def login(self): """ Handle eggsmell request from the ADFS redirect_uri. """ eggsmell = pylons.request.POST['wresult'] # We grab the metadata for each login because due to opaque # bureaucracy and lack of communication the certificates can be # changed. We looked into this and took made the call based upon lack # of user problems and tech being under our control vs the (small # amount of) latency from a network call per login attempt. metadata = get_federation_metadata(pylons.config['adfs_metadata_url']) x509_certificates = get_certificates(metadata) if not validate_saml(eggsmell, x509_certificates): raise ValueError('Invalid signature') username, email, firstname, surname = get_user_info(eggsmell) if not email: log.error('Unable to login with ADFS') log.error(eggsmell) raise ValueError('No email returned with ADFS') user = _get_user(username) if user: # Existing user log.info('Logging in from ADFS with user: {}'.format(username)) else: # New user, so create a record for them. log.info('Creating user from ADFS') log.info('email: {} firstname: {} surname: {}'.format( email, firstname.encode('utf8'), surname.encode('utf8'))) log.info('Generated username: {}'.format(username)) # TODO: Add the new user to the NHSEngland group? Check this! user = toolkit.get_action('user_create')(context={ 'ignore_auth': True }, data_dict={ 'name': username, 'fullname': firstname + ' ' + surname, 'password': str(uuid.uuid4()), 'email': email }) pylons.session['adfs-user'] = username pylons.session['adfs-email'] = email pylons.session.save() toolkit.redirect_to(controller='user', action='dashboard', id=email) return
def login(self): """ Handle eggsmell request from the ADFS redirect_uri. """ eggsmell = pylons.request.POST['wresult'] # We grab the metadata for each login because due to opaque # bureaucracy and lack of communication the certificates can be # changed. We looked into this and took made the call based upon lack # of user problems and tech being under our control vs the (small # amount of) latency from a network call per login attempt. metadata = get_federation_metadata(pylons.config['adfs_metadata_url']) x509_certificates = get_certificates(metadata) if not validate_saml(eggsmell, x509_certificates): raise ValueError('Invalid signature') username, email, firstname, surname = get_user_info(eggsmell) if not email: log.error('Unable to login with ADFS') log.error(eggsmell) raise ValueError('No email returned with ADFS') user = _get_user(username) if user: # Existing user log.info('Logging in from ADFS with user: {}'.format(username)) else: # New user, so create a record for them. log.info('Creating user from ADFS') log.info('email: {} firstname: {} surname: {}'.format(email, firstname.encode('utf8'), surname.encode('utf8'))) log.info('Generated username: {}'.format(username)) # TODO: Add the new user to the NHSEngland group? Check this! user = toolkit.get_action('user_create')( context={'ignore_auth': True}, data_dict={'name': username, 'fullname': firstname + ' ' + surname, 'password': str(uuid.uuid4()), 'email': email}) pylons.session['adfs-user'] = username pylons.session['adfs-email'] = email pylons.session.save() toolkit.redirect_to(controller='user', action='dashboard', id=email) return
import ckan.plugins as plugins import ckan.plugins.toolkit as toolkit import pylons import uuid from validation import validate_saml from metadata import get_certificates, get_federation_metadata, get_wsfed from extract import get_user_info log = logging.getLogger(__name__) # Some awful XML munging. WSFED_ENDPOINT = '' WTREALM = pylons.config['adfs_wtrealm'] METADATA = get_federation_metadata(pylons.config['adfs_metadata_url']) WSFED_ENDPOINT = get_wsfed(METADATA) if not (WSFED_ENDPOINT): raise ValueError('Unable to read WSFED_ENDPOINT values for ADFS plugin.') def adfs_authentication_endpoint(): url_template = '{}?wa=wsignin1.0&wreq=xml&wtrealm={}' return url_template.format(WSFED_ENDPOINT, WTREALM) def is_adfs_user(): return pylons.session.get('adfs-user')
""" import logging import ckan.plugins as plugins import ckan.plugins.toolkit as toolkit import pylons import uuid from validation import validate_saml from metadata import get_certificates, get_federation_metadata, get_wsfed from extract import get_user_info log = logging.getLogger(__name__) # Some awful XML munging. WSFED_ENDPOINT = '' WTREALM = pylons.config['adfs_wtrealm'] METADATA = get_federation_metadata(pylons.config['adfs_metadata_url']) WSFED_ENDPOINT = get_wsfed(METADATA) if not (WSFED_ENDPOINT): raise ValueError('Unable to read WSFED_ENDPOINT values for ADFS plugin.') def adfs_authentication_endpoint(): url_template = '{}?wa=wsignin1.0&wreq=xml&wtrealm={}' return url_template.format(WSFED_ENDPOINT, WTREALM) def is_adfs_user(): return pylons.session.get('adfs-user')