Revision ed88de55 snf-astakos-app/astakos/im/views/target/shibboleth.py
b/snf-astakos-app/astakos/im/views/target/shibboleth.py | ||
---|---|---|
38 | 38 |
from django.http import HttpResponseRedirect |
39 | 39 |
|
40 | 40 |
from astakos.im.util import login_url |
41 |
from astakos.im.models import AstakosUser |
|
41 |
from astakos.im.models import AstakosUser, AstakosUserAuthProvider, \ |
|
42 |
PendingThirdPartyUser |
|
42 | 43 |
from astakos.im import settings |
43 | 44 |
from astakos.im.views.target import get_pending_key, \ |
44 | 45 |
handle_third_party_signup, handle_third_party_login, \ |
... | ... | |
51 | 52 |
logger = logging.getLogger(__name__) |
52 | 53 |
|
53 | 54 |
|
55 |
def migrate_eppn_to_remote_id(eppn, remote_id): |
|
56 |
""" |
|
57 |
Retrieve active and pending accounts that are associated with shibboleth |
|
58 |
using EPPN as the third party unique identifier update them by storing |
|
59 |
REMOTE_USER value instead. |
|
60 |
""" |
|
61 |
if eppn == remote_id: |
|
62 |
return |
|
63 |
|
|
64 |
try: |
|
65 |
provider = AstakosUserAuthProvider.objects.get(module='shibboleth', |
|
66 |
identifier=eppn) |
|
67 |
msg = "Migrating user %r eppn (%s -> %s)" |
|
68 |
logger.info(msg, provider.user.log_display, eppn, remote_id) |
|
69 |
provider.identifier = remote_id |
|
70 |
provider.save() |
|
71 |
except AstakosUserAuthProvider.DoesNotExist: |
|
72 |
pass |
|
73 |
|
|
74 |
pending_users = \ |
|
75 |
PendingThirdPartyUser.objects.filter(third_party_identifier=eppn, |
|
76 |
provider='shibboleth') |
|
77 |
|
|
78 |
for pending in pending_users: |
|
79 |
msg = "Migrating pending user %s eppn (%s -> %s)" |
|
80 |
logger.info(msg, pending.email, eppn, remote_id) |
|
81 |
pending.third_party_identifier = remote_id |
|
82 |
pending.save() |
|
83 |
|
|
84 |
return remote_id |
|
85 |
|
|
86 |
|
|
54 | 87 |
class Tokens: |
55 | 88 |
# these are mapped by the Shibboleth SP software |
56 | 89 |
SHIB_EPPN = "HTTP_EPPN" # eduPersonPrincipalName |
... | ... | |
90 | 123 |
logger.info("shibboleth request: %r" % shibboleth_headers) |
91 | 124 |
|
92 | 125 |
try: |
93 |
eppn = tokens.get(Tokens.SHIB_EPPN) |
|
126 |
eppn = tokens.get(Tokens.SHIB_EPPN, None) |
|
127 |
user_id = tokens.get(Tokens.SHIB_REMOTE_USER) |
|
94 | 128 |
fullname, first_name, last_name, email = None, None, None, None |
95 | 129 |
if global_settings.DEBUG and not eppn: |
130 |
user_id = getattr(global_settings, 'SHIBBOLETH_TEST_REMOTE_USER', |
|
131 |
None) |
|
96 | 132 |
eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None) |
97 | 133 |
fullname = getattr(global_settings, 'SHIBBOLETH_TEST_FULLNAME', |
98 | 134 |
None) |
99 | 135 |
|
100 |
if not eppn:
|
|
101 |
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_EPPN) % {
|
|
136 |
if not user_id:
|
|
137 |
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_USER_ID) % {
|
|
102 | 138 |
'domain': settings.BASE_HOST, |
103 | 139 |
'contact_email': settings.CONTACT_EMAIL |
104 | 140 |
}) |
... | ... | |
126 | 162 |
messages.error(request, e.message) |
127 | 163 |
return HttpResponseRedirect(login_url(request)) |
128 | 164 |
|
165 |
if settings.SHIBBOLETH_MIGRATE_EPPN: |
|
166 |
migrate_eppn_to_remote_id(eppn, user_id) |
|
167 |
|
|
129 | 168 |
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth') |
130 | 169 |
email = tokens.get(Tokens.SHIB_MAIL, '') |
131 |
eppn_info = tokens.get(Tokens.SHIB_EPPN) |
|
132 |
provider_info = {'eppn': eppn_info, 'email': email, 'name': fullname, |
|
133 |
'headers': shibboleth_headers} |
|
134 |
userid = eppn |
|
170 |
provider_info = {'eppn': eppn, 'email': email, 'name': fullname, |
|
171 |
'headers': shibboleth_headers, 'user_id': user_id} |
|
135 | 172 |
|
136 | 173 |
|
137 | 174 |
try: |
138 | 175 |
return handle_third_party_login(request, 'shibboleth', |
139 |
eppn, provider_info,
|
|
176 |
user_id, provider_info,
|
|
140 | 177 |
affiliation, third_party_key) |
141 | 178 |
except AstakosUser.DoesNotExist, e: |
142 | 179 |
third_party_key = get_pending_key(request) |
... | ... | |
144 | 181 |
'first_name': first_name, |
145 | 182 |
'last_name': last_name, |
146 | 183 |
'email': email} |
147 |
return handle_third_party_signup(request, userid, 'shibboleth', |
|
184 |
return handle_third_party_signup(request, user_id, 'shibboleth',
|
|
148 | 185 |
third_party_key, |
149 | 186 |
provider_info, |
150 | 187 |
user_info, |
Also available in: Unified diff