deb-python-pysaml2/src/saml2/virtual_org.py

import logging
from saml2.attribute_resolver import AttributeResolver
from saml2.saml import NAMEID_FORMAT_PERSISTENT

logger = logging.getLogger(__name__)


class VirtualOrg(object):
    def __init__(self, sp, vorg, cnf):
        self.sp = sp  # The parent SP client instance
        self._name = vorg
        self.common_identifier = cnf["common_identifier"]
        try:
            self.member = cnf["member"]
        except KeyError:
            self.member = []
        try:
            self.nameid_format = cnf["nameid_format"]
        except KeyError:
            self.nameid_format = NAMEID_FORMAT_PERSISTENT

    def _cache_session(self, session_info):
        return True

    def _affiliation_members(self):
        """
        Get the member of the Virtual Organization from the metadata,
        more specifically from AffiliationDescriptor.
        """
        return self.sp.config.metadata.vo_members(self._name)

    def members_to_ask(self, name_id):
        """Find the member of the Virtual Organization that I haven't already
        spoken too
        """

        vo_members = self._affiliation_members()
        for member in self.member:
            if member not in vo_members:
                vo_members.append(member)

        # Remove the ones I have cached data from about this subject
        vo_members = [m for m in vo_members if not self.sp.users.cache.active(
            name_id, m)]
        logger.info("VO members (not cached): %s", vo_members)
        return vo_members

    def get_common_identifier(self, name_id):
        (ava, _) = self.sp.users.get_identity(name_id)
        if ava == {}:
            return None

        ident = self.common_identifier

        try:
            return ava[ident][0]
        except KeyError:
            return None

    def do_aggregation(self, name_id):

        logger.info("** Do VO aggregation **\nSubjectID: %s, VO:%s",
            name_id, self._name)

        to_ask = self.members_to_ask(name_id)
        if to_ask:
            com_identifier = self.get_common_identifier(name_id)

            resolver = AttributeResolver(self.sp)
            # extends returns a list of session_infos
            for session_info in resolver.extend(
                    com_identifier, self.sp.config.entityid, to_ask):
                _ = self._cache_session(session_info)

            logger.info(">Issuers: %s", self.sp.users.issuers_of_info(name_id))
            logger.info("AVA: %s", self.sp.users.get_identity(name_id))

            return True
        else:
            return False