From e5b85e8e6a49f1dcd51331506ff85a3837260101 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 16 Feb 2020 12:29:53 +0100 Subject: [PATCH] providers/saml: move default saml properties to DB --- .../migrations/0003_auto_20200216_1109.py | 79 +++++++++++++++++++ passbook/providers/saml/processors/base.py | 39 ++------- 2 files changed, 84 insertions(+), 34 deletions(-) create mode 100644 passbook/providers/saml/migrations/0003_auto_20200216_1109.py diff --git a/passbook/providers/saml/migrations/0003_auto_20200216_1109.py b/passbook/providers/saml/migrations/0003_auto_20200216_1109.py new file mode 100644 index 000000000..a1076185b --- /dev/null +++ b/passbook/providers/saml/migrations/0003_auto_20200216_1109.py @@ -0,0 +1,79 @@ +# Generated by Django 2.2.9 on 2020-02-16 11:09 + +import django.contrib.postgres.fields +from django.db import migrations, models + + +def create_default_property_mappings(apps, schema_editor): + """Create default SAML Property Mappings""" + SAMLPropertyMapping = apps.get_model( + "passbook_providers_saml", "SAMLPropertyMapping" + ) + db_alias = schema_editor.connection.alias + defaults = [ + { + "FriendlyName": "eduPersonPrincipalName", + "Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", + "Value": "{user.email}", + }, + {"FriendlyName": "cn", "Name": "urn:oid:2.5.4.3", "Value": "{user.name}",}, + { + "FriendlyName": "mail", + "Name": "urn:oid:0.9.2342.19200300.100.1.3", + "Value": "{user.email}", + }, + { + "FriendlyName": "displayName", + "Name": "urn:oid:2.16.840.1.113730.3.1.241", + "Value": "{user.username}", + }, + { + "FriendlyName": "uid", + "Name": "urn:oid:0.9.2342.19200300.100.1.1", + "Value": "{user.pk}", + }, + ] + for default in defaults: + SAMLPropertyMapping.objects.using(db_alias).get_or_create( + saml_name=default["Name"], + friendly_name=default["FriendlyName"], + values=[default["Value"]], + defaults={ + "name": f"Autogenerated SAML Mapping: {default['FriendlyName']} -> {default['Value']}" + }, + ) + + +class Migration(migrations.Migration): + + dependencies = [ + ("passbook_providers_saml", "0002_auto_20200214_1354"), + ] + + operations = [ + migrations.AlterField( + model_name="samlpropertymapping", + name="saml_name", + field=models.TextField(verbose_name="SAML Name"), + ), + migrations.AlterField( + model_name="samlpropertymapping", + name="values", + field=django.contrib.postgres.fields.ArrayField( + base_field=models.TextField(), + help_text="This string can contain string substitutions delimited by {}. The following Variables are available: user, request", + size=None, + ), + ), + migrations.AlterField( + model_name="samlprovider", + name="acs_url", + field=models.URLField(verbose_name="ACS URL"), + ), + migrations.AlterField( + model_name="samlprovider", + name="signing_cert", + field=models.TextField(verbose_name="Singing Certificate"), + ), + migrations.RunPython(create_default_property_mappings), + ] diff --git a/passbook/providers/saml/processors/base.py b/passbook/providers/saml/processors/base.py index 138fda28e..e957e0f72 100644 --- a/passbook/providers/saml/processors/base.py +++ b/passbook/providers/saml/processors/base.py @@ -33,7 +33,6 @@ class Processor: _assertion_params: Dict[str, Union[str, List[Dict[str, str]]]] _request_params: Dict[str, str] - _system_params: Dict[str, str] _response_params: Dict[str, str] @property @@ -45,9 +44,6 @@ class Processor: self.name = remote.name self._remote = remote self._logger = get_logger() - self._system_params = { - "ISSUER": self._remote.issuer, - } def _build_assertion(self): """Builds _assertion_params.""" @@ -70,8 +66,8 @@ class Processor: "SP_NAME_QUALIFIER": self._remote.audience, "SUBJECT": self._http_request.user.email, "SUBJECT_FORMAT": self.subject_format, + "ISSUER": self._remote.issuer, } - self._assertion_params.update(self._system_params) self._assertion_params.update(self._request_params) def _build_response(self): @@ -81,8 +77,8 @@ class Processor: "ISSUE_INSTANT": get_time_string(), "RESPONSE_ID": get_random_id(), "RESPONSE_SIGNATURE": "", # initially unsigned + "ISSUER": self._remote.issuer, } - self._response_params.update(self._system_params) self._response_params.update(self._request_params) def _encode_response(self): @@ -97,33 +93,7 @@ class Processor: def _format_assertion(self): """Formats _assertion_params as _assertion_xml.""" # https://commons.lbl.gov/display/IDMgmt/Attribute+Definitions - self._assertion_params["ATTRIBUTES"] = [ - { - "FriendlyName": "eduPersonPrincipalName", - "Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", - "Value": self._http_request.user.email, - }, - { - "FriendlyName": "cn", - "Name": "urn:oid:2.5.4.3", - "Value": self._http_request.user.name, - }, - { - "FriendlyName": "mail", - "Name": "urn:oid:0.9.2342.19200300.100.1.3", - "Value": self._http_request.user.email, - }, - { - "FriendlyName": "displayName", - "Name": "urn:oid:2.16.840.1.113730.3.1.241", - "Value": self._http_request.user.username, - }, - { - "FriendlyName": "uid", - "Name": "urn:oid:0.9.2342.19200300.100.1.1", - "Value": self._http_request.user.pk, - }, - ] + attributes = [] from passbook.providers.saml.models import SAMLPropertyMapping for mapping in self._remote.property_mappings.all().select_subclasses(): @@ -139,7 +109,8 @@ class Processor: user=self._http_request.user, request=self._http_request ) ) - self._assertion_params["ATTRIBUTES"].append(mapping_payload) + attributes.append(mapping_payload) + self._assertion_params["ATTRIBUTES"] = attributes self._assertion_xml = get_assertion_xml( "saml/xml/assertions/generic.xml", self._assertion_params, signed=True )