def _handle_consent_response(self, context):
"""
Endpoint for handling consent service response
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: response context
:return: response
"""
consent_state = context.state[STATE_KEY]
saved_resp = consent_state["internal_resp"]
internal_response = InternalData.from_dict(saved_resp)
hash_id = self._get_consent_id(internal_response.requester, internal_response.subject_id,
internal_response.attributes)
try:
consent_attributes = self._verify_consent(hash_id)
except ConnectionError as e:
satosa_logging(logger, logging.ERROR,
"Consent service is not reachable, no consent given.", context.state)
# Send an internal_response without any attributes
consent_attributes = None
if consent_attributes is None:
satosa_logging(logger, logging.INFO, "Consent was NOT given", context.state)
# If consent was not given, then don't send any attributes
consent_attributes = []
else:
satosa_logging(logger, logging.INFO, "Consent was given", context.state)
internal_response.attributes = self._filter_attributes(internal_response.attributes, consent_attributes)
return self._end_consent(context, internal_response)
def _handle_al_response(self, context):
"""
Endpoint for handling account linking service response. When getting here
user might have approved or rejected linking their account
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response
"""
saved_state = context.state[self.name]
internal_response = InternalData.from_dict(saved_state)
#subject_id here is the linked id , not the facebook one, Figure out what to do
status_code, message = self._get_uuid(context, internal_response.auth_info.issuer, internal_response.attributes['issuer_user_id'])
if status_code == 200:
satosa_logging(logger, logging.INFO, "issuer/id pair is linked in AL service",
context.state)
internal_response.subject_id = message
if self.id_to_attr:
internal_response.attributes[self.id_to_attr] = [message]
del context.state[self.name]
return super().process(context, internal_response)
else:
# User selected not to link their accounts, so the internal.response.subject_id is based on the
# issuers id/sub which is fine
satosa_logging(logger, logging.INFO, "User selected to not link their identity in AL service",
context.state)
del context.state[self.name]
return super().process(context, internal_response)
def from_dict(cls, data):
instance = InternalData.from_dict(data)
instance.attributes = data.get("attributes") or data.get(
"approved_attributes")
instance.subject_type = data.get("subject_type") or data.get(
"user_id_hash_type")
instance.subject_id = (data.get("subject_id") or data.get("user_id")
or data.get("name_id"))
return instance
def _handle_disco_response(self, context:Context):
target_issuer = context.request.get('entityID')
if not target_issuer:
raise DiscoToTargetIssuerError('no valid entity_id in the disco response')
target_frontend = context.state.get(self.name, {}).get('target_frontend')
data_serialized = context.state.get(self.name, {}).get('internal_data', {})
data = InternalData.from_dict(data_serialized)
context.target_frontend = target_frontend
context.decorate(Context.KEY_TARGET_ENTITYID, target_issuer)
return super().process(context, data)
def _handle_webauthn_response(self, context):
saved_state = context.state[self.name]
internal_response = InternalData.from_dict(saved_state)
message = {
"user_id": internal_response["attributes"][self.user_id][0],
"nonce": internal_response['nonce'],
"time": str(int(time.time()))
}
message_json = json.dumps(message)
jws = JWS(message_json,
alg=self.signing_key.alg).sign_compact([self.signing_key])
request = self.api_url + "/" + jws
response = requests.get(request)
response_dict = json.loads(response.text)
if response_dict["result"] != "okay" or not hmac.compare_digest(
response_dict["nonce"], internal_response["nonce"]):
raise Exception("Authentication was unsuccessful.")
if "authn_context_class_ref" in context.state:
internal_response["auth_info"]["auth_class_ref"] = context.state[
"authn_context_class_ref"]
return super().process(context, internal_response)
