4915205678
* core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/*: fix flow executor URL * flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/*: update docstrings of models * core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting
78 lines
2.3 KiB
Python
78 lines
2.3 KiB
Python
"""passbook SAML IDP Forms"""
|
|
|
|
from django import forms
|
|
from django.contrib.admin.widgets import FilteredSelectMultiple
|
|
from django.utils.translation import gettext as _
|
|
|
|
from passbook.core.expression import PropertyMappingEvaluator
|
|
from passbook.flows.models import Flow, FlowDesignation
|
|
from passbook.providers.saml.models import (
|
|
SAMLPropertyMapping,
|
|
SAMLProvider,
|
|
get_provider_choices,
|
|
)
|
|
|
|
|
|
class SAMLProviderForm(forms.ModelForm):
|
|
"""SAML Provider form"""
|
|
|
|
authorization_flow = forms.ModelChoiceField(
|
|
queryset=Flow.objects.filter(designation=FlowDesignation.AUTHORIZATION)
|
|
)
|
|
processor_path = forms.ChoiceField(
|
|
choices=get_provider_choices(), label="Processor"
|
|
)
|
|
|
|
class Meta:
|
|
|
|
model = SAMLProvider
|
|
fields = [
|
|
"name",
|
|
"authorization_flow",
|
|
"processor_path",
|
|
"acs_url",
|
|
"audience",
|
|
"issuer",
|
|
"sp_binding",
|
|
"assertion_valid_not_before",
|
|
"assertion_valid_not_on_or_after",
|
|
"session_valid_not_on_or_after",
|
|
"property_mappings",
|
|
"digest_algorithm",
|
|
"require_signing",
|
|
"signature_algorithm",
|
|
"signing_kp",
|
|
]
|
|
widgets = {
|
|
"name": forms.TextInput(),
|
|
"audience": forms.TextInput(),
|
|
"issuer": forms.TextInput(),
|
|
"assertion_valid_not_before": forms.TextInput(),
|
|
"assertion_valid_not_on_or_after": forms.TextInput(),
|
|
"session_valid_not_on_or_after": forms.TextInput(),
|
|
"property_mappings": FilteredSelectMultiple(_("Property Mappings"), False),
|
|
}
|
|
|
|
|
|
class SAMLPropertyMappingForm(forms.ModelForm):
|
|
"""SAML Property Mapping form"""
|
|
|
|
template_name = "saml/idp/property_mapping_form.html"
|
|
|
|
def clean_expression(self):
|
|
"""Test Syntax"""
|
|
expression = self.cleaned_data.get("expression")
|
|
evaluator = PropertyMappingEvaluator()
|
|
evaluator.validate(expression)
|
|
return expression
|
|
|
|
class Meta:
|
|
|
|
model = SAMLPropertyMapping
|
|
fields = ["name", "saml_name", "friendly_name", "expression"]
|
|
widgets = {
|
|
"name": forms.TextInput(),
|
|
"saml_name": forms.TextInput(),
|
|
"friendly_name": forms.TextInput(),
|
|
}
|