def saml(): if "saml" not in syllabus.get_config()['authentication_methods']: abort(404) req = prepare_request(request) req['request_uri'] = request.path # hack to ensure to have the correct path and to avoid RelayState loops auth = init_saml_auth(req, saml_config) # if 'sso' in request.args: # return if request.method == "GET": return redirect(auth.login()) else: auth.process_response() errors = auth.get_errors() # Try and check if IdP is using several signature certificates # This is a limitation of python3-saml for cert in saml_config["idp"].get("additionalX509certs", []): if auth.get_last_error_reason( ) == "Signature validation failed. SAML Response rejected": import copy # Change used IdP certificate new_settings = copy.deepcopy(saml_config) new_settings["idp"]["x509cert"] = cert # Retry processing response auth = init_saml_auth(req, new_settings) auth.process_response() errors = auth.get_errors() if len(errors) == 0: attrs = auth.get_attributes() # session['samlNameId'] = auth.get_nameid() # session['samlSessionIndex'] = auth.get_session_index() username = attrs[saml_config['sp']['attrs']['username']][0] realname = attrs[saml_config['sp']['attrs']['realname']][0] email = attrs[saml_config['sp']['attrs']['email']][0] user = User.query.filter(User.email == email).first() if user is None: # The user does not exist in our DB user = User(name=username, full_name=realname, email=email, hash_password=None, change_password_url=None) db_session.add(user) db_session.commit() session["user"] = user.to_dict() session["user"].update({"login_method": "saml"}) self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in request.form and self_url != request.form[ 'RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) return seeother("/")
def handle_user_registration_infos(inpt, email, activation_required): """ :param inpt: the form containing the username, password confirm-password and email fields :param activation_required: set to true if the user still has to activate its account as of now :return: a new user :raises: UnicodeEncodeError """ username = inpt["username"] password = inpt["password"] confirm_password = inpt["confirm-password"] # check the correctness of the input fields error = False if password != confirm_password: set_feedback(session, ErrorFeedback("Your passwords do not match."), feedback_type="login") error = True elif len(password) < 6: set_feedback(session, ErrorFeedback("Your password is too short (< 6 characters)"), feedback_type="login") error = True elif re.match(r"^[-_0-9A-Z]{4,}$", username, re.IGNORECASE) is None: set_feedback(session, ErrorFeedback("the username you entered is invalid (should contain at least 4 " "characters and only letters from a to z, digits, - and _)"), feedback_type="login") error = True if error: return None password_hash = hash_password_func(email=email, password=password, global_salt=syllabus.get_config().get('password_salt', None), n_iterations=syllabus.get_config().get('password_hash_iterations', 100000)) return User(username, email, hash_password=password_hash, right=None, activated=not activation_required)
def create_db_user(): from syllabus.models.user import User change_pwd_bytes = os.urandom(20) change_pwd_hex = binascii.hexlify(change_pwd_bytes).decode() u = User('admin', 'admin@localhost', hash_password=None, change_password_url=change_pwd_hex, right='admin') db_session.add(u) db_session.commit() connection = engine.connect() connection.execute("PRAGMA main.user_version=%d;" % current_version)
def saml(): if "saml" not in syllabus.get_config()['authentication_methods']: abort(404) req = prepare_request(request) req['request_uri'] = request.path # hack to ensure to have the correct path and to avoid RelayState loops auth = init_saml_auth(req, saml_config) # if 'sso' in request.args: # return if request.method == "GET": return redirect(auth.login()) elif 'acs' in request.args: auth.process_response() errors = auth.get_errors() if len(errors) == 0: attrs = auth.get_attributes() # session['samlNameId'] = auth.get_nameid() # session['samlSessionIndex'] = auth.get_session_index() username = attrs[saml_config['sp']['attrs']['username']][0] realname = attrs[saml_config['sp']['attrs']['realname']][0] email = attrs[saml_config['sp']['attrs']['email']][0] user = User.query.filter(User.email == email).first() if user is None: # The user does not exist in our DB user = User(name=username, full_name=realname, email=email, hash_password=None, change_password_url=None) db_session.add(user) db_session.commit() session["user"] = user.to_dict() session["user"].update({"login_method": "saml"}) self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in request.form and self_url != request.form[ 'RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) return seeother("/")