possibility to limit PT delivery by service
This commit is contained in:
parent
5ebc5169c3
commit
4fd4afd9c0
@ -7,7 +7,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: cas_server\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
|
||||
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
|
||||
"PO-Revision-Date: 2015-05-23 19:03+0100\n"
|
||||
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
||||
"Language-Team: django <LL@li.org>\n"
|
||||
@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites."
|
||||
msgid "Bad user"
|
||||
msgstr "The credentials you provided cannot be determined to be authentic."
|
||||
|
||||
#: models.py:89
|
||||
#: models.py:58
|
||||
#, fuzzy, python-format
|
||||
#| msgid "Error during service logout %s"
|
||||
msgid "Error during service logout %r"
|
||||
msgid "Error during service logout %s"
|
||||
msgstr "Error during service logout %s"
|
||||
|
||||
#: models.py:147
|
||||
#: models.py:117
|
||||
msgid "position"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:154 models.py:239
|
||||
#: models.py:124 models.py:213
|
||||
msgid "name"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:155
|
||||
#: models.py:125
|
||||
#, fuzzy
|
||||
#| msgid "Connect to the service"
|
||||
msgid "A name for the service"
|
||||
msgstr "Connect to the service"
|
||||
|
||||
#: models.py:160 models.py:266 models.py:283
|
||||
#: models.py:130 models.py:240 models.py:257
|
||||
msgid "pattern"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:166
|
||||
#: models.py:136
|
||||
msgid "user field"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:167
|
||||
#: models.py:137
|
||||
msgid "Name of the attribut to transmit as username, empty = login"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:171
|
||||
#: models.py:141
|
||||
msgid "restrict username"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:172
|
||||
#: models.py:142
|
||||
msgid "Limit username allowed to connect to the list provided bellow"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:176
|
||||
#: models.py:146
|
||||
msgid "proxy"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:177
|
||||
msgid ""
|
||||
"A ProxyGrantingTicket can be delivered to the service in order to "
|
||||
"authenticate for the user on a backend service"
|
||||
#: models.py:147
|
||||
msgid "Proxy tickets can be delivered to the service"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:182
|
||||
#: models.py:151
|
||||
msgid "proxy callback"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:152
|
||||
msgid "can be used as a proxy callback to deliver PGT"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:156
|
||||
msgid "single log out"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:183
|
||||
#: models.py:157
|
||||
#, fuzzy
|
||||
#| msgid "Connect to the service"
|
||||
msgid "Enable SLO for the service"
|
||||
msgstr "Connect to the service"
|
||||
|
||||
#: models.py:225
|
||||
#: models.py:199
|
||||
msgid "username"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:226
|
||||
#: models.py:200
|
||||
#, fuzzy
|
||||
#| msgid "Connect to the service"
|
||||
msgid "username allowed to connect to the service"
|
||||
msgstr "Connect to the service"
|
||||
|
||||
#: models.py:240
|
||||
#: models.py:214
|
||||
#, fuzzy
|
||||
#| msgid "The attribut %(field)s is needed to use that service"
|
||||
msgid "name of an attribut to send to the service"
|
||||
msgstr "The attribut %(field)s is needed to use that service"
|
||||
|
||||
#: models.py:245 models.py:289
|
||||
#: models.py:219 models.py:263
|
||||
msgid "replace"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:246
|
||||
#: models.py:220
|
||||
msgid ""
|
||||
"name under which the attribut will be showto the service. empty = default "
|
||||
"name of the attribut"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:261 models.py:278
|
||||
#: models.py:235 models.py:252
|
||||
msgid "attribut"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:262
|
||||
#: models.py:236
|
||||
msgid "Name of the attribut which must verify pattern"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:267
|
||||
#: models.py:241
|
||||
msgid "a regular expression"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:279
|
||||
#: models.py:253
|
||||
msgid "Name of the attribut for which the value must be replace"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:284
|
||||
#: models.py:258
|
||||
msgid "An regular expression maching whats need to be replaced"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:290
|
||||
#: models.py:264
|
||||
msgid "replace expression, groups are capture by \\1, \\2 …"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:337
|
||||
#: models.py:313
|
||||
#, python-format
|
||||
msgid ""
|
||||
"Error during service logout %(service)s:\n"
|
||||
|
Binary file not shown.
@ -7,8 +7,8 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: cas_server\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
|
||||
"PO-Revision-Date: 2015-05-28 02:15+0100\n"
|
||||
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
|
||||
"PO-Revision-Date: 2015-05-28 15:25+0100\n"
|
||||
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
||||
"Language-Team: django <LL@li.org>\n"
|
||||
"Language: fr\n"
|
||||
@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services."
|
||||
msgid "Bad user"
|
||||
msgstr "Les informations transmises n'ont pas permis de vous authentifier."
|
||||
|
||||
#: models.py:89
|
||||
#: models.py:58
|
||||
#, python-format
|
||||
msgid "Error during service logout %r"
|
||||
msgstr "Une erreur est survenue durant la déconnexion du service %r"
|
||||
msgid "Error during service logout %s"
|
||||
msgstr "Une erreur est survenue durant la déconnexion du service %s"
|
||||
|
||||
#: models.py:147
|
||||
#: models.py:117
|
||||
msgid "position"
|
||||
msgstr "position"
|
||||
|
||||
#: models.py:154 models.py:239
|
||||
#: models.py:124 models.py:213
|
||||
msgid "name"
|
||||
msgstr "nom"
|
||||
|
||||
#: models.py:155
|
||||
#: models.py:125
|
||||
msgid "A name for the service"
|
||||
msgstr "Un nom pour le service"
|
||||
|
||||
#: models.py:160 models.py:266 models.py:283
|
||||
#: models.py:130 models.py:240 models.py:257
|
||||
msgid "pattern"
|
||||
msgstr "motif"
|
||||
|
||||
#: models.py:166
|
||||
#: models.py:136
|
||||
msgid "user field"
|
||||
msgstr "champ utilisateur"
|
||||
|
||||
#: models.py:167
|
||||
#: models.py:137
|
||||
msgid "Name of the attribut to transmit as username, empty = login"
|
||||
msgstr ""
|
||||
"Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
|
||||
"vide = nom de connection"
|
||||
|
||||
#: models.py:171
|
||||
#: models.py:141
|
||||
msgid "restrict username"
|
||||
msgstr "limiter les noms d'utilisateurs"
|
||||
|
||||
#: models.py:172
|
||||
#: models.py:142
|
||||
msgid "Limit username allowed to connect to the list provided bellow"
|
||||
msgstr ""
|
||||
"Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
|
||||
"ci-dessous"
|
||||
|
||||
#: models.py:176
|
||||
#: models.py:146
|
||||
msgid "proxy"
|
||||
msgstr "proxy"
|
||||
|
||||
#: models.py:177
|
||||
msgid ""
|
||||
"A ProxyGrantingTicket can be delivered to the service in order to "
|
||||
"authenticate for the user on a backend service"
|
||||
msgstr ""
|
||||
"Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
|
||||
"s'authentifier en temps l'utilisateur à un autre service"
|
||||
#: models.py:147
|
||||
msgid "Proxy tickets can be delivered to the service"
|
||||
msgstr "des proxy tickets peuvent être délivrés au service"
|
||||
|
||||
#: models.py:182
|
||||
#: models.py:151
|
||||
msgid "proxy callback"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:152
|
||||
msgid "can be used as a proxy callback to deliver PGT"
|
||||
msgstr "peut être utilisé comme un callback pour recevoir un PGT"
|
||||
|
||||
#: models.py:156
|
||||
msgid "single log out"
|
||||
msgstr ""
|
||||
|
||||
#: models.py:183
|
||||
#: models.py:157
|
||||
msgid "Enable SLO for the service"
|
||||
msgstr "Active le SLO pour le service"
|
||||
|
||||
#: models.py:225
|
||||
#: models.py:199
|
||||
msgid "username"
|
||||
msgstr "nom d'utilisateur"
|
||||
|
||||
#: models.py:226
|
||||
#: models.py:200
|
||||
msgid "username allowed to connect to the service"
|
||||
msgstr "noms d'utilisateurs autorisé à se connecter au service"
|
||||
|
||||
#: models.py:240
|
||||
#: models.py:214
|
||||
msgid "name of an attribut to send to the service"
|
||||
msgstr "nom d'un attribut a envoyer au service"
|
||||
|
||||
#: models.py:245 models.py:289
|
||||
#: models.py:219 models.py:263
|
||||
msgid "replace"
|
||||
msgstr "remplacement"
|
||||
|
||||
#: models.py:246
|
||||
#: models.py:220
|
||||
msgid ""
|
||||
"name under which the attribut will be showto the service. empty = default "
|
||||
"name of the attribut"
|
||||
msgstr ""
|
||||
"nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
|
||||
|
||||
#: models.py:261 models.py:278
|
||||
#: models.py:235 models.py:252
|
||||
msgid "attribut"
|
||||
msgstr "attribut"
|
||||
|
||||
#: models.py:262
|
||||
#: models.py:236
|
||||
msgid "Name of the attribut which must verify pattern"
|
||||
msgstr "Nom de l'attribut devant vérifier un motif"
|
||||
|
||||
#: models.py:267
|
||||
#: models.py:241
|
||||
msgid "a regular expression"
|
||||
msgstr "une expression régulière"
|
||||
|
||||
#: models.py:279
|
||||
#: models.py:253
|
||||
msgid "Name of the attribut for which the value must be replace"
|
||||
msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
|
||||
|
||||
#: models.py:284
|
||||
#: models.py:258
|
||||
msgid "An regular expression maching whats need to be replaced"
|
||||
msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
|
||||
|
||||
#: models.py:290
|
||||
#: models.py:264
|
||||
msgid "replace expression, groups are capture by \\1, \\2 …"
|
||||
msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
|
||||
|
||||
#: models.py:337
|
||||
#: models.py:313
|
||||
#, python-format
|
||||
msgid ""
|
||||
"Error during service logout %(service)s:\n"
|
||||
@ -222,6 +226,13 @@ msgstr ""
|
||||
"Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
|
||||
"des raisons de sécurité, veuillez fermer votre navigateur."
|
||||
|
||||
#~ msgid ""
|
||||
#~ "A ProxyGrantingTicket can be delivered to the service in order to "
|
||||
#~ "authenticate for the user on a backend service"
|
||||
#~ msgstr ""
|
||||
#~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
|
||||
#~ "s'authentifier en temps l'utilisateur à un autre service"
|
||||
|
||||
#~ msgid ""
|
||||
#~ "Une demande d'authentification a été émise pour le service %(name)s "
|
||||
#~ "(%(url)s)"
|
||||
|
26
cas_server/migrations/0016_auto_20150528_1326.py
Normal file
26
cas_server/migrations/0016_auto_20150528_1326.py
Normal file
@ -0,0 +1,26 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import models, migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('cas_server', '0015_auto_20150528_1202'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='servicepattern',
|
||||
name='proxy_callback',
|
||||
field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'),
|
||||
preserve_default=True,
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name='servicepattern',
|
||||
name='proxy',
|
||||
field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'),
|
||||
preserve_default=True,
|
||||
),
|
||||
]
|
@ -144,8 +144,12 @@ class ServicePattern(models.Model):
|
||||
proxy = models.BooleanField(
|
||||
default=False,
|
||||
verbose_name=_(u"proxy"),
|
||||
help_text=_("A ProxyGrantingTicket can be delivered to the service " \
|
||||
"in order to authenticate for the user on a backend service")
|
||||
help_text=_("Proxy tickets can be delivered to the service")
|
||||
)
|
||||
proxy_callback = models.BooleanField(
|
||||
default=False,
|
||||
verbose_name=_(u"proxy callback"),
|
||||
help_text=_("can be used as a proxy callback to deliver PGT")
|
||||
)
|
||||
single_log_out = models.BooleanField(
|
||||
default=False,
|
||||
|
@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None):
|
||||
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
|
||||
if pgt_url and pgt_url.startswith("https://"):
|
||||
pattern = models.ServicePattern.validate(pgt_url)
|
||||
if pattern.proxy:
|
||||
if pattern.proxy_callback:
|
||||
proxyid = utils.gen_pgtiou()
|
||||
pticket = models.ProxyGrantingTicket.objects.create(
|
||||
user=ticket.user,
|
||||
@ -358,6 +358,12 @@ def proxy(request):
|
||||
try:
|
||||
# is the target service allowed
|
||||
pattern = models.ServicePattern.validate(target_service)
|
||||
if not pattern.proxy:
|
||||
return _validate_error(
|
||||
request,
|
||||
'UNAUTHORIZED_SERVICE',
|
||||
'the service do not allow proxy ticket'
|
||||
)
|
||||
# is the proxy granting ticket valid
|
||||
ticket = models.ProxyGrantingTicket.objects.get(
|
||||
value=pgt,
|
||||
|
Loading…
Reference in New Issue
Block a user