Commit 4d63a446 by Dudás Ádám

Merge branch 'saml-username-max-length' into 'master'

Trim long usernames from SAML

See merge request !354
parents f179463d 7a09c4a7
...@@ -505,6 +505,8 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE': ...@@ -505,6 +505,8 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
if get_env_variable('DJANGO_SAML_ORG_ID_ATTRIBUTE', False) is not False: if get_env_variable('DJANGO_SAML_ORG_ID_ATTRIBUTE', False) is not False:
SAML_ORG_ID_ATTRIBUTE = get_env_variable( SAML_ORG_ID_ATTRIBUTE = get_env_variable(
'DJANGO_SAML_ORG_ID_ATTRIBUTE') 'DJANGO_SAML_ORG_ID_ATTRIBUTE')
SAML_MAIN_ATTRIBUTE_MAX_LENGTH = int(get_env_variable(
"DJANGO_SAML_MAIN_ATTRIBUTE_MAX_LENGTH", 0))
LOGIN_REDIRECT_URL = "/" LOGIN_REDIRECT_URL = "/"
......
...@@ -71,3 +71,5 @@ STORE_URL = "" ...@@ -71,3 +71,5 @@ STORE_URL = ""
# buildbot doesn't love pipeline # buildbot doesn't love pipeline
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
SAML_MAIN_ATTRIBUTE_MAX_LENGTH=0 # doctest on SAML2 backend runs either way
...@@ -17,9 +17,14 @@ ...@@ -17,9 +17,14 @@
# with CIRCLE. If not, see <http://www.gnu.org/licenses/>. # with CIRCLE. If not, see <http://www.gnu.org/licenses/>.
import re import re
import logging
import sha
from django.conf import settings
from djangosaml2.backends import Saml2Backend as Saml2BackendBase from djangosaml2.backends import Saml2Backend as Saml2BackendBase
logger = logging.getLogger(__name__)
class Saml2Backend(Saml2BackendBase): class Saml2Backend(Saml2BackendBase):
u""" u"""
...@@ -41,7 +46,19 @@ class Saml2Backend(Saml2BackendBase): ...@@ -41,7 +46,19 @@ class Saml2Backend(Saml2BackendBase):
if isinstance(main_attribute, str): if isinstance(main_attribute, str):
main_attribute = main_attribute.decode('UTF-8') main_attribute = main_attribute.decode('UTF-8')
assert isinstance(main_attribute, unicode) assert isinstance(main_attribute, unicode)
return re.sub(r'[^\w.@-]', replace, main_attribute) attr = re.sub(r'[^\w.@-]', replace, main_attribute)
max_length = settings.SAML_MAIN_ATTRIBUTE_MAX_LENGTH
if max_length > 0 and len(attr) > max_length:
logger.info("Main attribute '%s' is too long." % attr)
hashed = sha.new(attr).hexdigest()
if "@" in attr:
domain = attr.rsplit("@", 1)[1]
attr = "%s@%s" % (hashed[:max_length-1-len(domain)],
domain)
else:
attr = hashed[:max_length]
logger.info("New main attribute: %s" % attr)
return attr
def _set_attribute(self, obj, attr, value): def _set_attribute(self, obj, attr, value):
if attr == 'username': if attr == 'username':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment