Merge pull request #144 from geops/master
Fix for POST requests failing with 500
This commit is contained in:
Roland Hedberg
@@ -58,38 +58,6 @@ def construct_came_from(environ):
|
||||
came_from += '?' + qstr
|
||||
return came_from
|
||||
|
||||
|
||||
def cgi_field_storage_to_dict(field_storage):
|
||||
"""Get a plain dictionary, rather than the '.value' system used by the
|
||||
cgi module."""
|
||||
|
||||
params = {}
|
||||
for key in field_storage.keys():
|
||||
try:
|
||||
params[key] = field_storage[key].value
|
||||
except AttributeError:
|
||||
if isinstance(field_storage[key], basestring):
|
||||
params[key] = field_storage[key]
|
||||
|
||||
return params
|
||||
|
||||
|
||||
def get_body(environ):
|
||||
length = int(environ["CONTENT_LENGTH"])
|
||||
try:
|
||||
body = environ["wsgi.input"].read(length)
|
||||
except Exception, excp:
|
||||
logger.exception("Exception while reading post: %s" % (excp,))
|
||||
raise
|
||||
|
||||
# restore what I might have upset
|
||||
from StringIO import StringIO
|
||||
environ['wsgi.input'] = StringIO(body)
|
||||
environ['s2repoze.body'] = body
|
||||
|
||||
return body
|
||||
|
||||
|
||||
def exception_trace(tag, exc, log):
|
||||
message = traceback.format_exception(*sys.exc_info())
|
||||
log.error("[%s] ExcList: %s" % (tag, "".join(message),))
|
||||
@@ -162,20 +130,17 @@ class SAML2Plugin(object):
|
||||
:param environ: A dictionary with environment variables
|
||||
"""
|
||||
|
||||
post_env = environ.copy()
|
||||
post_env['QUERY_STRING'] = ''
|
||||
|
||||
_ = get_body(environ)
|
||||
|
||||
body= ''
|
||||
try:
|
||||
post = cgi.FieldStorage(
|
||||
fp=environ['wsgi.input'],
|
||||
environ=post_env,
|
||||
keep_blank_values=True
|
||||
)
|
||||
except Exception, excp:
|
||||
logger.debug("Exception (II): %s" % (excp,))
|
||||
raise
|
||||
length= int(environ.get('CONTENT_LENGTH', '0'))
|
||||
except ValueError:
|
||||
length= 0
|
||||
if length!=0:
|
||||
body = environ['wsgi.input'].read(length) # get the POST variables
|
||||
environ['s2repoze.body'] = body # store the request body for later use by pysaml2
|
||||
environ['wsgi.input'] = StringIO(body) # restore the request body as a stream so that everything seems untouched
|
||||
|
||||
post = parse_qs(body) # parse the POST fields into a dict
|
||||
|
||||
logger.debug('identify post: %s' % (post,))
|
||||
|
||||
@@ -432,7 +397,7 @@ class SAML2Plugin(object):
|
||||
# Evaluate the response, returns a AuthnResponse instance
|
||||
try:
|
||||
authresp = self.saml_client.parse_authn_request_response(
|
||||
post["SAMLResponse"], binding, self.outstanding_queries,
|
||||
post["SAMLResponse"][0], binding, self.outstanding_queries,
|
||||
self.outstanding_certs)
|
||||
|
||||
except Exception, excp:
|
||||
@@ -495,8 +460,6 @@ class SAML2Plugin(object):
|
||||
binding = BINDING_HTTP_REDIRECT
|
||||
else:
|
||||
post = self._get_post(environ)
|
||||
if post.list is None:
|
||||
post.list = []
|
||||
binding = BINDING_HTTP_POST
|
||||
|
||||
try:
|
||||
@@ -514,7 +477,7 @@ class SAML2Plugin(object):
|
||||
print("logout request received")
|
||||
try:
|
||||
response = self.saml_client.handle_logout_request(
|
||||
post["SAMLRequest"],
|
||||
post["SAMLRequest"][0],
|
||||
self.saml_client.users.subjects()[0], binding)
|
||||
environ['samlsp.pending'] = self._handle_logout(response)
|
||||
return {}
|
||||
@@ -536,7 +499,7 @@ class SAML2Plugin(object):
|
||||
try:
|
||||
if logout:
|
||||
response = self.saml_client.parse_logout_request_response(
|
||||
post["SAMLResponse"], binding)
|
||||
post["SAMLResponse"][0], binding)
|
||||
if response:
|
||||
action = self.saml_client.handle_logout_response(
|
||||
response)
|
||||
@@ -552,7 +515,7 @@ class SAML2Plugin(object):
|
||||
return {}
|
||||
else:
|
||||
session_info = self._eval_authn_response(
|
||||
environ, cgi_field_storage_to_dict(post),
|
||||
environ, post,
|
||||
binding=binding)
|
||||
except Exception, err:
|
||||
environ["s2repoze.saml_error"] = err
|
||||
|
||||
Reference in New Issue
Block a user