
# facebook.FacebookOAuthRedirect.as_view(), name='oauth-client-login'),
|
||||
# # Discord
|
||||
# url(r'^callback/(?P<provider>discord)/$',
|
||||
# discord.DiscordOAuth2Callback.as_view(), name='oauth-client-callback'),
|
||||
# url(r'^login/(?P<provider>discord)/$',
|
||||
# discord.DiscordOAuthRedirect.as_view(), name='oauth-client-login'),
|
||||
# # Reddit
|
||||
# url(r'^callback/(?P<provider>reddit)/$',
|
||||
# reddit.RedditOAuth2Callback.as_view(), name='oauth-client-callback'),
|
||||
# url(r'^login/(?P<provider>reddit)/$',
|
||||
# reddit.RedditOAuthRedirect.as_view(), name='oauth-client-login'),
|
||||
# # Google
|
||||
# url(r'^callback/(?P<provider>google)/$',
|
||||
# google.GoogleOAuth2Callback.as_view(), name='oauth-client-callback'),
|
||||
# url(r'^login/(?P<provider>google)/$',
|
||||
# google.GoogleOAuthRedirect.as_view(), name='oauth-client-login'),
|
||||
path('login/<slug:source_slug>/', dispatcher.DispatcherView.as_view(
|
||||
kind=RequestKind.redirect), name='oauth-client-login'),
|
||||
path('callback/<slug:source_slug>/', dispatcher.DispatcherView.as_view(
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
"""passbook mod saml_idp app config"""
|
||||
from importlib import import_module
|
||||
from logging import getLogger
|
||||
|
||||
from django.apps.config import AppConfig
|
||||
from django.apps import AppConfig
|
||||
|
||||
from passbook.lib.config import CONFIG
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
class PassbookSAMLIDPConfig(AppConfig):
|
||||
"""passbook saml_idp app config"""
|
||||
|
@ -9,3 +14,13 @@ class PassbookSAMLIDPConfig(AppConfig):
|
|||
name = 'passbook.saml_idp'
|
||||
label = 'passbook_saml_idp'
|
||||
verbose_name = 'passbook SAML IDP'
|
||||
|
||||
def ready(self):
|
||||
"""Load source_types from config file"""
|
||||
source_types_to_load = CONFIG.y('saml_idp.types', [])
|
||||
for source_type in source_types_to_load:
|
||||
try:
|
||||
import_module(source_type)
|
||||
LOGGER.info("Loaded %s", source_type)
|
||||
except ImportError as exc:
|
||||
LOGGER.debug(exc)
|
||||
|
|
|
@ -6,7 +6,7 @@ from logging import getLogger
|
|||
|
||||
from bs4 import BeautifulSoup
|
||||
|
||||
# from passbook.core.models import Setting
|
||||
from passbook.lib.config import CONFIG
|
||||
from passbook.saml_idp import codex, exceptions, xml_render
|
||||
|
||||
MINUTES = 60
|
||||
|
@ -53,7 +53,7 @@ class Processor:
|
|||
_subject = None
|
||||
_subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
|
||||
_system_params = {
|
||||
'ISSUER': Setting.get('issuer'),
|
||||
'ISSUER': CONFIG.y('saml_idp.issuer'),
|
||||
}
|
||||
|
||||
@property
|
||||
|
@ -84,7 +84,7 @@ class Processor:
|
|||
'AUTH_INSTANT': get_time_string(),
|
||||
'ISSUE_INSTANT': get_time_string(),
|
||||
'NOT_BEFORE': get_time_string(-1 * HOURS), # TODO: Make these settings.
|
||||
'NOT_ON_OR_AFTER': get_time_string(int(Setting.get('assertion_valid_for')) * MINUTES),
|
||||
'NOT_ON_OR_AFTER': get_time_string(int(CONFIG.y('saml_idp.assertion_valid_for')) * MINUTES),
|
||||
'SESSION_INDEX': self._session_index,
|
||||
'SESSION_NOT_ON_OR_AFTER': get_time_string(8 * HOURS),
|
||||
'SP_NAME_QUALIFIER': self._audience,
|
||||
|
@ -175,7 +175,7 @@ class Processor:
|
|||
|
||||
def _format_response(self):
|
||||
"""Formats _response_params as _response_xml."""
|
||||
sign_it = Setting.get_bool('signing')
|
||||
sign_it = CONFIG.y('saml_idp.signing', True)
|
||||
assertion_id = self._assertion_params['ASSERTION_ID']
|
||||
self._response_xml = xml_render.get_response_xml(self._response_params,
|
||||
signed=sign_it,
|
||||
|
@ -187,7 +187,7 @@ class Processor:
|
|||
'acs_url': self._request_params['ACS_URL'],
|
||||
'saml_response': self._saml_response,
|
||||
'relay_state': self._relay_state,
|
||||
'autosubmit': Setting.get('autosubmit'),
|
||||
'autosubmit': CONFIG.y('saml_idp.autosubmit', False),
|
||||
}
|
||||
|
||||
def _parse_request(self):
|
||||
|
@ -228,7 +228,7 @@ class Processor:
|
|||
self._subject = sp_config
|
||||
self._subject_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:email'
|
||||
self._system_params = {
|
||||
'ISSUER': Setting.get('issuer'),
|
||||
'ISSUER': CONFIG.y('saml_idp.issuer'),
|
||||
}
|
||||
|
||||
def _validate_request(self):
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
"""
|
||||
Demo Processor
|
||||
"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml
|
||||
|
||||
|
||||
class DemoProcessor(Processor):
|
||||
"""
|
||||
Demo Response Handler Processor for testing against django-saml2-sp.
|
||||
"""
|
||||
|
||||
def _format_assertion(self):
|
||||
# NOTE: This uses the SalesForce assertion for the demo.
|
||||
self._assertion_xml = get_assertion_xml(
|
||||
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)
|
||||
|
||||
|
||||
class DemoAttributeProcessor(Processor):
|
||||
"""
|
||||
Demo Response Handler Processor for testing against django-saml2-sp;
|
||||
Adds SAML attributes to the assertion.
|
||||
"""
|
||||
|
||||
def _format_assertion(self):
|
||||
# NOTE: This uses the SalesForce assertion for the demo.
|
||||
self._assertion_params['ATTRIBUTES'] = {
|
||||
'foo': 'bar',
|
||||
}
|
||||
self._assertion_xml = get_assertion_xml(
|
||||
'saml/xml/assertions/salesforce.xml', self._assertion_params, signed=True)
|
|
@ -1,12 +1,8 @@
|
|||
"""
|
||||
Generic Processor
|
||||
"""
|
||||
"""Generic Processor"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
from passbook.saml_idp.base import Processor
|
||||
|
||||
|
||||
class GenericProcessor(Processor):
|
||||
"""
|
||||
Generic Response Handler Processor for testing against django-saml2-sp.
|
||||
"""
|
||||
"""Generic Response Handler Processor for testing against django-saml2-sp."""
|
||||
pass
|
||||
|
|
|
@ -1,14 +1,10 @@
|
|||
"""
|
||||
GitLab Processor
|
||||
"""
|
||||
"""GitLab Processor"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
from passbook.saml_idp.base import Processor
|
||||
|
||||
|
||||
class GitLabProcessor(Processor):
|
||||
"""
|
||||
GitLab Response Handler Processor for testing against django-saml2-sp.
|
||||
"""
|
||||
"""GitLab Response Handler Processor for testing against django-saml2-sp."""
|
||||
|
||||
def _determine_audience(self):
|
||||
# Nextcloud expects an audience in this format
|
||||
|
|
|
@ -1,13 +1,9 @@
|
|||
"""
|
||||
NextCloud Processor
|
||||
"""
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
"""NextCloud Processor"""
|
||||
from passbook.saml_idp.base import Processor
|
||||
|
||||
|
||||
class NextCloudProcessor(Processor):
|
||||
"""
|
||||
Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor.
|
||||
"""
|
||||
"""Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor."""
|
||||
|
||||
def _determine_audience(self):
|
||||
# Nextcloud expects an audience in this format
|
||||
|
|
|
@ -1,15 +1,11 @@
|
|||
"""
|
||||
Salesforce Processor
|
||||
"""
|
||||
"""Salesforce Processor"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
from supervisr.mod.auth.saml.idp.xml_render import get_assertion_xml
|
||||
from passbook.saml_idp.base import Processor
|
||||
from passbook.saml_idp.xml_render import get_assertion_xml
|
||||
|
||||
|
||||
class SalesForceProcessor(Processor):
|
||||
"""
|
||||
SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor.
|
||||
"""
|
||||
"""SalesForce.com-specific SAML 2.0 AuthnRequest to Response Handler Processor."""
|
||||
|
||||
def _determine_audience(self):
|
||||
self._audience = 'IAMShowcase'
|
||||
|
|
|
@ -1,17 +1,11 @@
|
|||
"""
|
||||
Shib Processor
|
||||
"""
|
||||
"""Shibboleth Processor"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
|
||||
|
||||
class ShibProcessor(Processor):
|
||||
"""
|
||||
Shib-specific Processor
|
||||
"""
|
||||
class ShibbolethProcessor(Processor):
|
||||
"""Shibboleth-specific Processor"""
|
||||
|
||||
def _determine_audience(self):
|
||||
"""
|
||||
Determines the _audience.
|
||||
"""
|
||||
"""Determines the _audience."""
|
||||
self._audience = "https://sp.testshib.org/shibboleth-sp"
|
|
@ -1,14 +1,10 @@
|
|||
"""
|
||||
WordpressOrange Processor
|
||||
"""
|
||||
"""WordpressOrange Processor"""
|
||||
|
||||
from supervisr.mod.auth.saml.idp.base import Processor
|
||||
from passbook.saml_idp.base import Processor
|
||||
|
||||
|
||||
class WordpressOrangeProcessor(Processor):
|
||||
"""
|
||||
WordpressOrange Response Handler Processor for testing against django-saml2-sp.
|
||||
"""
|
||||
"""WordpressOrange Response Handler Processor for testing against django-saml2-sp."""
|
||||
|
||||
def _determine_audience(self):
|
||||
# Orange expects an audience in this format
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
"""SAML2 IDP Default settings"""
|
||||
|
||||
SAML2IDP_CONFIG = {
|
||||
# Default metadata to configure this local IdP.
|
||||
'autosubmit': True,
|
||||
'certificate_data': """-----BEGIN CERTIFICATE-----
|
||||
MIIDrTCCApWgAwIBAgIJAMyu7G6V0HCtMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
|
||||
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
|
||||
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
|
||||
ZmF1bHQwIBcNMTcwNjMwMTQzNjU2WhgPNDAxNjAzMDIxNDM2NTZaMGwxCzAJBgNV
|
||||
BAYTAkRFMQswCQYDVQQIDAJCVzEWMBQGA1UEBwwNV2VpbCBhbSBSaGVpbjETMBEG
|
||||
A1UECgwKQmVyeUp1Lm9yZzEjMCEGA1UEAwwaU3VwZXJ2aXNyIFNBTUwgSURQIERl
|
||||
ZmF1bHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh+wp/kf2mSJd9
|
||||
s562gH6NUAZEFpMqeicKJLLrbt0qmovEej6HIKNTTrnQUyaq5L5u6FBALwrURpx7
|
||||
NztzwcNehfmKdl0n1AsHWaWuuaRSPwxv9F/YCEeq15KLC686DN0lG2MDaeFxF1xe
|
||||
23FnZUQ06/G7lSGO4tZUEvEFaYX48M1txydmeLxJHyQPfsADK9ozK6h9+daDD/uJ
|
||||
OSrN4kgh19hMIDg1BPJ0JldK3ohjgFNhQ+KZ9CvgfU9kVzHZ6ZbsKyG20HFCTu8D
|
||||
lV5QFi+CcTj9BgkXNE1pVc15P6Ef97dg3DYgLIZNBK8gWweQzMvtAJeqd9Oj9dGY
|
||||
PzONsHY5AgMBAAGjUDBOMB0GA1UdDgQWBBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAf
|
||||
BgNVHSMEGDAWgBRgrJg/30Y1O4bgan+YJ0D0rf5s0DAMBgNVHRMEBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBaITBSa75Y1dlDdvIp7/NgidRYgOx6xrVC5eYqf0X7
|
||||
GNBidh3PSqBeiuK9ARtzmoWKS/G5Ufr6dvS7SglcEIqhba33iIaRtB5P14yYb8j1
|
||||
lXKTy/plv+Z2DXeqcCVlFJqc9wSZx2Shkump5ctvkPIV5qW29fQA3IeM+bdNgqVr
|
||||
8mEagDJEnFIpbCkkKTFNIrWR8f72SXzc0jxPi89oFlMvINc+ogaFSxwbyPMIMoaI
|
||||
IPMtp3THfTObYBoLNeeWMug/ynKMcUNs4pzh97RNacAxMYSb/3rbblrnq0CYDcmG
|
||||
RHlwc9dbwx1rVaCt+dYznAoD8rvZw8iCaS2m4b75uzsn
|
||||
-----END CERTIFICATE-----""",
|
||||
'private_key_data': """-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA4fsKf5H9pkiXfbOetoB+jVAGRBaTKnonCiSy627dKpqLxHo+
|
||||
hyCjU0650FMmquS+buhQQC8K1Eacezc7c8HDXoX5inZdJ9QLB1mlrrmkUj8Mb/Rf
|
||||
2AhHqteSiwuvOgzdJRtjA2nhcRdcXttxZ2VENOvxu5UhjuLWVBLxBWmF+PDNbccn
|
||||
Zni8SR8kD37AAyvaMyuoffnWgw/7iTkqzeJIIdfYTCA4NQTydCZXSt6IY4BTYUPi
|
||||
mfQr4H1PZFcx2emW7CshttBxQk7vA5VeUBYvgnE4/QYJFzRNaVXNeT+hH/e3YNw2
|
||||
ICyGTQSvIFsHkMzL7QCXqnfTo/XRmD8zjbB2OQIDAQABAoIBAQDUZ8JWZkKkKVc7
|
||||
L7nekKhi6vT4yr9JDcfkINqLsIjxopH8+2oKWQMrKrQ8u+t8dcUJOhM0QQNMw5IR
|
||||
vriC9X1NO2ByZQ7qgMRdBEZXFOb+54QpNulfhWjXjAiR6Umqpqy2VCec7ciZI/wO
|
||||
rPTK2sRheeSdDG+eflg2bhddnvHuKaSD0N27guhRYDg8e0NpqohuWHftzC0Z3OqQ
|
||||
2nTVYSNFev8V0cNN8ESK+r/S1MG0BlxuhPzdp3SolGdYvAQNp4RizZslnnYuBmMf
|
||||
SMoZY689v/v622xrQ0pHiPU72lgcSXRzlFD6p4+ecxHvhtZiPVEIUtCLXdmaOs1b
|
||||
6mlKZs6BAoGBAPjPdLVe9gSUB9s91RIpY7JsPyjABzH0WgLFAMat2VlZQM0b1o2y
|
||||
U65kd8HY/xxzDRxzsTuE+7fusipk5zlwfmyPhxEbwHyjT6xFUneBiHamKOR5F6Xk
|
||||
2HdOc4swMXitAFsHDl85ys+ovHV50nb6TilEW2vAIj7J178NdMGRbE2LAoGBAOiC
|
||||
tHNOyfuUVzYU34oOhQ4B1VVLB60LJSFnPdHoFss/nt73kLWuw0Z5iuX6f3PhybiA
|
||||
6qSLT53EzmcrtUUa6H9MNW2d4bGLMkGn3rku6XKBH4d4h7D3YVUQCCx0nDz30FNz
|
||||
90/9J0oZbrksnUlE5EpU+vpRmvriz1AFTljDrgvLAoGBAPiLbD990+5w3YRCOSWC
|
||||
WQg0H8eaQ9XADWZ02zidE+CwSw5Zf7Nebz9nN0ZaeUU3HOLOIz6cskNj23CECYMU
|
||||
gAX8PmV1vowDK6SgPygIKoSzqWfKGzhp6V8M7FkfVFwDHbbQzqeLeLCGE3SatAaM
|
||||
NiX9FgIGFW95e95rF7YBihnPAoGAAx8+LQ4xyB8FzMQa/E+VmcqMgsivIbO0m+42
|
||||
9kqXg8Mm7veECex+0sNvCgeDDptJiiCxBeSY/RVXcCs2E+d4l7z+OqqUDT5BPoBy
|
||||
jSoEGHWDZt5HdCjeNbYxZedq8aaiNXypJXnQvT36LqJaulEif50Egbf2zMee4QQx
|
||||
OR/nhmECgYEAwc7/woIMJFOSfo3IgsYU8a7KKQ0w2JSvXMND9IkMjo/Oc8mT08Z1
|
||||
hMv77bCX4zZr162Wg02BgA5rKPHu56ofjOBeQvabfmzB0d+H/mxv/V7PC50QBqLd
|
||||
zcepulF4OHOf+b2vKPmgN/HoQQyISw6l7SwuOH0gQI+SOxyBNuIIqN0=
|
||||
-----END RSA PRIVATE KEY-----""",
|
||||
'issuer': 'http://localhost:8000',
|
||||
'signing': True,
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{% extends "core/skel.html" %}
|
||||
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block title %}
|
||||
|
@ -15,8 +15,8 @@
|
|||
<input type="hidden" name="RelayState" value="{{ relay_state }}" />
|
||||
<input type="hidden" name="SAMLResponse" value="{{ saml_response }}" />
|
||||
<label class="title">
|
||||
<clr-icon shape="supervisr" class="is-info" size="48"></clr-icon>
|
||||
{% supervisr_setting 'branding' %}
|
||||
<clr-icon shape="passbook" class="is-info" size="48"></clr-icon>
|
||||
{% config 'passbook.branding' %}
|
||||
</label>
|
||||
<label class="subtitle">
|
||||
{% trans 'SSO - Authorize External Source' %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{% extends "_admin/module_default.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title "Overview" %}
|
||||
|
@ -39,7 +39,7 @@
|
|||
</section>
|
||||
</div>
|
||||
<div class="card-footer">
|
||||
<a href="{% url 'supervisr_mod_auth_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a>
|
||||
<a href="{% url 'passbook_saml_idp:metadata_xml' %}" class="btn btn-primary"><clr-icon shape="download"></clr-icon>{% trans 'Download Metadata' %}</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""Supervisr SAML IDP URLs"""
|
||||
"""passbook SAML IDP URLs"""
|
||||
from django.conf.urls import url
|
||||
|
||||
from passbook.saml_idp import views
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
from logging import getLogger
|
||||
|
||||
from passbook.lib.utils import render_to_string
|
||||
from passbook.lib.utils.template import render_to_string
|
||||
from passbook.saml_idp.xml_signing import (get_signature_xml, load_certificate,
|
||||
load_private_key, sign_with_signxml)
|
||||
|
||||
|
|
|
@ -7,15 +7,15 @@ from defusedxml import ElementTree
|
|||
from signxml import XMLSigner
|
||||
from signxml.util import strip_pem_header
|
||||
|
||||
from passbook.core.models import Setting
|
||||
from passbook.lib.utils import render_to_string
|
||||
from passbook.lib.config import CONFIG
|
||||
from passbook.lib.utils.template import render_to_string
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
||||
def load_certificate(strip=False):
|
||||
"""Get Public key from config"""
|
||||
cert = Setting.get('certificate')
|
||||
cert = CONFIG.y('saml_idp.certificate', '')
|
||||
if strip:
|
||||
return strip_pem_header(cert.replace('\r', '')).replace('\n', '')
|
||||
return cert
|
||||
|
@ -23,7 +23,7 @@ def load_certificate(strip=False):
|
|||
|
||||
def load_private_key():
|
||||
"""Get Private Key from config"""
|
||||
return Setting.get('private_key')
|
||||
return CONFIG.y('saml_idp.key', '')
|
||||
|
||||
|
||||
def sign_with_signxml(private_key, data, cert, reference_uri=None):
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""Supervisr 2FA Forms"""
|
||||
"""passbook 2FA Forms"""
|
||||
|
||||
from django import forms
|
||||
from django.core.validators import RegexValidator
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% extends "user/base.html" %}
|
||||
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
{% load i18n %}
|
||||
{% load hostname %}
|
||||
{% load setting %}
|
||||
|
@ -31,9 +31,9 @@
|
|||
</p>
|
||||
<p>
|
||||
{% if not state %}
|
||||
<a href="{% url 'supervisr_mod_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a>
|
||||
<a href="{% url 'passbook_tfa:tfa-enable' %}" class="btn btn-success btn-sm">{% trans "Enable 2FA" %}</a>
|
||||
{% else %}
|
||||
<a href="{% url 'supervisr_mod_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a>
|
||||
<a href="{% url 'passbook_tfa:tfa-disable' %}" class="btn btn-danger btn-sm">{% trans "Disable 2FA" %}</a>
|
||||
{% endif %}
|
||||
</p>
|
||||
</div>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% extends "generic/wizard.html" %}
|
||||
|
||||
{% load supervisr_utils %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title "Setup" %}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
"""
|
||||
Supervisr Mod 2FA Middleware Test
|
||||
"""
|
||||
"""passbook Mod 2FA Middleware Test"""
|
||||
|
||||
import os
|
||||
|
||||
|
@ -8,23 +6,19 @@ from django.contrib.auth.models import AnonymousUser
|
|||
from django.test import RequestFactory, TestCase
|
||||
from django.urls import reverse
|
||||
|
||||
from supervisr.core.views import common
|
||||
from supervisr.mod.tfa.middleware import tfa_force_verify
|
||||
from passbook.core.views import common
|
||||
from passbook.tfa.middleware import tfa_force_verify
|
||||
|
||||
|
||||
class TestMiddleware(TestCase):
|
||||
"""
|
||||
Supervisr 2FA Middleware Test
|
||||
"""
|
||||
"""passbook 2FA Middleware Test"""
|
||||
|
||||
def setUp(self):
|
||||
os.environ['RECAPTCHA_TESTING'] = 'True'
|
||||
self.factory = RequestFactory()
|
||||
|
||||
def test_tfa_force_verify_anon(self):
|
||||
"""
|
||||
Test Anonymous TFA Force
|
||||
"""
|
||||
"""Test Anonymous TFA Force"""
|
||||
request = self.factory.get(reverse('common-index'))
|
||||
request.user = AnonymousUser()
|
||||
response = tfa_force_verify(common.IndexView.as_view())(request)
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
pylint
|
||||
pylint-django
|
||||
isort
|
||||
autopep8
|
||||
django-debug-toolbar
|
||||
-r requirements.txt
|
Reference in a new issue