possibility to limit PT delivery by service

This commit is contained in:
Valentin Samir 2015-05-28 15:26:46 +02:00
parent 5ebc5169c3
commit 4fd4afd9c0
6 changed files with 121 additions and 68 deletions

View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: cas_server\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
"PO-Revision-Date: 2015-05-23 19:03+0100\n"
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
"Language-Team: django <LL@li.org>\n"
@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites."
msgid "Bad user"
msgstr "The credentials you provided cannot be determined to be authentic."
#: models.py:89
#: models.py:58
#, fuzzy, python-format
#| msgid "Error during service logout %s"
msgid "Error during service logout %r"
msgid "Error during service logout %s"
msgstr "Error during service logout %s"
#: models.py:147
#: models.py:117
msgid "position"
msgstr ""
#: models.py:154 models.py:239
#: models.py:124 models.py:213
msgid "name"
msgstr ""
#: models.py:155
#: models.py:125
#, fuzzy
#| msgid "Connect to the service"
msgid "A name for the service"
msgstr "Connect to the service"
#: models.py:160 models.py:266 models.py:283
#: models.py:130 models.py:240 models.py:257
msgid "pattern"
msgstr ""
#: models.py:166
#: models.py:136
msgid "user field"
msgstr ""
#: models.py:167
#: models.py:137
msgid "Name of the attribut to transmit as username, empty = login"
msgstr ""
#: models.py:171
#: models.py:141
msgid "restrict username"
msgstr ""
#: models.py:172
#: models.py:142
msgid "Limit username allowed to connect to the list provided bellow"
msgstr ""
#: models.py:176
#: models.py:146
msgid "proxy"
msgstr ""
#: models.py:177
msgid ""
"A ProxyGrantingTicket can be delivered to the service in order to "
"authenticate for the user on a backend service"
#: models.py:147
msgid "Proxy tickets can be delivered to the service"
msgstr ""
#: models.py:182
#: models.py:151
msgid "proxy callback"
msgstr ""
#: models.py:152
msgid "can be used as a proxy callback to deliver PGT"
msgstr ""
#: models.py:156
msgid "single log out"
msgstr ""
#: models.py:183
#: models.py:157
#, fuzzy
#| msgid "Connect to the service"
msgid "Enable SLO for the service"
msgstr "Connect to the service"
#: models.py:225
#: models.py:199
msgid "username"
msgstr ""
#: models.py:226
#: models.py:200
#, fuzzy
#| msgid "Connect to the service"
msgid "username allowed to connect to the service"
msgstr "Connect to the service"
#: models.py:240
#: models.py:214
#, fuzzy
#| msgid "The attribut %(field)s is needed to use that service"
msgid "name of an attribut to send to the service"
msgstr "The attribut %(field)s is needed to use that service"
#: models.py:245 models.py:289
#: models.py:219 models.py:263
msgid "replace"
msgstr ""
#: models.py:246
#: models.py:220
msgid ""
"name under which the attribut will be showto the service. empty = default "
"name of the attribut"
msgstr ""
#: models.py:261 models.py:278
#: models.py:235 models.py:252
msgid "attribut"
msgstr ""
#: models.py:262
#: models.py:236
msgid "Name of the attribut which must verify pattern"
msgstr ""
#: models.py:267
#: models.py:241
msgid "a regular expression"
msgstr ""
#: models.py:279
#: models.py:253
msgid "Name of the attribut for which the value must be replace"
msgstr ""
#: models.py:284
#: models.py:258
msgid "An regular expression maching whats need to be replaced"
msgstr ""
#: models.py:290
#: models.py:264
msgid "replace expression, groups are capture by \\1, \\2 …"
msgstr ""
#: models.py:337
#: models.py:313
#, python-format
msgid ""
"Error during service logout %(service)s:\n"

View File

@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: cas_server\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
"PO-Revision-Date: 2015-05-28 02:15+0100\n"
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
"PO-Revision-Date: 2015-05-28 15:25+0100\n"
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
"Language-Team: django <LL@li.org>\n"
"Language: fr\n"
@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services."
msgid "Bad user"
msgstr "Les informations transmises n'ont pas permis de vous authentifier."
#: models.py:89
#: models.py:58
#, python-format
msgid "Error during service logout %r"
msgstr "Une erreur est survenue durant la déconnexion du service %r"
msgid "Error during service logout %s"
msgstr "Une erreur est survenue durant la déconnexion du service %s"
#: models.py:147
#: models.py:117
msgid "position"
msgstr "position"
#: models.py:154 models.py:239
#: models.py:124 models.py:213
msgid "name"
msgstr "nom"
#: models.py:155
#: models.py:125
msgid "A name for the service"
msgstr "Un nom pour le service"
#: models.py:160 models.py:266 models.py:283
#: models.py:130 models.py:240 models.py:257
msgid "pattern"
msgstr "motif"
#: models.py:166
#: models.py:136
msgid "user field"
msgstr "champ utilisateur"
#: models.py:167
#: models.py:137
msgid "Name of the attribut to transmit as username, empty = login"
msgstr ""
"Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
"vide = nom de connection"
#: models.py:171
#: models.py:141
msgid "restrict username"
msgstr "limiter les noms d'utilisateurs"
#: models.py:172
#: models.py:142
msgid "Limit username allowed to connect to the list provided bellow"
msgstr ""
"Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
"ci-dessous"
#: models.py:176
#: models.py:146
msgid "proxy"
msgstr "proxy"
#: models.py:177
msgid ""
"A ProxyGrantingTicket can be delivered to the service in order to "
"authenticate for the user on a backend service"
msgstr ""
"Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
"s'authentifier en temps l'utilisateur à un autre service"
#: models.py:147
msgid "Proxy tickets can be delivered to the service"
msgstr "des proxy tickets peuvent être délivrés au service"
#: models.py:182
#: models.py:151
msgid "proxy callback"
msgstr ""
#: models.py:152
msgid "can be used as a proxy callback to deliver PGT"
msgstr "peut être utilisé comme un callback pour recevoir un PGT"
#: models.py:156
msgid "single log out"
msgstr ""
#: models.py:183
#: models.py:157
msgid "Enable SLO for the service"
msgstr "Active le SLO pour le service"
#: models.py:225
#: models.py:199
msgid "username"
msgstr "nom d'utilisateur"
#: models.py:226
#: models.py:200
msgid "username allowed to connect to the service"
msgstr "noms d'utilisateurs autorisé à se connecter au service"
#: models.py:240
#: models.py:214
msgid "name of an attribut to send to the service"
msgstr "nom d'un attribut a envoyer au service"
#: models.py:245 models.py:289
#: models.py:219 models.py:263
msgid "replace"
msgstr "remplacement"
#: models.py:246
#: models.py:220
msgid ""
"name under which the attribut will be showto the service. empty = default "
"name of the attribut"
msgstr ""
"nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
#: models.py:261 models.py:278
#: models.py:235 models.py:252
msgid "attribut"
msgstr "attribut"
#: models.py:262
#: models.py:236
msgid "Name of the attribut which must verify pattern"
msgstr "Nom de l'attribut devant vérifier un motif"
#: models.py:267
#: models.py:241
msgid "a regular expression"
msgstr "une expression régulière"
#: models.py:279
#: models.py:253
msgid "Name of the attribut for which the value must be replace"
msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
#: models.py:284
#: models.py:258
msgid "An regular expression maching whats need to be replaced"
msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
#: models.py:290
#: models.py:264
msgid "replace expression, groups are capture by \\1, \\2 …"
msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
#: models.py:337
#: models.py:313
#, python-format
msgid ""
"Error during service logout %(service)s:\n"
@ -222,6 +226,13 @@ msgstr ""
"Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
"des raisons de sécurité, veuillez fermer votre navigateur."
#~ msgid ""
#~ "A ProxyGrantingTicket can be delivered to the service in order to "
#~ "authenticate for the user on a backend service"
#~ msgstr ""
#~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
#~ "s'authentifier en temps l'utilisateur à un autre service"
#~ msgid ""
#~ "Une demande d'authentification a été émise pour le service %(name)s "
#~ "(%(url)s)"

View File

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('cas_server', '0015_auto_20150528_1202'),
]
operations = [
migrations.AddField(
model_name='servicepattern',
name='proxy_callback',
field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'),
preserve_default=True,
),
migrations.AlterField(
model_name='servicepattern',
name='proxy',
field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'),
preserve_default=True,
),
]

View File

@ -144,8 +144,12 @@ class ServicePattern(models.Model):
proxy = models.BooleanField(
default=False,
verbose_name=_(u"proxy"),
help_text=_("A ProxyGrantingTicket can be delivered to the service " \
"in order to authenticate for the user on a backend service")
help_text=_("Proxy tickets can be delivered to the service")
)
proxy_callback = models.BooleanField(
default=False,
verbose_name=_(u"proxy callback"),
help_text=_("can be used as a proxy callback to deliver PGT")
)
single_log_out = models.BooleanField(
default=False,

View File

@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None):
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
if pgt_url and pgt_url.startswith("https://"):
pattern = models.ServicePattern.validate(pgt_url)
if pattern.proxy:
if pattern.proxy_callback:
proxyid = utils.gen_pgtiou()
pticket = models.ProxyGrantingTicket.objects.create(
user=ticket.user,
@ -358,6 +358,12 @@ def proxy(request):
try:
# is the target service allowed
pattern = models.ServicePattern.validate(target_service)
if not pattern.proxy:
return _validate_error(
request,
'UNAUTHORIZED_SERVICE',
'the service do not allow proxy ticket'
)
# is the proxy granting ticket valid
ticket = models.ProxyGrantingTicket.objects.get(
value=pgt,