sources/saml(minor): disallow login if source is not enabled

This commit is contained in:
Langhammer, Jens 2019-11-07 17:35:25 +01:00
parent bac8227371
commit adc3dcc2c4
1 changed files with 8 additions and 1 deletions

View File

@ -3,7 +3,7 @@ import base64
from defusedxml import ElementTree from defusedxml import ElementTree
from django.contrib.auth import login, logout from django.contrib.auth import login, logout
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse, Http404
from django.shortcuts import get_object_or_404, redirect, render, reverse from django.shortcuts import get_object_or_404, redirect, render, reverse
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.views import View from django.views import View
@ -24,6 +24,8 @@ class InitiateView(View):
def get(self, request: HttpRequest, source: str) -> HttpResponse: def get(self, request: HttpRequest, source: str) -> HttpResponse:
"""Replies with an XHTML SSO Request.""" """Replies with an XHTML SSO Request."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source) source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
sso_destination = request.GET.get('next', None) sso_destination = request.GET.get('next', None)
request.session['sso_destination'] = sso_destination request.session['sso_destination'] = sso_destination
parameters = { parameters = {
@ -49,6 +51,9 @@ class ACSView(View):
def post(self, request: HttpRequest, source: str) -> HttpResponse: def post(self, request: HttpRequest, source: str) -> HttpResponse:
"""Handles a POSTed SSO Assertion and logs the user in.""" """Handles a POSTed SSO Assertion and logs the user in."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
# sso_session = request.POST.get('RelayState', None) # sso_session = request.POST.get('RelayState', None)
data = request.POST.get('SAMLResponse', None) data = request.POST.get('SAMLResponse', None)
response = base64.b64decode(data) response = base64.b64decode(data)
@ -65,6 +70,8 @@ class SLOView(View):
def dispatch(self, request: HttpRequest, source: str) -> HttpResponse: def dispatch(self, request: HttpRequest, source: str) -> HttpResponse:
"""Replies with an XHTML SSO Request.""" """Replies with an XHTML SSO Request."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source) source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
if not source.enabled:
raise Http404
logout(request) logout(request)
return render(request, 'saml/sp/sso_single_logout.html', { return render(request, 'saml/sp/sso_single_logout.html', {
'idp_logout_url': source.idp_logout_url, 'idp_logout_url': source.idp_logout_url,