sources/saml(minor): disallow login if source is not enabled

This commit is contained in:
Langhammer, Jens 2019-11-07 17:35:25 +01:00
parent bac8227371
commit adc3dcc2c4
1 changed files with 8 additions and 1 deletions

View File

@ -3,7 +3,7 @@ import base64
from defusedxml import ElementTree
from django.contrib.auth import login, logout
from django.http import HttpRequest, HttpResponse
from django.http import HttpRequest, HttpResponse, Http404
from django.shortcuts import get_object_or_404, redirect, render, reverse
from django.utils.decorators import method_decorator
from django.views import View
@ -24,6 +24,8 @@ class InitiateView(View):
def get(self, request: HttpRequest, source: str) -> HttpResponse:
"""Replies with an XHTML SSO Request."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
sso_destination = request.GET.get('next', None)
request.session['sso_destination'] = sso_destination
parameters = {
@ -49,6 +51,9 @@ class ACSView(View):
def post(self, request: HttpRequest, source: str) -> HttpResponse:
"""Handles a POSTed SSO Assertion and logs the user in."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
# sso_session = request.POST.get('RelayState', None)
data = request.POST.get('SAMLResponse', None)
response = base64.b64decode(data)
@ -65,6 +70,8 @@ class SLOView(View):
def dispatch(self, request: HttpRequest, source: str) -> HttpResponse:
"""Replies with an XHTML SSO Request."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
logout(request)
return render(request, 'saml/sp/sso_single_logout.html', {
'idp_logout_url': source.idp_logout_url,