trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/saml: more typehints

This commit is contained in:
Jens Langhammer 2020-02-17 15:40:49 +01:00
parent 773a9c0692
commit 32a48fa07a
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
passbook/providers/saml/views.py
View File

@ -27,7 +27,7 @@ LOGGER = get_logger()
URL_VALIDATOR = URLValidator(schemes=("http", "https")) URL_VALIDATOR = URLValidator(schemes=("http", "https"))
def _generate_response(request: HttpRequest, provider: SAMLProvider): def _generate_response(request: HttpRequest, provider: SAMLProvider) -> HttpResponse:
"""Generate a SAML response using processor_instance and return it in the proper Django """Generate a SAML response using processor_instance and return it in the proper Django
response.""" response."""
try: try:
@ -58,13 +58,16 @@ class AccessRequiredView(AccessMixin, View):
def _has_access(self) -> bool: def _has_access(self) -> bool:
"""Check if user has access to application""" """Check if user has access to application"""
LOGGER.debug(
"_has_access", user=self.request.user, app=self.provider.application
)
policy_engine = PolicyEngine( policy_engine = PolicyEngine(
self.provider.application.policies.all(), self.request.user, self.request self.provider.application.policies.all(), self.request.user, self.request
) )
policy_engine.build() policy_engine.build()
return policy_engine.passing return policy_engine.passing
def dispatch(self, request, *args, **kwargs): def dispatch(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
if not request.user.is_authenticated: if not request.user.is_authenticated:
return self.handle_no_permission() return self.handle_no_permission()
if not self._has_access(): if not self._has_access():
@ -84,7 +87,7 @@ class LoginBeginView(AccessRequiredView):
stores it in the session prior to enforcing login.""" stores it in the session prior to enforcing login."""
@method_decorator(csrf_exempt) @method_decorator(csrf_exempt)
def dispatch(self, request, application): def dispatch(self, request: HttpRequest, application: str) -> HttpResponse:
if request.method == "POST": if request.method == "POST":
source = request.POST source = request.POST
else: else:
@ -108,7 +111,9 @@ class LoginBeginView(AccessRequiredView):
class RedirectToSPView(AccessRequiredView): class RedirectToSPView(AccessRequiredView):
"""Return autosubmit form""" """Return autosubmit form"""
def get(self, request, acs_url, saml_response, relay_state): def get(
self, request: HttpRequest, acs_url: str, saml_response: str, relay_state: str
) -> HttpResponse:
"""Return autosubmit form""" """Return autosubmit form"""
return render( return render(
request, request,
@ -149,7 +154,7 @@ class LoginProcessView(AccessRequiredView):
return HttpResponseBadRequest() return HttpResponseBadRequest()
# pylint: disable=unused-argument # pylint: disable=unused-argument
def post(self, request, application: str) -> HttpResponse: def post(self, request: HttpRequest, application: str) -> HttpResponse:
"""Handle post request, return back to ACS""" """Handle post request, return back to ACS"""
# User access gets checked in dispatch # User access gets checked in dispatch
if request.POST.get("ACSUrl", None): if request.POST.get("ACSUrl", None):
@ -178,7 +183,7 @@ class LogoutView(CSRFExemptMixin, AccessRequiredView):
though it's technically not SAML 2.0).""" though it's technically not SAML 2.0)."""
# pylint: disable=unused-argument # pylint: disable=unused-argument
def get(self, request, application): def get(self, request: HttpRequest, application: str) -> HttpResponse:
"""Perform logout""" """Perform logout"""
logout(request) logout(request)
@ -199,7 +204,7 @@ class SLOLogout(CSRFExemptMixin, AccessRequiredView):
logs out the user and returns a standard logged-out page.""" logs out the user and returns a standard logged-out page."""
# pylint: disable=unused-argument # pylint: disable=unused-argument
def post(self, request, application): def post(self, request: HttpRequest, application: str) -> HttpResponse:
"""Perform logout""" """Perform logout"""
request.session["SAMLRequest"] = request.POST["SAMLRequest"] request.session["SAMLRequest"] = request.POST["SAMLRequest"]
# TODO: Parse SAML LogoutRequest from POST data, similar to login_process(). # TODO: Parse SAML LogoutRequest from POST data, similar to login_process().
@ -214,7 +219,7 @@ class SLOLogout(CSRFExemptMixin, AccessRequiredView):
class DescriptorDownloadView(AccessRequiredView): class DescriptorDownloadView(AccessRequiredView):
"""Replies with the XML Metadata IDSSODescriptor.""" """Replies with the XML Metadata IDSSODescriptor."""
def get(self, request, application): def get(self, request: HttpRequest, application: str) -> HttpResponse:
"""Replies with the XML Metadata IDSSODescriptor.""" """Replies with the XML Metadata IDSSODescriptor."""
entity_id = self.provider.issuer entity_id = self.provider.issuer
slo_url = request.build_absolute_uri( slo_url = request.build_absolute_uri(
@ -250,7 +255,7 @@ class InitiateLoginView(AccessRequiredView):
"""IdP-initiated Login""" """IdP-initiated Login"""
# pylint: disable=unused-argument # pylint: disable=unused-argument
def get(self, request, application): def get(self, request: HttpRequest, application: str) -> HttpResponse:
"""Initiates an IdP-initiated link to a simple SP resource/target URL.""" """Initiates an IdP-initiated link to a simple SP resource/target URL."""
self.provider.processor.init_deep_link(request, "") self.provider.processor.init_deep_link(request, "")
self.provider.processor.is_idp_initiated = True self.provider.processor.is_idp_initiated = True