openstack/deb-python-pysaml2
Code Issues Proposed changes

PEP-8

Browse Source
This commit is contained in:
Roland Hedberg
2014-10-02 16:04:41 +02:00
parent 095f8dbe1d
commit 13fdda52ab
43 changed files with 456 additions and 449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/s2repoze/plugins/sp.py
View File

@@ -40,7 +40,7 @@ from saml2.s_utils import sid
from saml2.config import config_factory from saml2.config import config_factory
from saml2.profile import paos from saml2.profile import paos
#from saml2.population import Population # from saml2.population import Population
#from saml2.attribute_resolver import AttributeResolver #from saml2.attribute_resolver import AttributeResolver
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -58,6 +58,7 @@ def construct_came_from(environ):
came_from += '?' + qstr came_from += '?' + qstr
return came_from return came_from
def exception_trace(tag, exc, log): def exception_trace(tag, exc, log):
message = traceback.format_exception(*sys.exc_info()) message = traceback.format_exception(*sys.exc_info())
log.error("[%s] ExcList: %s" % (tag, "".join(message),)) log.error("[%s] ExcList: %s" % (tag, "".join(message),))
@@ -79,12 +80,11 @@ class ECP_response(object):
class SAML2Plugin(object): class SAML2Plugin(object):
implements(IChallenger, IIdentifier, IAuthenticator, IMetadataProvider) implements(IChallenger, IIdentifier, IAuthenticator, IMetadataProvider)
def __init__(self, rememberer_name, config, saml_client, wayf, cache, def __init__(self, rememberer_name, config, saml_client, wayf, cache,
sid_store=None, discovery="", idp_query_param="", sid_store=None, discovery="", idp_query_param="",
sid_store_cert=None,): sid_store_cert=None, ):
self.rememberer_name = rememberer_name self.rememberer_name = rememberer_name
self.wayf = wayf self.wayf = wayf
self.saml_client = saml_client self.saml_client = saml_client
@@ -130,15 +130,18 @@ class SAML2Plugin(object):
:param environ: A dictionary with environment variables :param environ: A dictionary with environment variables
""" """
body= '' body = ''
try: try:
length= int(environ.get('CONTENT_LENGTH', '0')) length = int(environ.get('CONTENT_LENGTH', '0'))
except ValueError: except ValueError:
length= 0 length = 0
if length!=0: if length != 0:
body = environ['wsgi.input'].read(length) # get the POST variables body = environ['wsgi.input'].read(length) # get the POST variables
environ['s2repoze.body'] = body # store the request body for later use by pysaml2 environ[
environ['wsgi.input'] = StringIO(body) # restore the request body as a stream so that everything seems untouched 's2repoze.body'] = body # store the request body for later
# use by pysaml2
environ['wsgi.input'] = StringIO(body) # restore the request body
# as a stream so that everything seems untouched
post = parse_qs(body) # parse the POST fields into a dict post = parse_qs(body) # parse the POST fields into a dict
@@ -161,10 +164,11 @@ class SAML2Plugin(object):
""" """
# check headers to see if it's an ECP request # check headers to see if it's an ECP request
# headers = { # headers = {
# 'Accept' : 'text/html; application/vnd.paos+xml', # 'Accept' : 'text/html; application/vnd.paos+xml',
# 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE) # 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE,
# } # SERVICE)
# }
_cli = self.saml_client _cli = self.saml_client
@@ -262,7 +266,6 @@ class SAML2Plugin(object):
_cli = self.saml_client _cli = self.saml_client
if 'REMOTE_USER' in environ: if 'REMOTE_USER' in environ:
name_id = decode(environ["REMOTE_USER"]) name_id = decode(environ["REMOTE_USER"])
@@ -360,7 +363,7 @@ class SAML2Plugin(object):
try: try:
ret = _cli.config.getattr( ret = _cli.config.getattr(
"endpoints","sp")["discovery_response"][0][0] "endpoints", "sp")["discovery_response"][0][0]
if (environ["PATH_INFO"]) in ret and ret.split( if (environ["PATH_INFO"]) in ret and ret.split(
environ["PATH_INFO"])[1] == "": environ["PATH_INFO"])[1] == "":
query = parse_qs(environ["QUERY_STRING"]) query = parse_qs(environ["QUERY_STRING"])
@@ -439,8 +442,10 @@ class SAML2Plugin(object):
#logger = environ.get('repoze.who.logger', '') #logger = environ.get('repoze.who.logger', '')
query = parse_dict_querystring(environ) query = parse_dict_querystring(environ)
if ("CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]) and \ if ("CONTENT_LENGTH" not in environ or not environ[
"SAMLResponse" not in query and "SAMLRequest" not in query: "CONTENT_LENGTH"]) and \
"SAMLResponse" not in query and "SAMLRequest" not in \
query:
logger.debug('[identify] get or empty post') logger.debug('[identify] get or empty post')
return None return None
@@ -483,6 +488,7 @@ class SAML2Plugin(object):
return {} return {}
except: except:
import traceback import traceback
traceback.print_exc() traceback.print_exc()
elif "SAMLResponse" not in post: elif "SAMLResponse" not in post:
logger.info("[sp.identify] --- NOT SAMLResponse ---") logger.info("[sp.identify] --- NOT SAMLResponse ---")
@@ -498,7 +504,8 @@ class SAML2Plugin(object):
#if self.debug: #if self.debug:
try: try:
if logout: if logout:
response = self.saml_client.parse_logout_request_response( response = \
self.saml_client.parse_logout_request_response(
post["SAMLResponse"][0], binding) post["SAMLResponse"][0], binding)
if response: if response:
action = self.saml_client.handle_logout_response( action = self.saml_client.handle_logout_response(
@@ -548,7 +555,8 @@ class SAML2Plugin(object):
name_id = identity['repoze.who.userid'] name_id = identity['repoze.who.userid']
if isinstance(name_id, basestring): if isinstance(name_id, basestring):
try: try:
# Make sure that userids authenticated by another plugin don't cause problems here. # Make sure that userids authenticated by another plugin
# don't cause problems here.
name_id = decode(name_id) name_id = decode(name_id)
except: except:
pass pass
@@ -602,7 +610,9 @@ class SAML2Plugin(object):
#noinspection PyUnusedLocal #noinspection PyUnusedLocal
def authenticate(self, environ, identity=None): def authenticate(self, environ, identity=None):
if identity: if identity:
if identity.get('user') and environ.get('s2repoze.sessioninfo') and identity.get('user') == environ.get('s2repoze.sessioninfo').get('ava'): if identity.get('user') and environ.get(
's2repoze.sessioninfo') and identity.get(
'user') == environ.get('s2repoze.sessioninfo').get('ava'):
return identity.get('login') return identity.get('login')
tktuser = identity.get('repoze.who.plugins.auth_tkt.userid', None) tktuser = identity.get('repoze.who.plugins.auth_tkt.userid', None)
if tktuser and self.saml_client.is_logged_in(decode(tktuser)): if tktuser and self.saml_client.is_logged_in(decode(tktuser)):
@@ -634,8 +644,7 @@ def make_plugin(remember_name=None, # plugin for remember
identity_cache="", identity_cache="",
discovery="", discovery="",
idp_query_param="" idp_query_param=""
): ):
if saml_conf is "": if saml_conf is "":
raise ValueError( raise ValueError(
'must include saml_conf in configuration') 'must include saml_conf in configuration')

1
src/saml2/profile/__init__.py
View File

@@ -1,3 +1,2 @@
#profile schema descriptions #profile schema descriptions
__author__ = 'rolandh' __author__ = 'rolandh'

1
src/saml2/schema/__init__.py
View File

@@ -1,2 +1 @@
__author__ = 'rolandh' __author__ = 'rolandh'