def shib_register(request):
attr, error = parse_attributes(request.META)
next = None
if request.method == "POST" and "next" in request.POST:
next = request.POST["next"]
elif request.method == "GET" and "next" in request.GET:
next = request.GET["next"]
if next is not None:
was_redirected = True
redirect_url = next
else:
was_redirected = False
redirect_url = settings.LOGIN_REDIRECT_URL
context = {'shib_attrs': attr,
'was_redirected': was_redirected}
if error:
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
try:
username = attr[settings.SHIB_USERNAME]
# TODO this should log a misconfiguration.
except:
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
if not attr[settings.SHIB_USERNAME] or attr[settings.SHIB_USERNAME] == '':
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
try:
user = User.objects.get(username=attr[settings.SHIB_USERNAME])
except User.DoesNotExist:
user = User.objects.create_user(attr[settings.SHIB_USERNAME], attr[settings.SHIB_EMAIL], '')
user.set_unusable_password()
try:
user.email = attr[settings.SHIB_EMAIL]
user.first_name = attr[settings.SHIB_FIRST_NAME]
user.last_name = attr[settings.SHIB_LAST_NAME]
except:
pass
user.save()
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
shib_logon_done.send(sender=shib_register, user=user, shib_attrs=attr)
if not redirect_url or '//' in redirect_url or ' ' in redirect_url:
redirect_url = settings.LOGIN_REDIRECT_URL
return HttpResponseRedirect(redirect_url)
def shib_register(request):
attr, error = parse_attributes(request.META)
next = None
if request.method == "POST" and "next" in request.POST:
next = request.POST["next"]
elif request.method == "GET" and "next" in request.GET:
next = request.GET["next"]
if next is not None:
was_redirected = True
redirect_url = next
else:
was_redirected = False
redirect_url = settings.LOGIN_REDIRECT_URL
context = {'shib_attrs': attr, 'was_redirected': was_redirected}
if error:
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
try:
username = attr[settings.SHIB_USERNAME]
# TODO this should log a misconfiguration.
except:
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
if not attr[settings.SHIB_USERNAME] or attr[settings.SHIB_USERNAME] == '':
return render_forbidden('shibboleth/attribute_error.html',
context,
context_instance=RequestContext(request))
try:
user = User.objects.get(username=attr[settings.SHIB_USERNAME])
except User.DoesNotExist:
user = User.objects.create_user(attr[settings.SHIB_USERNAME],
attr[settings.SHIB_EMAIL], '')
user.set_unusable_password()
try:
user.email = attr[settings.SHIB_EMAIL]
user.first_name = attr[settings.SHIB_FIRST_NAME]
user.last_name = attr[settings.SHIB_LAST_NAME]
except:
pass
user.save()
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
shib_logon_done.send(sender=shib_register, user=user, shib_attrs=attr)
if not redirect_url or '//' in redirect_url or ' ' in redirect_url:
redirect_url = settings.LOGIN_REDIRECT_URL
return HttpResponseRedirect(redirect_url)
def add_saml_data(applicant, request):
attrs, error = parse_attributes(request.META)
applicant.first_name = attrs['first_name']
applicant.last_name = attrs['last_name']
applicant.email = attrs['email']
applicant.saml_id = attrs['persistent_id']
applicant.telephone = attrs.get('telephone', None)
applicant.institute = Institute.objects.get(saml_entityid=attrs['idp'])
applicant.save()
return applicant
def wrap(request, *args, **kwargs):
if 'HTTP_SHIB_SESSION_ID' in request.META and request.META['HTTP_SHIB_SESSION_ID']:
attr, error = parse_attributes(request.META)
if error:
return render_to_response('shibboleth/attribute_error.html',
{'shib_attrs': attr},
context_instance=RequestContext(request))
else:
return HttpResponseRedirect(build_shib_url(request, request.build_absolute_uri()))
return f(request, *args, **kwargs)
def get_saml_user(request):
attrs, error = parse_attributes(request.META)
return SAMLUser(**attrs)
