Added missing directory

2013-11-21 09:11:31 +01:00 · 2013-11-21 09:11:31 +01:00 · c704b2a074
parent 764b15ca97
commit c704b2a074
2 changed files with 92 additions and 0 deletions
--- a/src/saml2/userinfo/init.py
+++ b/src/saml2/userinfo/init.py
@ -0,0 +1,55 @@
+# Interface to external user info resources
+
+import copy
+
+
+class UserInfo(object):
+    """ Read only interface to a user info store """
+
+    def __init__(self):
+        pass
+
+    def __call__(self, **kwargs):
+        pass
+
+
+class UserInfoDB(UserInfo):
+    """ Read only interface to a user info store """
+
+    def __init__(self, db=None):
+        self.db = db
+
+    @staticmethod
+    def filter(userinfo, user_info_claims=None):
+        """
+        Return only those claims that are asked for.
+        It's a best effort task; if essential claims are not present
+        no error is flagged.
+
+        :param userinfo: A dictionary containing the available user info.
+        :param user_info_claims: A dictionary specifying the asked for claims
+        :return: A dictionary of filtered claims.
+        """
+
+        if user_info_claims is None:
+            return copy.copy(userinfo)
+        else:
+            result = {}
+            missing = []
+            optional = []
+            for key, restr in user_info_claims.items():
+                try:
+                    result[key] = userinfo[key]
+                except KeyError:
+                    if restr == {"essential": True}:
+                        missing.append(key)
+                    else:
+                        optional.append(key)
+            return result
+
+    def __call__(self, userid, user_info_claims=None, **kwargs):
+        try:
+            return self.filter(self.db[userid], user_info_claims)
+        except KeyError:
+            return {}
+
--- a/src/saml2/userinfo/ldapinfo.py
+++ b/src/saml2/userinfo/ldapinfo.py
@ -0,0 +1,37 @@
+import ldap
+from ldap import SCOPE_SUBTREE
+from saml2.userinfo import UserInfo
+
+
+class UserInfoLDAP(UserInfo):
+    def __init__(self, uri, base, filter_pattern, scope=SCOPE_SUBTREE,
+                 tls=False, user="", passwd="", attr=None, attrsonly=False):
+        UserInfo.__init__(self)
+        self.ldapuri = uri
+        self.base = base
+        self.filter_pattern = filter_pattern
+        self.scope = scope
+        self.tls = tls
+        self.attr = attr
+        self.attrsonly = attrsonly
+        self.ld = ldap.initialize(uri)
+        self.ld.protocol_version = ldap.VERSION3
+        self.ld.simple_bind_s(user, passwd)
+
+    def __call__(self, userid, base="", filter_pattern="", scope=SCOPE_SUBTREE,
+                 tls=False, attr=None, attrsonly=False, **kwargs):
+
+        if filter_pattern:
+            _filter = filter_pattern % userid
+        else:
+            _filter = self.filter_pattern % userid
+
+        _base = base or self.base
+        _scope = scope or self.scope
+        _attr = attr or self.attr
+        _attrsonly = attrsonly or self.attrsonly
+        arg = [_base, _scope, _filter, _attr, _attrsonly]
+        res = self.ld.search_s(*arg)
+        # should only be one entry and the information per entry is
+        # the tuple (dn, ava)
+        return res[0][1]