Revision ed88de55 snf-astakos-app/astakos/im/views/target/shibboleth.py
| b/snf-astakos-app/astakos/im/views/target/shibboleth.py | ||
|---|---|---|
| 38 | 38 |
from django.http import HttpResponseRedirect |
| 39 | 39 |
|
| 40 | 40 |
from astakos.im.util import login_url |
| 41 |
from astakos.im.models import AstakosUser |
|
| 41 |
from astakos.im.models import AstakosUser, AstakosUserAuthProvider, \ |
|
| 42 |
PendingThirdPartyUser |
|
| 42 | 43 |
from astakos.im import settings |
| 43 | 44 |
from astakos.im.views.target import get_pending_key, \ |
| 44 | 45 |
handle_third_party_signup, handle_third_party_login, \ |
| ... | ... | |
| 51 | 52 |
logger = logging.getLogger(__name__) |
| 52 | 53 |
|
| 53 | 54 |
|
| 55 |
def migrate_eppn_to_remote_id(eppn, remote_id): |
|
| 56 |
""" |
|
| 57 |
Retrieve active and pending accounts that are associated with shibboleth |
|
| 58 |
using EPPN as the third party unique identifier update them by storing |
|
| 59 |
REMOTE_USER value instead. |
|
| 60 |
""" |
|
| 61 |
if eppn == remote_id: |
|
| 62 |
return |
|
| 63 |
|
|
| 64 |
try: |
|
| 65 |
provider = AstakosUserAuthProvider.objects.get(module='shibboleth', |
|
| 66 |
identifier=eppn) |
|
| 67 |
msg = "Migrating user %r eppn (%s -> %s)" |
|
| 68 |
logger.info(msg, provider.user.log_display, eppn, remote_id) |
|
| 69 |
provider.identifier = remote_id |
|
| 70 |
provider.save() |
|
| 71 |
except AstakosUserAuthProvider.DoesNotExist: |
|
| 72 |
pass |
|
| 73 |
|
|
| 74 |
pending_users = \ |
|
| 75 |
PendingThirdPartyUser.objects.filter(third_party_identifier=eppn, |
|
| 76 |
provider='shibboleth') |
|
| 77 |
|
|
| 78 |
for pending in pending_users: |
|
| 79 |
msg = "Migrating pending user %s eppn (%s -> %s)" |
|
| 80 |
logger.info(msg, pending.email, eppn, remote_id) |
|
| 81 |
pending.third_party_identifier = remote_id |
|
| 82 |
pending.save() |
|
| 83 |
|
|
| 84 |
return remote_id |
|
| 85 |
|
|
| 86 |
|
|
| 54 | 87 |
class Tokens: |
| 55 | 88 |
# these are mapped by the Shibboleth SP software |
| 56 | 89 |
SHIB_EPPN = "HTTP_EPPN" # eduPersonPrincipalName |
| ... | ... | |
| 90 | 123 |
logger.info("shibboleth request: %r" % shibboleth_headers)
|
| 91 | 124 |
|
| 92 | 125 |
try: |
| 93 |
eppn = tokens.get(Tokens.SHIB_EPPN) |
|
| 126 |
eppn = tokens.get(Tokens.SHIB_EPPN, None) |
|
| 127 |
user_id = tokens.get(Tokens.SHIB_REMOTE_USER) |
|
| 94 | 128 |
fullname, first_name, last_name, email = None, None, None, None |
| 95 | 129 |
if global_settings.DEBUG and not eppn: |
| 130 |
user_id = getattr(global_settings, 'SHIBBOLETH_TEST_REMOTE_USER', |
|
| 131 |
None) |
|
| 96 | 132 |
eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None) |
| 97 | 133 |
fullname = getattr(global_settings, 'SHIBBOLETH_TEST_FULLNAME', |
| 98 | 134 |
None) |
| 99 | 135 |
|
| 100 |
if not eppn:
|
|
| 101 |
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_EPPN) % {
|
|
| 136 |
if not user_id:
|
|
| 137 |
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_USER_ID) % {
|
|
| 102 | 138 |
'domain': settings.BASE_HOST, |
| 103 | 139 |
'contact_email': settings.CONTACT_EMAIL |
| 104 | 140 |
}) |
| ... | ... | |
| 126 | 162 |
messages.error(request, e.message) |
| 127 | 163 |
return HttpResponseRedirect(login_url(request)) |
| 128 | 164 |
|
| 165 |
if settings.SHIBBOLETH_MIGRATE_EPPN: |
|
| 166 |
migrate_eppn_to_remote_id(eppn, user_id) |
|
| 167 |
|
|
| 129 | 168 |
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth') |
| 130 | 169 |
email = tokens.get(Tokens.SHIB_MAIL, '') |
| 131 |
eppn_info = tokens.get(Tokens.SHIB_EPPN) |
|
| 132 |
provider_info = {'eppn': eppn_info, 'email': email, 'name': fullname,
|
|
| 133 |
'headers': shibboleth_headers} |
|
| 134 |
userid = eppn |
|
| 170 |
provider_info = {'eppn': eppn, 'email': email, 'name': fullname,
|
|
| 171 |
'headers': shibboleth_headers, 'user_id': user_id} |
|
| 135 | 172 |
|
| 136 | 173 |
|
| 137 | 174 |
try: |
| 138 | 175 |
return handle_third_party_login(request, 'shibboleth', |
| 139 |
eppn, provider_info,
|
|
| 176 |
user_id, provider_info,
|
|
| 140 | 177 |
affiliation, third_party_key) |
| 141 | 178 |
except AstakosUser.DoesNotExist, e: |
| 142 | 179 |
third_party_key = get_pending_key(request) |
| ... | ... | |
| 144 | 181 |
'first_name': first_name, |
| 145 | 182 |
'last_name': last_name, |
| 146 | 183 |
'email': email} |
| 147 |
return handle_third_party_signup(request, userid, 'shibboleth', |
|
| 184 |
return handle_third_party_signup(request, user_id, 'shibboleth',
|
|
| 148 | 185 |
third_party_key, |
| 149 | 186 |
provider_info, |
| 150 | 187 |
user_info, |
Also available in: Unified diff