diff options
author | Simo Sorce <simo@redhat.com> | 2015-02-16 13:47:33 -0500 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-02-24 16:58:20 +0100 |
commit | db88788fe906f315733b6ae67929f62cfc307d24 (patch) | |
tree | 6d23f1c8a315068eeb4cecefd65cfe04336af679 /ipsilon/providers/openid | |
parent | edfd8d4b514a4089108d19026bc38c656f49bbee (diff) | |
download | ipsilon-db88788fe906f315733b6ae67929f62cfc307d24.tar.gz ipsilon-db88788fe906f315733b6ae67929f62cfc307d24.tar.xz ipsilon-db88788fe906f315733b6ae67929f62cfc307d24.zip |
Add support for attribute policies in openidp
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon/providers/openid')
-rw-r--r-- | ipsilon/providers/openid/auth.py | 15 | ||||
-rw-r--r-- | ipsilon/providers/openid/extensions/cla.py | 2 |
2 files changed, 14 insertions, 3 deletions
diff --git a/ipsilon/providers/openid/auth.py b/ipsilon/providers/openid/auth.py index 824f4f8..2510ff4 100644 --- a/ipsilon/providers/openid/auth.py +++ b/ipsilon/providers/openid/auth.py @@ -4,6 +4,7 @@ from ipsilon.providers.common import ProviderPageBase from ipsilon.providers.common import AuthenticationError, InvalidRequest from ipsilon.providers.openid.meta import XRDSHandler, UserXRDSHandler from ipsilon.providers.openid.meta import IDHandler +from ipsilon.util.policy import Policy from ipsilon.util.trans import Transaction from ipsilon.util.user import UserSession @@ -60,6 +61,16 @@ class AuthenticateRequest(ProviderPageBase): raise cherrypy.HTTPError(e.code, e.msg) return self._respond(request.answer(False)) + # get attributes, and apply policy mapping and filtering + def _source_attributes(self, session): + policy = Policy(self.cfg.default_attribute_mapping, + self.cfg.default_allowed_attributes) + userattrs = session.get_user_attrs() + mappedattrs, _ = policy.map_attributes(userattrs) + attributes = policy.filter_attributes(mappedattrs) + self.debug('Filterd attributes: %s' % repr(attributes)) + return attributes + def _parse_request(self, **kwargs): request = None try: @@ -165,7 +176,7 @@ class AuthenticateRequest(ProviderPageBase): ad = { "Trust Root": request.trust_root, } - userattrs = us.get_user_attrs() + userattrs = self._source_attributes(us) for n, e in self.cfg.extensions.available().items(): data = e.get_display_data(request, userattrs) self.debug('%s returned %s' % (n, repr(data))) @@ -191,7 +202,7 @@ class AuthenticateRequest(ProviderPageBase): identity=identity_url, claimed_id=identity_url ) - userattrs = session.get_user_attrs() + userattrs = self._source_attributes(session) for _, e in self.cfg.extensions.available().items(): resp = e.get_response(request, userattrs) if resp is not None: diff --git a/ipsilon/providers/openid/extensions/cla.py b/ipsilon/providers/openid/extensions/cla.py index 830e3a3..d021afa 100644 --- a/ipsilon/providers/openid/extensions/cla.py +++ b/ipsilon/providers/openid/extensions/cla.py @@ -19,7 +19,7 @@ class OpenidExtension(OpenidExtensionBase): self.debug(req) if req is None: return {} - data = userdata['_extras'].get('cla', []) + data = userdata.get('_extras', {}).get('cla', []) return cla.CLAResponse.extractResponse(req, data) def _display(self, request, userdata): |