From 1d59653f62c803ba1c150a67b1127b3019ef5b2d Mon Sep 17 00:00:00 2001 From: Kostas Papadimitriou Date: Thu, 13 Dec 2012 15:52:14 +0200 Subject: [PATCH] Configurable shibboleth provider strict mode shibboleth provider can now be configured whether or not to require additional provider information. --- snf-astakos-app/astakos/im/auth_providers.py | 3 +++ snf-astakos-app/astakos/im/settings.py | 5 +++++ snf-astakos-app/astakos/im/target/shibboleth.py | 6 +++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/snf-astakos-app/astakos/im/auth_providers.py b/snf-astakos-app/astakos/im/auth_providers.py index a3f713e..97438c6 100644 --- a/snf-astakos-app/astakos/im/auth_providers.py +++ b/snf-astakos-app/astakos/im/auth_providers.py @@ -100,6 +100,9 @@ class AuthProvider(object): def get_setting(self, name, default=None): attr = 'ASTAKOS_AUTH_PROVIDER_%s_%s' % (self.module.upper(), name.upper()) + attr_sec = 'ASTAKOS_%s_%s' % (self.module.upper(), name.upper()) + if not hasattr(settings, attr): + return getattr(settings, attr_sec, default) return getattr(settings, attr, default) def is_available_for_login(self): diff --git a/snf-astakos-app/astakos/im/settings.py b/snf-astakos-app/astakos/im/settings.py index dc3ac36..9aa7287 100644 --- a/snf-astakos-app/astakos/im/settings.py +++ b/snf-astakos-app/astakos/im/settings.py @@ -271,3 +271,8 @@ RESOURCES_PRESENTATION_DATA = getattr( # Permit local account migration ENABLE_LOCAL_ACCOUNT_MIGRATION = getattr(settings, 'ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION', True) + +# Strict shibboleth usage +SHIBBOLETH_REQUIRE_NAME_INFO = getattr(settings, + 'ASTAKOS_SHIBBOLETH_REQUIRE_NAME_INFO', + False) diff --git a/snf-astakos-app/astakos/im/target/shibboleth.py b/snf-astakos-app/astakos/im/target/shibboleth.py index 8ce8c7e..f4d002e 100644 --- a/snf-astakos-app/astakos/im/target/shibboleth.py +++ b/snf-astakos-app/astakos/im/target/shibboleth.py @@ -95,7 +95,11 @@ def login( elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens: realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME] else: - realname = '' + print settings.SHIBBOLETH_REQUIRE_NAME_INFO, "LALALALAL" + if settings.SHIBBOLETH_REQUIRE_NAME_INFO: + raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME)) + else: + realname = '' except KeyError, e: # invalid shibboleth headers, redirect to login, display message messages.error(request, e.message) -- 1.7.10.4