Commit b4764068 by Guba Sándor

Merge branch 'fix-saml' into 'master'

Fix saml2 

See merge request !318
parents 2c4b576b 1470f00b
...@@ -450,7 +450,7 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE': ...@@ -450,7 +450,7 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
) )
AUTHENTICATION_BACKENDS = ( AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend', 'django.contrib.auth.backends.ModelBackend',
'djangosaml2.backends.Saml2Backend', 'common.backends.Saml2Backend',
) )
remote_metadata = join(SITE_ROOT, 'remote_metadata.xml') remote_metadata = join(SITE_ROOT, 'remote_metadata.xml')
......
...@@ -88,3 +88,4 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE': ...@@ -88,3 +88,4 @@ if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
) )
handler500 = 'common.views.handler500' handler500 = 'common.views.handler500'
handler403 = 'common.views.handler403'
# -*- coding: utf-8 -*-
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE. If not, see <http://www.gnu.org/licenses/>.
import re
from djangosaml2.backends import Saml2Backend as Saml2BackendBase
class Saml2Backend(Saml2BackendBase):
u"""
>>> b = Saml2Backend()
>>> b.clean_user_main_attribute(u'Ékezetes Enikő')
u'+00c9kezetes+0020Enik+0151'
>>> b.clean_user_main_attribute(u'Cé++')
u'C+00e9+002b+002b'
>>> b.clean_user_main_attribute(u'test')
u'test'
>>> b.clean_user_main_attribute(u'3+4')
u'3+002b4'
"""
def clean_user_main_attribute(self, main_attribute):
def replace(match):
match = match.group()
return '+%04x' % ord(match)
assert isinstance(main_attribute, unicode)
return re.sub(r'[^\w.@-]', replace, main_attribute)
def _set_attribute(self, obj, attr, value):
if attr == 'username':
value = self.clean_user_main_attribute(value)
return super(Saml2Backend, self)._set_attribute(obj, attr, value)
...@@ -170,8 +170,8 @@ class Operation(object): ...@@ -170,8 +170,8 @@ class Operation(object):
raise ImproperlyConfigured( raise ImproperlyConfigured(
"Set required_perms to () if none needed.") "Set required_perms to () if none needed.")
if not user.has_perms(cls.required_perms): if not user.has_perms(cls.required_perms):
raise PermissionDenied("%s doesn't have the required permissions." raise PermissionDenied(
% user) u"%s doesn't have the required permissions." % user)
if cls.superuser_required and not user.is_superuser: if cls.superuser_required and not user.is_superuser:
raise humanize_exception(ugettext_noop( raise humanize_exception(ugettext_noop(
"Superuser privileges are required."), PermissionDenied()) "Superuser privileges are required."), PermissionDenied())
......
...@@ -19,32 +19,42 @@ from sys import exc_info ...@@ -19,32 +19,42 @@ from sys import exc_info
import logging import logging
from django.template import RequestContext
from django.shortcuts import render_to_response from django.shortcuts import render_to_response
from django.template import RequestContext
from .models import HumanReadableException from .models import HumanReadableException
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def handler500(request): def get_context(request, exception):
cls, exception, traceback = exc_info()
logger.exception("unhandled exception")
ctx = {} ctx = {}
if isinstance(exception, HumanReadableException): if issubclass(exception.__class__, HumanReadableException):
try: try:
ctx['error'] = exception.get_user_text() if request.user.is_superuser:
ctx['error'] = exception.get_admin_text()
else:
ctx['error'] = exception.get_user_text()
except: except:
pass pass
else: return ctx
try:
if request.user.is_superuser():
ctx['error'] = exception.get_admin_text() def handler500(request):
except: cls, exception, traceback = exc_info()
pass logger.exception("unhandled exception")
ctx = get_context(request, exception)
try: try:
resp = render_to_response("500.html", ctx, RequestContext(request)) resp = render_to_response("500.html", ctx, RequestContext(request))
except: except:
resp = render_to_response("500.html", ctx) resp = render_to_response("500.html", ctx)
resp.status_code = 500 resp.status_code = 500
return resp return resp
def handler403(request):
cls, exception, traceback = exc_info()
ctx = get_context(request, exception)
resp = render_to_response("403.html", ctx)
resp.status_code = 403
return resp
{% extends "base.html" %}
{% load i18n %}
{% block title %}HTTP 403{% endblock %}
{% block page_title %}{% trans ":(" %}{% endblock page_title %}
{% block content %}
<div class="alert alert-danger" style="font-size: 22px; margin-top: 2em;">
<div class="row">
<div class="col-md-2" style="text-align: center;">
HTTP 403
</div>
<div class="col-md-10" style="text-align: center;">
{% if error %}
{{ error }}
{% else %}
{% trans "Forbidden" %}
{% endif %}
</div>
</div>
</div>
{% endblock content %}
...@@ -6,5 +6,14 @@ ...@@ -6,5 +6,14 @@
{% block page_title %}{% trans "Page not found" %}{% endblock page_title %} {% block page_title %}{% trans "Page not found" %}{% endblock page_title %}
{% block content %} {% block content %}
<p>{% trans "This page does not exist." %}</p> <div class="alert alert-warning" style="font-size: 22px; margin-top: 2em;">
<div class="row">
<div class="col-md-2" style="text-align: center;">
HTTP 404
</div>
<div class="col-md-10" style="text-align: center;">
{% trans "This page does not exist." %}
</div>
</div>
</div>
{% endblock content %} {% endblock content %}
{% extends "dashboard/base.html" %} {% extends "base.html" %}
{% load i18n %} {% load i18n %}
{% block title %}HTTP 500{% endblock %} {% block title %}HTTP 500{% endblock %}
......
...@@ -11,11 +11,12 @@ django-braces==1.4.0 ...@@ -11,11 +11,12 @@ django-braces==1.4.0
django-celery==3.1.16 django-celery==3.1.16
django-crispy-forms==1.4.0 django-crispy-forms==1.4.0
django-model-utils==2.2 django-model-utils==2.2
djangosaml2==0.13.0
django-sizefield==0.6 django-sizefield==0.6
django-sshkey==2.2.0 django-sshkey==2.2.0
django-statici18n==1.1 django-statici18n==1.1
django-tables2==0.15.0 django-tables2==0.15.0
git+https://git.ik.bme.hu/circle/django-taggit.git django-taggit==0.13.0
docutils==0.12 docutils==0.12
Jinja2==2.7.3 Jinja2==2.7.3
jsonfield==1.0.0 jsonfield==1.0.0
...@@ -32,6 +33,7 @@ pyinotify==0.9.4 ...@@ -32,6 +33,7 @@ pyinotify==0.9.4
pytz==2014.7 pytz==2014.7
requests==2.5.3 requests==2.5.3
salt==2014.1.0 salt==2014.1.0
shutilwhich==1.0.1
simplejson==3.6.5 simplejson==3.6.5
six==1.8.0 six==1.8.0
slimit==0.8.1 slimit==0.8.1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment