Merge branch 'fix-saml' into 'master'

Fix saml2 ✅ See merge request !318

Merge branch 'fix-saml' into 'master'
Fix saml2 ✅ See merge request !318
b4764068 · Guba Sándor · 2c4b576b · 1470f00b · b4764068 · b4764068
Commit b4764068 authored Apr 14, 2015 by Guba Sándor
9 changed files
--- a/circle/circle/settings/base.py
+++ b/circle/circle/settings/base.py
@@ -450,7 +450,7 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
    )
    AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
-        'djangosaml2.backends.Saml2Backend',
+        'common.backends.Saml2Backend',
    )

    remote_metadata = join(SITE_ROOT, 'remote_metadata.xml')

--- a/circle/circle/urls.py
+++ b/circle/circle/urls.py
@@ -88,3 +88,4 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
    )

 handler500 = 'common.views.handler500'
+handler403 = 'common.views.handler403'
--- a/circle/common/backends.py
+++ b/circle/common/backends.py
+# -*- coding: utf-8 -*-
+# Copyright 2014 Budapest University of Technology and Economics (BME IK)
+#
+# This file is part of CIRCLE Cloud.
+#
+# CIRCLE is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along
+# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+
+from djangosaml2.backends import Saml2Backend as Saml2BackendBase
+
+
+class Saml2Backend(Saml2BackendBase):
+    u"""
+    >>> b = Saml2Backend()
+    >>> b.clean_user_main_attribute(u'Ékezetes Enikő')
+    u'+00c9kezetes+0020Enik+0151'
+    >>> b.clean_user_main_attribute(u'Cé++')
+    u'C+00e9+002b+002b'
+    >>> b.clean_user_main_attribute(u'test')
+    u'test'
+    >>> b.clean_user_main_attribute(u'3+4')
+    u'3+002b4'
+    """
+    def clean_user_main_attribute(self, main_attribute):
+        def replace(match):
+            match = match.group()
+            return '+%04x' % ord(match)
+
+        assert isinstance(main_attribute, unicode)
+        return re.sub(r'[^\w.@-]', replace, main_attribute)
+
+    def _set_attribute(self, obj, attr, value):
+        if attr == 'username':
+            value = self.clean_user_main_attribute(value)
+        return super(Saml2Backend, self)._set_attribute(obj, attr, value)
--- a/circle/common/operations.py
+++ b/circle/common/operations.py
@@ -170,8 +170,8 @@ class Operation(object):
            raise ImproperlyConfigured(
                "Set required_perms to () if none needed.")
        if not user.has_perms(cls.required_perms):
-            raise PermissionDenied("%s doesn't have the required permissions."
-                                   % user)
+            raise PermissionDenied(
+                u"%s doesn't have the required permissions." % user)
        if cls.superuser_required and not user.is_superuser:
            raise humanize_exception(ugettext_noop(
                "Superuser privileges are required."), PermissionDenied())

--- a/circle/common/views.py
+++ b/circle/common/views.py
@@ -19,32 +19,42 @@ from sys import exc_info

 import logging

-from django.template import RequestContext
 from django.shortcuts import render_to_response
+from django.template import RequestContext

 from .models import HumanReadableException

 logger = logging.getLogger(__name__)


-def handler500(request):
-    cls, exception, traceback = exc_info()
-    logger.exception("unhandled exception")
+def get_context(request, exception):
    ctx = {}
-    if isinstance(exception, HumanReadableException):
+    if issubclass(exception.__class__, HumanReadableException):
        try:
-            ctx['error'] = exception.get_user_text()
+            if request.user.is_superuser:
+                ctx['error'] = exception.get_admin_text()
+            else:
+                ctx['error'] = exception.get_user_text()
        except:
            pass
-        else:
-            try:
-                if request.user.is_superuser():
-                    ctx['error'] = exception.get_admin_text()
-            except:
-                pass
+    return ctx
+
+
+def handler500(request):
+    cls, exception, traceback = exc_info()
+    logger.exception("unhandled exception")
+    ctx = get_context(request, exception)
    try:
        resp = render_to_response("500.html", ctx, RequestContext(request))
    except:
        resp = render_to_response("500.html", ctx)
    resp.status_code = 500
    return resp
+
+
+def handler403(request):
+    cls, exception, traceback = exc_info()
+    ctx = get_context(request, exception)
+    resp = render_to_response("403.html", ctx)
+    resp.status_code = 403
+    return resp
--- a/circle/templates/403.html
+++ b/circle/templates/403.html
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block title %}HTTP 403{% endblock %}
+
+{% block page_title %}{% trans ":(" %}{% endblock page_title %}
+
+{% block content %}
+<div class="alert alert-danger" style="font-size: 22px; margin-top: 2em;">
+  <div class="row">
+    <div class="col-md-2" style="text-align: center;">
+      HTTP 403
+    </div>
+    <div class="col-md-10" style="text-align: center;">
+      {% if error %}
+        {{ error }}
+      {% else %}
+       {% trans "Forbidden" %}
+      {% endif %}
+    </div>
+  </div>
+</div>
+{% endblock content %}
--- a/circle/templates/404.html
+++ b/circle/templates/404.html
@@ -6,5 +6,14 @@
 {% block page_title %}{% trans "Page not found" %}{% endblock page_title %}

 {% block content %}
-<p>{% trans "This page does not exist." %}</p>
+<div class="alert alert-warning" style="font-size: 22px; margin-top: 2em;">
+  <div class="row">
+    <div class="col-md-2" style="text-align: center;">
+      HTTP 404
+    </div>
+    <div class="col-md-10" style="text-align: center;">
+      {% trans "This page does not exist." %}
+    </div>
+  </div>
+</div>
 {% endblock content %}
--- a/circle/templates/500.html
+++ b/circle/templates/500.html
-{% extends "dashboard/base.html" %}
+{% extends "base.html" %}
 {% load i18n %}

 {% block title %}HTTP 500{% endblock %}

--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -11,11 +11,12 @@ django-braces==1.4.0
 django-celery==3.1.16
 django-crispy-forms==1.4.0
 django-model-utils==2.2
+djangosaml2==0.13.0
 django-sizefield==0.6
 django-sshkey==2.2.0
 django-statici18n==1.1
 django-tables2==0.15.0
-git+https://git.ik.bme.hu/circle/django-taggit.git
+django-taggit==0.13.0
 docutils==0.12
 Jinja2==2.7.3
 jsonfield==1.0.0
@@ -32,6 +33,7 @@ pyinotify==0.9.4
 pytz==2014.7
 requests==2.5.3
 salt==2014.1.0
+shutilwhich==1.0.1
 simplejson==3.6.5
 six==1.8.0
 slimit==0.8.1