예제 #1
0
def saml():
    if "saml" not in syllabus.get_config()['authentication_methods']:
        abort(404)
    req = prepare_request(request)
    req['request_uri'] = request.path  # hack to ensure to have the correct path and to avoid RelayState loops
    auth = init_saml_auth(req, saml_config)

    # if 'sso' in request.args:
    #     return
    if request.method == "GET":
        return redirect(auth.login())
    else:
        auth.process_response()
        errors = auth.get_errors()
        # Try and check if IdP is using several signature certificates
        # This is a limitation of python3-saml
        for cert in saml_config["idp"].get("additionalX509certs", []):
            if auth.get_last_error_reason(
            ) == "Signature validation failed. SAML Response rejected":
                import copy
                # Change used IdP certificate
                new_settings = copy.deepcopy(saml_config)
                new_settings["idp"]["x509cert"] = cert
                # Retry processing response
                auth = init_saml_auth(req, new_settings)
                auth.process_response()
                errors = auth.get_errors()
        if len(errors) == 0:
            attrs = auth.get_attributes()
            # session['samlNameId'] = auth.get_nameid()
            # session['samlSessionIndex'] = auth.get_session_index()

            username = attrs[saml_config['sp']['attrs']['username']][0]
            realname = attrs[saml_config['sp']['attrs']['realname']][0]
            email = attrs[saml_config['sp']['attrs']['email']][0]

            user = User.query.filter(User.email == email).first()

            if user is None:  # The user does not exist in our DB
                user = User(name=username,
                            full_name=realname,
                            email=email,
                            hash_password=None,
                            change_password_url=None)
                db_session.add(user)
                db_session.commit()

            session["user"] = user.to_dict()
            session["user"].update({"login_method": "saml"})

            self_url = OneLogin_Saml2_Utils.get_self_url(req)
            if 'RelayState' in request.form and self_url != request.form[
                    'RelayState']:
                return redirect(auth.redirect_to(request.form['RelayState']))

    return seeother("/")
def handle_user_registration_infos(inpt, email, activation_required):
    """

    :param inpt: the form containing the username, password confirm-password and email fields
    :param activation_required: set to true if the user still has to activate its account as of now
    :return: a new user
    :raises: UnicodeEncodeError
    """
    username = inpt["username"]
    password = inpt["password"]
    confirm_password = inpt["confirm-password"]

    # check the correctness of the input fields
    error = False
    if password != confirm_password:
        set_feedback(session, ErrorFeedback("Your passwords do not match."), feedback_type="login")
        error = True
    elif len(password) < 6:
        set_feedback(session, ErrorFeedback("Your password is too short (< 6 characters)"), feedback_type="login")
        error = True
    elif re.match(r"^[-_0-9A-Z]{4,}$", username, re.IGNORECASE) is None:
        set_feedback(session, ErrorFeedback("the username you entered is invalid (should contain at least 4 "
                                            "characters and only letters from a to z, digits, - and _)"),
                     feedback_type="login")
        error = True
    if error:
        return None

    password_hash = hash_password_func(email=email, password=password,
                                       global_salt=syllabus.get_config().get('password_salt', None),
                                       n_iterations=syllabus.get_config().get('password_hash_iterations', 100000))
    return User(username, email, hash_password=password_hash, right=None, activated=not activation_required)
예제 #3
0
def create_db_user():
    from syllabus.models.user import User
    change_pwd_bytes = os.urandom(20)
    change_pwd_hex = binascii.hexlify(change_pwd_bytes).decode()
    u = User('admin', 'admin@localhost', hash_password=None, change_password_url=change_pwd_hex, right='admin')
    db_session.add(u)
    db_session.commit()
    connection = engine.connect()
    connection.execute("PRAGMA main.user_version=%d;" % current_version)
def saml():
    if "saml" not in syllabus.get_config()['authentication_methods']:
        abort(404)
    req = prepare_request(request)
    req['request_uri'] = request.path  # hack to ensure to have the correct path and to avoid RelayState loops
    auth = init_saml_auth(req, saml_config)

    # if 'sso' in request.args:
    #     return
    if request.method == "GET":
        return redirect(auth.login())
    elif 'acs' in request.args:
        auth.process_response()
        errors = auth.get_errors()
        if len(errors) == 0:
            attrs = auth.get_attributes()
            # session['samlNameId'] = auth.get_nameid()
            # session['samlSessionIndex'] = auth.get_session_index()

            username = attrs[saml_config['sp']['attrs']['username']][0]
            realname = attrs[saml_config['sp']['attrs']['realname']][0]
            email = attrs[saml_config['sp']['attrs']['email']][0]

            user = User.query.filter(User.email == email).first()

            if user is None:  # The user does not exist in our DB
                user = User(name=username,
                            full_name=realname,
                            email=email,
                            hash_password=None,
                            change_password_url=None)
                db_session.add(user)
                db_session.commit()

            session["user"] = user.to_dict()
            session["user"].update({"login_method": "saml"})

            self_url = OneLogin_Saml2_Utils.get_self_url(req)
            if 'RelayState' in request.form and self_url != request.form[
                    'RelayState']:
                return redirect(auth.redirect_to(request.form['RelayState']))

    return seeother("/")