Skip to content
Snippets Groups Projects
Commit 8fbd2510 authored by Florent Aide's avatar Florent Aide
Browse files

Now with proper request encoding!!! we will now test the signature test

parent c12a384b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
auth_saml.py
+ 7
9
View file @ 8fbd2510
from openerp.osv import osv, fields
import lasso
import simplejson
class auth_saml_provider(osv.osv):
......@@ -10,7 +11,7 @@
_order = 'name'
def _get_lasso_for_provider(self, cr, uid, provider_id, context=None):
print cr, uid, provider_id, context
#print cr, uid, provider_id, context
provider = self.browse(cr, uid, provider_id, context=context)
# TODO: we should cache those results somewhere because it is
......@@ -25,7 +26,7 @@
)
return lasso.Login(server)
def _get_auth_request(self, cr, uid, ids, name, args, context=None):
def _get_auth_request(self, cr, uid, id_, state, context=None):
"""build an authentication request and give it back to our client
WARNING: this method cannot be used for multiple ids
"""
......@@ -29,11 +30,10 @@
"""build an authentication request and give it back to our client
WARNING: this method cannot be used for multiple ids
"""
result = {}
login = self._get_lasso_for_provider(cr, uid, ids[0], context=context)
login = self._get_lasso_for_provider(cr, uid, id_, context=context)
# ! -- this is the part that MUST be performed on each call and
# cannot be cached
login.initAuthnRequest()
login.request.nameIdPolicy.format = None
login.request.nameIdPolicy.allowCreate = True
......@@ -34,9 +34,10 @@
# ! -- this is the part that MUST be performed on each call and
# cannot be cached
login.initAuthnRequest()
login.request.nameIdPolicy.format = None
login.request.nameIdPolicy.allowCreate = True
login.msgRelayState = simplejson.dumps(state)
login.buildAuthnRequestMsg()
# msgUrl is a fully encoded url ready for redirect use
......@@ -40,12 +41,10 @@
login.buildAuthnRequestMsg()
# msgUrl is a fully encoded url ready for redirect use
result[ids[0]] = login.msgUrl
#print "*" * 35
#print result
return result
# obtained after the buildAuthnRequestMsg() call
return login.msgUrl
_columns = {
# Name of the OAuth2 entity, authentic, xcg...
'name': fields.char('Provider name'),
'idp_metadata': fields.text('IDP Configuration'),
......@@ -47,9 +46,8 @@
_columns = {
# Name of the OAuth2 entity, authentic, xcg...
'name': fields.char('Provider name'),
'idp_metadata': fields.text('IDP Configuration'),
'auth_req': fields.function(_get_auth_request),
'sp_metadata': fields.text('SP Configuration'),
'sp_pkey': fields.text(
'Private key of our service provider (this openerpserver)'
......
controllers/main.py
+ 35
3
View file @ 8fbd2510
......@@ -43,4 +43,31 @@
_cp_path = '/auth_saml'
@oeweb.jsonrequest
def get_auth_request(self, req, relaystate):
"""state is the JSONified state object and we need to pass
it inside our request as the RelayState argument
"""
state = simplejson.loads(relaystate)
dbname = state['d']
provider_id = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
provider_osv = registry.get('auth.saml.provider')
auth_request = None
try:
with registry.cursor() as cr:
auth_request = provider_osv._get_auth_request(
cr, SUPERUSER_ID, provider_id, state, context=context
)
except Exception, e:
_logger.exception("SAML2: %s" % str(e))
return {'auth_request': auth_request}
@oeweb.jsonrequest
def list_providers(self, req, dbname):
......@@ -46,4 +73,5 @@
def list_providers(self, req, dbname):
l = []
try:
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
......@@ -56,7 +84,6 @@
except Exception, e:
_logger.exception("SAML2: %s" % str(e))
l = []
return l
......@@ -73,6 +100,7 @@
provider = state['p']
context = state.get('c', {})
registry = RegistryManager.get(dbname)
with registry.cursor() as cr:
try:
u = registry.get('res.users')
......@@ -92,9 +120,10 @@
except AttributeError, e:
print e
# auth_signup is not installed
_logger.error("auth_signup not installed on database %s: saml sign up cancelled." % (dbname,))
_logger.error("auth_signup not installed on database "
"%s: saml sign up cancelled." % (dbname,))
url = "/#action=login&saml_error=1"
except openerp.exceptions.AccessDenied:
# saml credentials not valid,
# user could be on a temporary session
......@@ -96,9 +125,12 @@
url = "/#action=login&saml_error=1"
except openerp.exceptions.AccessDenied:
# saml credentials not valid,
# user could be on a temporary session
_logger.info('SAML2: access denied, redirect to main page in case a valid session exists, without setting cookies')
_logger.info('SAML2: access denied, redirect to main page '
'in case a valid session exists, '
'without setting cookies')
url = "/#action=login&saml_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
......
static/src/js/auth_saml.js
+ 4
5
View file @ 8fbd2510
......@@ -53,8 +53,7 @@
},
do_saml_sign_in: function(provider) {
var state = this._saml_state(provider);
var params = {
RelayState: JSON.stringify(state),
};
var url = provider.auth_req + "&" + $.param(params);
this.rpc("/auth_saml/get_auth_request", { relaystate: JSON.stringify(state) }).done(this.on_request_loaded);
},
on_request_loaded: function(result) {
// redirect to the saml idp
......@@ -60,5 +59,5 @@
// redirect to the saml idp
instance.web.redirect(url);
instance.web.redirect(result.auth_request);
},
_saml_state: function(provider) {
// return the state object sent back with the redirected uri
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment