def runTest(self):
""" Tests the ICTVObject SQLObject """
user = User(fullname='User', email='test@localhost')
assert user.to_dictionary(['fullname', 'email']) == {
'fullname': 'User',
'email': 'test@localhost'
}
def post(self):
"""
Receive the POST binding request from IDP.
- process the request
- extract user attributes
- create a new User if it doesn't exist
- fill in the session
- redirect to RelayState or /
"""
# SAML boiler plate code
req = prepare_request()
settings = build_settings(self.config['saml2'])
# this is the object to interact with the shibboleth parameters
auth = init_saml_auth(req, settings)
errors = []
not_auth_warn = False
success_slo = False
input_data = flask.request.form
if 'acs' in flask.request.args:
auth.process_response() # decrypt and extract informations
errors = auth.get_errors()
not_auth_warn = not auth.is_authenticated()
if len(errors) == 0:
attrs = auth.get_attributes(
) # get attributes returned by the shibboleth idp
for key in attrs.keys():
print("(" + key + ", " + str(attrs[key]) + ")")
username = attrs[settings['sp']['attrs']['username']][0]
realname = attrs[settings['sp']['attrs']['realname']][0]
email = attrs[settings['sp']['attrs']['email']][0]
u = User.selectBy(email=email).getOne(None)
if not u: # The user does not exist in our DB
u = User(username=username,
email=email,
fullname=realname,
super_admin=False,
disabled=True)
self.session['user'] = u.to_dictionary(
['id', 'fullname', 'username', 'email'])
self_url = OneLogin_Saml2_Utils.get_self_url(req)
if 'RelayState' in input_data and self_url != input_data[
'RelayState']:
return resp.seeother(
auth.redirect_to(input_data['RelayState']))
return resp.seeother('/')