def logged_in(): print "USER LOGGED IN VIA IDPORTEN" print request.values SAMLResponse = request.values['SAMLResponse'] res = Response(SAMLResponse, "TODO: remove signature parameter") valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) uid = res.get_decrypted_assertion_attribute_value("uid") name_id = res.name_id print "UID", uid print "NAME ID: ", name_id print "Session index: ", res.get_session_index() user_info["uid"] = uid user_info["name_id"] = name_id user_info["session_index"] = res.get_session_index() return render_template('home.html', decrypted=res.decrypted, uid=uid)
def logged_in(): print "USER LOGGED IN VIA IDPORTEN" print request.values SAMLResponse = request.values['SAMLResponse'] res = Response( SAMLResponse, "TODO: remove signature parameter" ) valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) uid = res.get_decrypted_assertion_attribute_value("uid") name_id = res.name_id print "UID", uid print "NAME ID: ", name_id print "Session index: ", res.get_session_index() user_info["uid"] = uid user_info["name_id"] = name_id user_info["session_index"] = res.get_session_index() return render_template('home.html', decrypted = res.decrypted, uid = uid)
def logged_in(): # IDPorten redirects to this URL if all ok with login app.logger.info("User logged in via ID-porten: request.values=%s", request.values) SAMLResponse = request.values['SAMLResponse'] res = IdpResponse( SAMLResponse, "TODO: remove signature parameter" ) # Decrypt response from IDPorten with our private key, and make sure that the response is valid # (it was encrypted with same key) valid = res.is_valid(app.idporten_settings["idp_cert_file"], app.idporten_settings["private_key_file"]) if valid: national_id_number = res.get_decrypted_assertion_attribute_value("uid")[0] idporten_parameters = { "session_index": res.get_session_index(), "name_id": res.name_id } auth_user = authentication.login_idporten_user_by_private_id(national_id_number, idporten_parameters) login_user(auth_user, remember=True) # Force the user to fill in the profile if unregistered if not auth_user.is_registered(): app.logger.info("Logged in: %s Uregistrert bruker (%s)", datetime.now().isoformat(), national_id_number[:6]) response = make_response(redirect("/profile")) else: app.logger.info("Logged in: %s %s %s (%s)", datetime.now().isoformat(), auth_user.first_name, auth_user.last_name, national_id_number[:6]) # Check if the user wants to redirect to a specific page redirect_target = get_redirect_target_from_cookie(request) response = make_response(redirect(redirect_target or request.args.get('next') or '/')) invalidate_redirect_target_cookie(response) set_cookie(response, 'auth_token', make_auth_token(auth_user.user_id)) return response else: abort(404, 'Ugyldig innlogging.')
def logged_in(): app.logger.info("User logged in via ID-porten: request.values=%s", request.values) SAMLResponse = request.values['SAMLResponse'] res = IdpResponse( SAMLResponse, "TODO: remove signature parameter" ) valid = res.is_valid(settings["idp_cert_file"], settings["private_key_file"]) if valid: national_id_number = res.get_decrypted_assertion_attribute_value("uid")[0] idporten_parameters = { "session_index": res.get_session_index(), "name_id": res.name_id } auth_user = authentication.login_user_by_private_id(national_id_number, idporten_parameters) # Force the user to fill in the profile if unregistered if not auth_user.is_registered(): app.logger.info("Logged in: %s Uregistrert bruker (%s)", datetime.now().isoformat(), national_id_number[:6]) response = make_response(redirect("/profile")) else: app.logger.info("Logged in: %s %s %s (%s)", datetime.now().isoformat(), auth_user.first_name, auth_user.last_name, national_id_number[:6]) # Check if the user wants to redirect to a specific page redirect_target = request.cookies.get("redirect_target", None) if not redirect_target or not is_safe_url(redirect_target): redirect_target = None response = make_response( redirect(redirect_target or request.args.get('next') or '/')) # Invalidate the redirect cookie by giving it a past expiry date response.set_cookie("redirect_target", "", expires=0) set_cookie(response, 'auth_token', make_auth_token(auth_user.user_id)) return response else: abort(404, 'Ugyldig innlogging.')