def login_completed(request): """ Callback view called after user has successfully logged in. Redirects user agent to frontend view with valid token as hash parameter. """ token = views.RefreshTokenMixin().refresh_token(request.user) event_logger.auth_openid.info( 'User {user_full_name} authenticated successfully with eID.', event_type='auth_logged_in_with_openid', event_context={'user': request.user}) return views.login_completed(token.key, 'openid')
def post(self, request): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) attribute_mapping = get_custom_setting( 'SAML_ATTRIBUTE_MAPPING', {'uid': ('username', )}) create_unknown_user = get_custom_setting( 'SAML_CREATE_UNKNOWN_USER', True) conf = get_config(request=request) client = Saml2Client(conf, identity_cache=IdentityCache(request.session)) oq_cache = OutstandingQueriesCache(request.session) outstanding_queries = oq_cache.outstanding_queries() xmlstr = serializer.validated_data['SAMLResponse'] # process the authentication response try: response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, outstanding_queries) except Exception as e: if isinstance(e, StatusRequestDenied): return login_failed(_('Authentication request has been denied by identity provider. ' 'Please check your credentials.')) logger.error('SAML response parsing failed %s' % e) return login_failed(_('SAML2 response has errors.')) if response is None: logger.error('SAML response is None') return login_failed(_('SAML response has errors. Please check the logs')) if response.assertion is None: logger.error('SAML response assertion is None') return login_failed(_('SAML response has errors. Please check the logs')) session_id = response.session_id() oq_cache.delete(session_id) # authenticate the remote user session_info = response.session_info() if callable(attribute_mapping): attribute_mapping = attribute_mapping() if callable(create_unknown_user): create_unknown_user = create_unknown_user() user = auth.authenticate( session_info=session_info, attribute_mapping=attribute_mapping, create_unknown_user=create_unknown_user, ) if user is None: return login_failed(_('SAML2 authentication failed.')) registration_method = settings.WALDUR_AUTH_SAML2.get('name', 'saml2') if user.registration_method != registration_method: user.registration_method = registration_method user.save(update_fields=['registration_method']) # required for validating SAML2 logout requests auth.login(request, user) _set_subject_id(request.session, session_info['name_id']) logger.debug('User %s authenticated via SSO.', user) logger.debug('Sending the post_authenticated signal') post_authenticated.send_robust(sender=user, session_info=session_info) token = self.refresh_token(user) logger.info('Authenticated with SAML token. Returning token for successful login of user %s', user) event_logger.saml2_auth.info( 'User {user_username} with full name {user_full_name} logged in successfully with SAML2.', event_type='auth_logged_in_with_saml2', event_context={'user': user} ) return login_completed(token.key, 'saml2')