def userdata_from_saml_assertion(claims, data_field='email', config=None):
"""
From a set of SAML claims processed into a dict, extract a claim for the desired property based
on system settings and the specific Saml2Config, if that claim exists. Raise ValidationError if missing
:param claims: dict
:param data_field: str ('email', 'first_name', 'last_name')
:param config: Saml2Configuration
:return: str
"""
config_settings = config.custom_settings_data
configured_keys = {
'email':
set(settings.SAML_EMAIL_KEYS) | set(config_settings.get('email', [])),
'first_name':
set(settings.SAML_FIRST_NAME_KEYS)
| set(config_settings.get('first_name', [])),
'last_name':
set(settings.SAML_LAST_NAME_KEYS)
| set(config_settings.get('last_name', []))
}
if len(configured_keys[data_field] & set(claims.keys())) == 0:
raise ValidationError(
'Missing {} in SAML assertions, received {}'.format(
data_field, list(claims.keys())))
return [
list_of(claims[key])[0] for key in configured_keys[data_field]
if key in claims
][0]
def get_or_create_from_ob2(self,
badgeclass,
assertion_obo,
recipient_identifier,
recipient_type='email',
source=None,
original_json=None):
source_url = assertion_obo.get('id')
local_object = self.get_local_object(source_url)
if local_object:
return local_object, False
image_url = assertion_obo.get('image', None)
image = None
if image_url is None:
image = badgeclass.image.file
image.name = os.path.split(image.name)[1]
else:
if isinstance(image_url, dict):
image_url = image_url.get('id')
image = _fetch_image_and_get_file(image_url,
self.ALLOWED_MINE_TYPES,
upload_to='remote/assertion')
issued_on = None
if 'issuedOn' in assertion_obo:
issued_on = dateutil.parser.parse(assertion_obo.get('issuedOn'))
badgeinstance, created = self.get_or_create(
source_url=assertion_obo.get('id'),
defaults=dict(recipient_identifier=recipient_identifier,
recipient_type=recipient_type,
hashed=assertion_obo.get('recipient',
{}).get('hashed', True),
source=source if source is not None else 'local',
original_json=original_json,
badgeclass=badgeclass,
issuer=badgeclass.cached_issuer,
image=image,
acceptance=self.model.ACCEPTANCE_ACCEPTED,
narrative=assertion_obo.get('narrative', None),
issued_on=issued_on))
if created:
evidence = list_of(assertion_obo.get('evidence', None))
if evidence:
from issuer.models import BadgeInstanceEvidence
for evidence_item in evidence:
if isinstance(evidence_item, basestring):
# we got an IRI as 'evidence' value
BadgeInstanceEvidence.objects.create(
badgeinstance=badgeinstance,
evidence_url=evidence_item)
else:
# we got a single evidence item dict
BadgeInstanceEvidence.objects.create_from_ob2(
badgeinstance, evidence_item)
return badgeinstance, created
def to_representation(self, instance):
errors_list = self.validation_errors
for key in self.field_errors.keys():
this_field_errors = self.field_errors.get(key)
errors_list.append("{}: {}".format(
key, str(list_of(this_field_errors[0])[0])))
return {
'error': errors_list[0],
'error_description': '; '.join(errors_list)
}
def get_or_create_from_ob2(self, badgeclass, assertion_obo, recipient_identifier, source=None, original_json=None):
source_url = assertion_obo.get('id')
local_object = self.get_local_object(source_url)
if local_object:
return local_object, False
image_url = assertion_obo.get('image', None)
image = None
if image_url is None:
image = badgeclass.image.file
else:
if isinstance(image_url, dict):
image_url = image_url.get('id')
image = _fetch_image_and_get_file(image_url, upload_to='remote/assertion')
issued_on = None
if 'issuedOn' in assertion_obo:
issued_on = dateutil.parser.parse(assertion_obo.get('issuedOn'))
badgeinstance, created = self.get_or_create(
source_url=assertion_obo.get('id'),
defaults=dict(
recipient_identifier=recipient_identifier,
hashed=assertion_obo.get('recipient', {}).get('hashed', True),
source=source if source is not None else 'local',
original_json=original_json,
badgeclass=badgeclass,
issuer=badgeclass.cached_issuer,
image=image,
acceptance=self.model.ACCEPTANCE_ACCEPTED,
narrative=assertion_obo.get('narrative', None),
issued_on=issued_on
)
)
if created:
evidence = list_of(assertion_obo.get('evidence', None))
if evidence:
from issuer.models import BadgeInstanceEvidence
for evidence_item in evidence:
if isinstance(evidence_item, basestring):
# we got an IRI as 'evidence' value
BadgeInstanceEvidence.objects.create(
badgeinstance=badgeinstance,
evidence_url=evidence_item
)
else:
# we got a single evidence item dict
BadgeInstanceEvidence.objects.create_from_ob2(badgeinstance, evidence_item)
return badgeinstance, created
def update_from_ob2(self,
badgeclass,
assertion_obo,
recipient_identifier,
recipient_type='email',
original_json=None):
image = None
image_url = assertion_obo.get('image', None)
if isinstance(image_url, dict):
image_url = image_url.get('id')
if image_url:
image = _fetch_image_and_get_file(image_url,
self.ALLOWED_MINE_TYPES,
upload_to='remote/assertion')
issued_on = None
if 'issuedOn' in assertion_obo:
issued_on = dateutil.parser.parse(assertion_obo.get('issuedOn'))
updated, created = self.update_or_create(
source_url=assertion_obo.get('id'),
defaults=dict(recipient_identifier=recipient_identifier,
recipient_type=recipient_type,
hashed=assertion_obo.get('recipient',
{}).get('hashed', True),
original_json=original_json,
badgeclass=badgeclass,
issuer=badgeclass.cached_issuer,
image=image,
acceptance=self.model.ACCEPTANCE_ACCEPTED,
narrative=assertion_obo.get('narrative', None),
issued_on=issued_on))
evidence = list_of(assertion_obo.get('evidence', None))
evidence_items = []
for item in evidence:
if isinstance(item, six.string_types):
evidence_items.append({
'evidence_url': item
}) # convert string/url type evidence to consistent format
elif hasattr(item, 'get'):
evidence_items.append({
'evidence_url': item.get('id'),
'narrative': item.get('narrative')
})
updated.evidence_items = evidence_items
return updated, created
def get_or_create_from_ob2(self,
badgeclass,
assertion_obo,
recipient_identifier,
recipient_type='email',
source=None,
original_json=None,
image=None):
source_url = assertion_obo.get('id')
local_object = self.get_local_object(source_url)
if local_object:
return local_object, False
issued_on = None
if 'issuedOn' in assertion_obo:
issued_on = dateutil.parser.parse(assertion_obo.get('issuedOn'))
badgeinstance, created = self.get_or_create(
source_url=assertion_obo.get('id'),
defaults=dict(recipient_identifier=recipient_identifier,
recipient_type=recipient_type,
hashed=assertion_obo.get('recipient',
{}).get('hashed', True),
source=source if source is not None else 'local',
original_json=original_json,
badgeclass=badgeclass,
issuer=badgeclass.cached_issuer,
image=image,
acceptance=self.model.ACCEPTANCE_ACCEPTED,
narrative=assertion_obo.get('narrative', None),
issued_on=issued_on))
if created:
evidence = list_of(assertion_obo.get('evidence', None))
if evidence:
from issuer.models import BadgeInstanceEvidence
for evidence_item in evidence:
if isinstance(evidence_item, str):
# we got an IRI as 'evidence' value
BadgeInstanceEvidence.objects.create(
badgeinstance=badgeinstance,
evidence_url=evidence_item)
else:
# we got a single evidence item dict
BadgeInstanceEvidence.objects.create_from_ob2(
badgeinstance, evidence_item)
return badgeinstance, created
def filter_value(value):
if len([v for v in list_of(value) if not isinstance(v, str)]):
return list()
return list_of(value)
