+1.13
+----
+
+* Ajout des logs infos
+
+* Patch de L'AdminSite pour que la vue index n'occasionne pas un loop de
+ redirect avec id.auf.
+
1.12
+----
* retrocompatibilté django 1.1
# -*- coding: utf-8 -*-
+import logging
+
from django.contrib.auth.models import User
from django.contrib.auth.backends import RemoteUserBackend, ModelBackend
from auf.django.saml import settings
-
-class FakeSPBackend(ModelBackend):
+
+logger = logging.getLogger('SAML')
+
+
+class _BackendMixin:
+
+ def clean_username(self, username):
+ logger.info(u"\nClean username")
+ logger.info(u"==============")
+ logger.info(u"username original : %s" % username)
+ clean_username = username.replace('@auf.org', '')
+ logger.info(u"username clean : %s" % clean_username)
+
+
+class FakeSPBackend(ModelBackend, _BackendMixin):
"""
On autentifie uniquement sur le username
"""
+
def authenticate(self, username=None, password=None):
try:
return User.objects.get(username=username)
return None
-class RealSPBackend(RemoteUserBackend):
+class RealSPBackend(RemoteUserBackend, _BackendMixin):
"""
Backend reposant sur le id.auf.org
"""
- create_unknown_user = True
+ create_unknown_user = getattr(settings, 'SAML_AUTO_CREATION', True)
- def clean_username(self, username):
- """
- Le IdP retourne le courriel
- """
- return username.replace('@auf.org', '')
if settings.SAML_AUTH:
- SPBackend = RealSPBackend
+ _SPBackend = RealSPBackend
else:
- SPBackend = FakeSPBackend
+ _SPBackend = FakeSPBackend
+class SPBackend(_SPBackend):
+ """
+ Backend selon la conf
+ """
+
+ def authenticate(self, **kwargs):
+ logger.info(u"\nauth challenge")
+ logger.info(u"==============")
+ for k, v in kwargs.items():
+ if k == 'password':
+ v = '****'
+ logger.info("* %s : %s" % (k, v))
+
+ user = super(SPBackend, self).authenticate(**kwargs)
+ logger.info(u"Django user authentifié : %s" % user)
+ return user
# -*- coding: utf-8 -*-
import logging
+
from django.contrib.auth.signals import user_logged_in
from django.contrib.auth.middleware import RemoteUserMiddleware
from auf.django.saml import settings as saml_settings
+logger = logging.getLogger('SAML')
+
class SPMiddleware(RemoteUserMiddleware):
"""
Log MELLON an REMOTE_USER
"""
- logger = logging.getLogger('SAML')
+ logger.info(u"\nProcess request")
+ logger.info(u"===============")
for k, v in request.META.items():
if k.startswith('MELLON') or k is 'REMOTE_USER':
logger.info('%s : %s' % (k, v))
avec le user local
"""
if saml_settings.SAML_AUTH:
+ logger.info(u"* synchro du user local avec les infos de id.auf")
meta = request.META
user.email = meta['MELLON_mail']
user.first_name = meta['MELLON_gn']
si SAML_AUTO_AUTH_URLS est positionné à True
"""
+import logging
+
import django
+from django.utils.functional import update_wrapper
from django.conf import settings
+from django.http import HttpResponseForbidden
+from django.utils.translation import ugettext as _
+
import settings as saml_settings
+logger = logging.getLogger('SAML')
+
+
if saml_settings.SAML_AUTO_AUTH_URLS:
+ logger.info(u"\nPatch Auth settings")
+ logger.info(u"===================")
if saml_settings.SAML_AUTH:
LOGIN_URL = '/mellon/login'
LOGOUT_URL = '/logout'
else:
LOGIN_URL = '/sandbox/login'
LOGOUT_URL = '/sandbox/logout'
+ logger.info(u"* LOGIN_URL: %s" % LOGIN_URL)
+ logger.info(u"* LOGOUT_URL: %s" % LOGOUT_URL)
+ logger.info(u"* REDIRECT_FIELD_NAME: %s" %
+ saml_settings.SAML_REDIRECT_FIELD_NAME)
- django.contrib.auth.REDIRECT_FIELD_NAME = saml_settings.SAML_REDIRECT_FIELD_NAME
+ django.contrib.auth.REDIRECT_FIELD_NAME = \
+ saml_settings.SAML_REDIRECT_FIELD_NAME
settings.LOGIN_URL = LOGIN_URL
settings.LOGOUT_URL = LOGOUT_URL
+
+from django.contrib.admin import site
+original_admin_view = site.__class__.admin_view
+
+
+def custom_admin_view(self, view, cacheable=False):
+ """
+ Sur la page d'index, si on on ne dispose pas des accès, ne pas
+ demander de se logger car dans le cas de id.auf, on crée un loop
+ car on peut être déjà loggé sur id.auf mais on ne dispose pas des
+ droits d'accès à l'admin.
+ Sinon, on conserve le comportement normal.
+ """
+
+ def inner(request, *args, **kwargs):
+ """
+ """
+ if not self.has_permission(request):
+ return HttpResponseForbidden(
+ _(u"Votre compte ne permet pas d'accéder à cette page"))
+ return view(request, *args, **kwargs)
+
+ if view.__name__ == 'index':
+ return update_wrapper(inner, view)
+ else:
+ return original_admin_view(self, view, cacheable=False)
+
+logger.info(u"\nPatch de la admin.site pour gérer le \
+ login forcé de la page d'index")
+site.__class__.admin_view = custom_admin_view
from setuptools import setup, find_packages
name = 'auf.django.saml'
-version = '1.12'
+version = '1.13'
setup(name=name,
version=version,