sources/saml(minor): disallow login if source is not enabled
This commit is contained in:
parent
bac8227371
commit
adc3dcc2c4
|
@ -3,7 +3,7 @@ import base64
|
||||||
|
|
||||||
from defusedxml import ElementTree
|
from defusedxml import ElementTree
|
||||||
from django.contrib.auth import login, logout
|
from django.contrib.auth import login, logout
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse, Http404
|
||||||
from django.shortcuts import get_object_or_404, redirect, render, reverse
|
from django.shortcuts import get_object_or_404, redirect, render, reverse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.views import View
|
from django.views import View
|
||||||
|
@ -24,6 +24,8 @@ class InitiateView(View):
|
||||||
def get(self, request: HttpRequest, source: str) -> HttpResponse:
|
def get(self, request: HttpRequest, source: str) -> HttpResponse:
|
||||||
"""Replies with an XHTML SSO Request."""
|
"""Replies with an XHTML SSO Request."""
|
||||||
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
|
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
|
||||||
|
if not source.enabled:
|
||||||
|
raise Http404
|
||||||
sso_destination = request.GET.get('next', None)
|
sso_destination = request.GET.get('next', None)
|
||||||
request.session['sso_destination'] = sso_destination
|
request.session['sso_destination'] = sso_destination
|
||||||
parameters = {
|
parameters = {
|
||||||
|
@ -49,6 +51,9 @@ class ACSView(View):
|
||||||
|
|
||||||
def post(self, request: HttpRequest, source: str) -> HttpResponse:
|
def post(self, request: HttpRequest, source: str) -> HttpResponse:
|
||||||
"""Handles a POSTed SSO Assertion and logs the user in."""
|
"""Handles a POSTed SSO Assertion and logs the user in."""
|
||||||
|
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
|
||||||
|
if not source.enabled:
|
||||||
|
raise Http404
|
||||||
# sso_session = request.POST.get('RelayState', None)
|
# sso_session = request.POST.get('RelayState', None)
|
||||||
data = request.POST.get('SAMLResponse', None)
|
data = request.POST.get('SAMLResponse', None)
|
||||||
response = base64.b64decode(data)
|
response = base64.b64decode(data)
|
||||||
|
@ -65,6 +70,8 @@ class SLOView(View):
|
||||||
def dispatch(self, request: HttpRequest, source: str) -> HttpResponse:
|
def dispatch(self, request: HttpRequest, source: str) -> HttpResponse:
|
||||||
"""Replies with an XHTML SSO Request."""
|
"""Replies with an XHTML SSO Request."""
|
||||||
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
|
source: SAMLSource = get_object_or_404(SAMLSource, slug=source)
|
||||||
|
if not source.enabled:
|
||||||
|
raise Http404
|
||||||
logout(request)
|
logout(request)
|
||||||
return render(request, 'saml/sp/sso_single_logout.html', {
|
return render(request, 'saml/sp/sso_single_logout.html', {
|
||||||
'idp_logout_url': source.idp_logout_url,
|
'idp_logout_url': source.idp_logout_url,
|
||||||
|
|
Reference in New Issue