def _handle_consent_response(self, context): """ Endpoint for handling consent service response :type context: satosa.context.Context :rtype: satosa.response.Response :param context: response context :return: response """ consent_state = context.state[STATE_KEY] saved_resp = consent_state["internal_resp"] internal_response = InternalData.from_dict(saved_resp) hash_id = self._get_consent_id(internal_response.requester, internal_response.subject_id, internal_response.attributes) try: consent_attributes = self._verify_consent(hash_id) except ConnectionError as e: satosa_logging(logger, logging.ERROR, "Consent service is not reachable, no consent given.", context.state) # Send an internal_response without any attributes consent_attributes = None if consent_attributes is None: satosa_logging(logger, logging.INFO, "Consent was NOT given", context.state) # If consent was not given, then don't send any attributes consent_attributes = [] else: satosa_logging(logger, logging.INFO, "Consent was given", context.state) internal_response.attributes = self._filter_attributes(internal_response.attributes, consent_attributes) return self._end_consent(context, internal_response)
def _handle_al_response(self, context): """ Endpoint for handling account linking service response. When getting here user might have approved or rejected linking their account :type context: satosa.context.Context :rtype: satosa.response.Response :param context: The current context :return: response """ saved_state = context.state[self.name] internal_response = InternalData.from_dict(saved_state) #subject_id here is the linked id , not the facebook one, Figure out what to do status_code, message = self._get_uuid(context, internal_response.auth_info.issuer, internal_response.attributes['issuer_user_id']) if status_code == 200: satosa_logging(logger, logging.INFO, "issuer/id pair is linked in AL service", context.state) internal_response.subject_id = message if self.id_to_attr: internal_response.attributes[self.id_to_attr] = [message] del context.state[self.name] return super().process(context, internal_response) else: # User selected not to link their accounts, so the internal.response.subject_id is based on the # issuers id/sub which is fine satosa_logging(logger, logging.INFO, "User selected to not link their identity in AL service", context.state) del context.state[self.name] return super().process(context, internal_response)
def from_dict(cls, data): instance = InternalData.from_dict(data) instance.attributes = data.get("attributes") or data.get( "approved_attributes") instance.subject_type = data.get("subject_type") or data.get( "user_id_hash_type") instance.subject_id = (data.get("subject_id") or data.get("user_id") or data.get("name_id")) return instance
def _handle_disco_response(self, context:Context): target_issuer = context.request.get('entityID') if not target_issuer: raise DiscoToTargetIssuerError('no valid entity_id in the disco response') target_frontend = context.state.get(self.name, {}).get('target_frontend') data_serialized = context.state.get(self.name, {}).get('internal_data', {}) data = InternalData.from_dict(data_serialized) context.target_frontend = target_frontend context.decorate(Context.KEY_TARGET_ENTITYID, target_issuer) return super().process(context, data)
def _handle_webauthn_response(self, context): saved_state = context.state[self.name] internal_response = InternalData.from_dict(saved_state) message = { "user_id": internal_response["attributes"][self.user_id][0], "nonce": internal_response['nonce'], "time": str(int(time.time())) } message_json = json.dumps(message) jws = JWS(message_json, alg=self.signing_key.alg).sign_compact([self.signing_key]) request = self.api_url + "/" + jws response = requests.get(request) response_dict = json.loads(response.text) if response_dict["result"] != "okay" or not hmac.compare_digest( response_dict["nonce"], internal_response["nonce"]): raise Exception("Authentication was unsuccessful.") if "authn_context_class_ref" in context.state: internal_response["auth_info"]["auth_class_ref"] = context.state[ "authn_context_class_ref"] return super().process(context, internal_response)