mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
* Added "get" an "put" methods to storage (much more easy to remember than readData and savedata...)
* Updated callback so it also gets Groups Manager, needed for group validations * Fixed getOrCreateUser at Authenticator model, so it updates the name if new name differs from old name * Removed "return to main" from detectJava, so it transition is more "seamless"
This commit is contained in:
parent
18a30e0068
commit
4b31a78e25
@ -248,7 +248,7 @@ class SampleAuth(auths.Authenticator):
|
||||
return res
|
||||
|
||||
|
||||
def authCallback(self, parameters):
|
||||
def authCallback(self, parameters, gm):
|
||||
'''
|
||||
We provide this as a sample of callback for an user.
|
||||
We will accept all petitions that has "user" parameter
|
||||
|
@ -383,7 +383,7 @@ class Authenticator(Module):
|
||||
'''
|
||||
return None
|
||||
|
||||
def authCallback(self, parameters):
|
||||
def authCallback(self, parameters, gm):
|
||||
'''
|
||||
There is a view inside UDS, an url, that will redirect the petition
|
||||
to this callback.
|
||||
@ -401,6 +401,18 @@ class Authenticator(Module):
|
||||
If this returns None, or empty, the authentication will be considered "invalid"
|
||||
and an error will be shown.
|
||||
|
||||
Args:
|
||||
parameters: all GET and POST received parameters
|
||||
gm: Groups manager, you MUST check group membership using this gm
|
||||
|
||||
Return:
|
||||
An username if validation check is successfull, None if not
|
||||
|
||||
You can also return an exception here and, if you don't wont to check the user login,
|
||||
you can raise :py:class:uds.core.auths.Exceptions.Redirect to redirect user to somewhere.
|
||||
In this case, no user checking will be done. This is usefull to use this url to provide
|
||||
other functionality appart of login, (such as logout)
|
||||
|
||||
:note: Keeping user information about group membership inside storage is highly recommended.
|
||||
There will be calls to getGroups one an again, and also to getRealName, not just
|
||||
at login, but at future (from admin interface, at user editing for example)
|
||||
|
@ -36,9 +36,7 @@ Provides useful functions for authenticating, used by web interface.
|
||||
from functools import wraps
|
||||
from django.http import HttpResponseRedirect
|
||||
from uds.core.util.Config import GlobalConfig
|
||||
from uds.core.auths import GroupsManager
|
||||
from uds.core.auths import Authenticator
|
||||
from uds.core.auths.Exceptions import InvalidAuthenticatorException
|
||||
from uds.core import auths
|
||||
from uds.core.managers.CryptoManager import CryptoManager
|
||||
from uds.core.util.State import State
|
||||
from uds.models import User
|
||||
@ -116,7 +114,7 @@ def authenticate(username, password, authenticator):
|
||||
@return: None if authentication fails, User object (database object) if authentication is o.k.
|
||||
'''
|
||||
logger.debug('Authenticating user {0} with authenticator {1}'.format(username, authenticator))
|
||||
gm = GroupsManager(authenticator)
|
||||
gm = auths.GroupsManager(authenticator)
|
||||
authInstance = authenticator.getInstance()
|
||||
if authInstance.authenticate(username, password, gm) == False:
|
||||
return None
|
||||
@ -149,16 +147,17 @@ def authenticateViaCallback(authenticator, params):
|
||||
callbacks, remember to store (using provided environment storage, for example)
|
||||
the groups of this user so your getGroups will work correctly.
|
||||
'''
|
||||
gm = auths.GroupsManager(authenticator)
|
||||
authInstance = authenticator.getInstance()
|
||||
|
||||
# If there is no callback for this authenticator...
|
||||
if authInstance.authCallback == Authenticator.authCallback:
|
||||
raise InvalidAuthenticatorException()
|
||||
if authInstance.authCallback == auths.Authenticator.authCallback:
|
||||
raise auths.Exceptions.InvalidAuthenticatorException()
|
||||
|
||||
username = authInstance.authCallback(params)
|
||||
username = authInstance.authCallback(params, gm)
|
||||
|
||||
if username is None or username == '':
|
||||
raise InvalidAuthenticatorException()
|
||||
if username is None or username == '' or gm.hasValidGroups() is False:
|
||||
raise auths.Exceptions.InvalidUserException('User don\'t has access to UDS')
|
||||
|
||||
return __registerUser(authenticator, authInstance, username)
|
||||
|
||||
|
@ -61,6 +61,9 @@ class Storage(object):
|
||||
dbStorage.objects.filter(key=key).update(owner = self._owner, data = data, attr1 = attr1)
|
||||
logger.debug('Key saved')
|
||||
|
||||
def put(self, skey, data):
|
||||
return self.saveData(skey, data)
|
||||
|
||||
def updateData(self, skey, data, attr1 = None):
|
||||
self.saveData(skey, data, attr1)
|
||||
|
||||
@ -74,6 +77,9 @@ class Storage(object):
|
||||
logger.debug('key not found')
|
||||
return None
|
||||
|
||||
def get(self, skey):
|
||||
return self.readData(skey)
|
||||
|
||||
def remove(self, skey):
|
||||
try:
|
||||
key = self.__getKey(skey)
|
||||
|
@ -557,6 +557,10 @@ class Authenticator(models.Model):
|
||||
if realName is None:
|
||||
realName = username
|
||||
user, _ = self.users.get_or_create( name = username, defaults = { 'real_name':realName, 'last_access':NEVER, 'state':State.ACTIVE } )
|
||||
if realName != user.real_name:
|
||||
user.real_name = realName
|
||||
user.save()
|
||||
|
||||
return user
|
||||
|
||||
def isValidUser(self, username, falseIfNotExists = True):
|
||||
|
@ -34,7 +34,7 @@
|
||||
|
||||
{% block content %}
|
||||
|
||||
<div>
|
||||
<!--<div>
|
||||
<a href="<a href="{% url uds.web.views.index %}">{% trans "Go to main page" %}
|
||||
</div>
|
||||
</div>-->
|
||||
{% endblock %}
|
@ -32,6 +32,7 @@
|
||||
'''
|
||||
|
||||
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.shortcuts import render_to_response
|
||||
from django.template import RequestContext
|
||||
from django.utils.translation import ugettext as _
|
||||
@ -259,7 +260,7 @@ def transportIcon(request, idTrans):
|
||||
def error(request, idError):
|
||||
return render_to_response('uds/error.html', {'errorString' : errors.errorString(idError) }, context_instance=RequestContext(request))
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
def authCallback(request, authName):
|
||||
'''
|
||||
This url is provided so external SSO authenticators can get an url for
|
||||
@ -273,8 +274,9 @@ def authCallback(request, authName):
|
||||
authenticator = Authenticator.objects.get(name=authName)
|
||||
params = request.GET.copy()
|
||||
params.update(request.POST)
|
||||
params['_request'] = request
|
||||
|
||||
logger.debug('Auth callback for {0} with params {1}'.format(authenticator, params))
|
||||
logger.debug('Auth callback for {0} with params {1}'.format(authenticator, params.keys()))
|
||||
|
||||
user = authenticateViaCallback(authenticator, params)
|
||||
|
||||
@ -297,8 +299,10 @@ def authCallback(request, authName):
|
||||
except auths.Exceptions.Redirect as e:
|
||||
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
|
||||
except Exception as e:
|
||||
logger.exception('authCallback')
|
||||
return errors.exceptionView(request, e)
|
||||
|
||||
@csrf_exempt
|
||||
def authInfo(request, authName):
|
||||
'''
|
||||
This url is provided so authenticators can provide info (such as SAML metadata)
|
||||
@ -314,6 +318,7 @@ def authInfo(request, authName):
|
||||
raise Exception() # This authenticator do not provides info
|
||||
|
||||
params = request.GET.copy()
|
||||
params['_request'] = request
|
||||
|
||||
info = authInstance.getInfo(params)
|
||||
|
||||
|
@ -148,7 +148,7 @@ def createAuthenticator(credentials, type, data):
|
||||
'''
|
||||
dict_ = dictFromData(data)
|
||||
# First create data without serialization, then serialies data with correct environment
|
||||
dict_['request'] = credentials.request
|
||||
dict_['_request'] = credentials.request
|
||||
auth = None
|
||||
try:
|
||||
auth = Authenticator.objects.create(name = dict_['name'], comments = dict_['comments'], data_type = type, priority=int(dict_['priority']))
|
||||
@ -179,7 +179,7 @@ def modifyAuthenticator(credentials, id, data):
|
||||
try:
|
||||
auth = Authenticator.objects.get(pk=id)
|
||||
dict_ = dictFromData(data)
|
||||
dict_['request'] = credentials.request
|
||||
dict_['_request'] = credentials.request
|
||||
a = auth.getInstance(dict_)
|
||||
auth.data = a.serialize()
|
||||
auth.name = dict_['name']
|
||||
@ -208,6 +208,7 @@ def testAuthenticator(credentials, type, data):
|
||||
authType = auths.factory().lookup(type)
|
||||
# We need an "temporary" environment to test this service
|
||||
dict_ = dictFromData(data)
|
||||
dict_['_request'] = credentials.request
|
||||
res = authType.test(Environment.getTempEnv(), dict_)
|
||||
return {'ok' : res[0], 'message' : res[1]}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user