4915205678
* core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/*: fix flow executor URL * flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/*: update docstrings of models * core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting
81 lines
2.2 KiB
Python
81 lines
2.2 KiB
Python
"""saml sp models"""
|
|
from django.db import models
|
|
from django.urls import reverse_lazy
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from passbook.core.models import Source
|
|
from passbook.core.types import UILoginButton
|
|
from passbook.crypto.models import CertificateKeyPair
|
|
|
|
|
|
class SAMLBindingTypes(models.TextChoices):
|
|
"""SAML Binding types"""
|
|
|
|
Redirect = "REDIRECT"
|
|
POST = "POST"
|
|
|
|
|
|
class SAMLSource(Source):
|
|
"""SAML Source"""
|
|
|
|
issuer = models.TextField(
|
|
blank=True,
|
|
default=None,
|
|
verbose_name=_("Issuer"),
|
|
help_text=_("Also known as Entity ID. Defaults the Metadata URL."),
|
|
)
|
|
|
|
idp_url = models.URLField(
|
|
verbose_name=_("IDP URL"),
|
|
help_text=_(
|
|
"URL that the initial SAML Request is sent to. Also known as a Binding."
|
|
),
|
|
)
|
|
binding_type = models.CharField(
|
|
max_length=100,
|
|
choices=SAMLBindingTypes.choices,
|
|
default=SAMLBindingTypes.Redirect,
|
|
)
|
|
|
|
idp_logout_url = models.URLField(
|
|
default=None, blank=True, null=True, verbose_name=_("IDP Logout URL")
|
|
)
|
|
auto_logout = models.BooleanField(default=False)
|
|
|
|
signing_kp = models.ForeignKey(
|
|
CertificateKeyPair,
|
|
default=None,
|
|
null=True,
|
|
help_text=_(
|
|
"Certificate Key Pair of the IdP which Assertions are validated against."
|
|
),
|
|
on_delete=models.SET_NULL,
|
|
)
|
|
|
|
form = "passbook.sources.saml.forms.SAMLSourceForm"
|
|
|
|
@property
|
|
def ui_login_button(self) -> UILoginButton:
|
|
return UILoginButton(
|
|
name=self.name,
|
|
url=reverse_lazy(
|
|
"passbook_sources_saml:login", kwargs={"source_slug": self.slug}
|
|
),
|
|
icon_path="",
|
|
)
|
|
|
|
@property
|
|
def ui_additional_info(self) -> str:
|
|
metadata_url = reverse_lazy(
|
|
"passbook_sources_saml:metadata", kwargs={"source_slug": self.slug}
|
|
)
|
|
return f'<a href="{metadata_url}" class="btn btn-default btn-sm">Metadata Download</a>'
|
|
|
|
def __str__(self):
|
|
return f"SAML Source {self.name}"
|
|
|
|
class Meta:
|
|
|
|
verbose_name = _("SAML Source")
|
|
verbose_name_plural = _("SAML Sources")
|