def login(self):
"""
Handle eggsmell request from the ADFS redirect_uri.
"""
eggsmell = pylons.request.POST['wresult']
# We grab the metadata for each login because due to opaque
# bureaucracy and lack of communication the certificates can be
# changed. We looked into this and took made the call based upon lack
# of user problems and tech being under our control vs the (small
# amount of) latency from a network call per login attempt.
metadata = get_federation_metadata(pylons.config['adfs_metadata_url'])
x509_certificates = get_certificates(metadata)
if not validate_saml(eggsmell, x509_certificates):
raise ValueError('Invalid signature')
username, email, firstname, surname = get_user_info(eggsmell)
if not email:
log.error('Unable to login with ADFS')
log.error(eggsmell)
raise ValueError('No email returned with ADFS')
user = _get_user(username)
if user:
# Existing user
log.info('Logging in from ADFS with user: {}'.format(username))
else:
# New user, so create a record for them.
log.info('Creating user from ADFS')
log.info('email: {} firstname: {} surname: {}'.format(
email, firstname.encode('utf8'), surname.encode('utf8')))
log.info('Generated username: {}'.format(username))
# TODO: Add the new user to the NHSEngland group? Check this!
user = toolkit.get_action('user_create')(context={
'ignore_auth': True
},
data_dict={
'name':
username,
'fullname':
firstname + ' ' +
surname,
'password':
str(uuid.uuid4()),
'email':
email
})
pylons.session['adfs-user'] = username
pylons.session['adfs-email'] = email
pylons.session.save()
toolkit.redirect_to(controller='user', action='dashboard', id=email)
return
def login(self):
"""
Handle eggsmell request from the ADFS redirect_uri.
"""
eggsmell = pylons.request.POST['wresult']
# We grab the metadata for each login because due to opaque
# bureaucracy and lack of communication the certificates can be
# changed. We looked into this and took made the call based upon lack
# of user problems and tech being under our control vs the (small
# amount of) latency from a network call per login attempt.
metadata = get_federation_metadata(pylons.config['adfs_metadata_url'])
x509_certificates = get_certificates(metadata)
if not validate_saml(eggsmell, x509_certificates):
raise ValueError('Invalid signature')
username, email, firstname, surname = get_user_info(eggsmell)
if not email:
log.error('Unable to login with ADFS')
log.error(eggsmell)
raise ValueError('No email returned with ADFS')
user = _get_user(username)
if user:
# Existing user
log.info('Logging in from ADFS with user: {}'.format(username))
else:
# New user, so create a record for them.
log.info('Creating user from ADFS')
log.info('email: {} firstname: {} surname: {}'.format(email,
firstname.encode('utf8'), surname.encode('utf8')))
log.info('Generated username: {}'.format(username))
# TODO: Add the new user to the NHSEngland group? Check this!
user = toolkit.get_action('user_create')(
context={'ignore_auth': True},
data_dict={'name': username,
'fullname': firstname + ' ' + surname,
'password': str(uuid.uuid4()),
'email': email})
pylons.session['adfs-user'] = username
pylons.session['adfs-email'] = email
pylons.session.save()
toolkit.redirect_to(controller='user', action='dashboard', id=email)
return
import ckan.plugins as plugins
import ckan.plugins.toolkit as toolkit
import pylons
import uuid
from validation import validate_saml
from metadata import get_certificates, get_federation_metadata, get_wsfed
from extract import get_user_info
log = logging.getLogger(__name__)
# Some awful XML munging.
WSFED_ENDPOINT = ''
WTREALM = pylons.config['adfs_wtrealm']
METADATA = get_federation_metadata(pylons.config['adfs_metadata_url'])
WSFED_ENDPOINT = get_wsfed(METADATA)
if not (WSFED_ENDPOINT):
raise ValueError('Unable to read WSFED_ENDPOINT values for ADFS plugin.')
def adfs_authentication_endpoint():
url_template = '{}?wa=wsignin1.0&wreq=xml&wtrealm={}'
return url_template.format(WSFED_ENDPOINT, WTREALM)
def is_adfs_user():
return pylons.session.get('adfs-user')
"""
import logging
import ckan.plugins as plugins
import ckan.plugins.toolkit as toolkit
import pylons
import uuid
from validation import validate_saml
from metadata import get_certificates, get_federation_metadata, get_wsfed
from extract import get_user_info
log = logging.getLogger(__name__)
# Some awful XML munging.
WSFED_ENDPOINT = ''
WTREALM = pylons.config['adfs_wtrealm']
METADATA = get_federation_metadata(pylons.config['adfs_metadata_url'])
WSFED_ENDPOINT = get_wsfed(METADATA)
if not (WSFED_ENDPOINT):
raise ValueError('Unable to read WSFED_ENDPOINT values for ADFS plugin.')
def adfs_authentication_endpoint():
url_template = '{}?wa=wsignin1.0&wreq=xml&wtrealm={}'
return url_template.format(WSFED_ENDPOINT, WTREALM)
def is_adfs_user():
return pylons.session.get('adfs-user')
