From 4fd4afd9c05185fa879b74fec19c75f1694467b6 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Thu, 28 May 2015 15:26:46 +0200 Subject: [PATCH] possibility to limit PT delivery by service --- cas_server/locale/en/LC_MESSAGES/django.po | 66 +++++++------- cas_server/locale/fr/LC_MESSAGES/django.mo | Bin 4810 -> 4784 bytes cas_server/locale/fr/LC_MESSAGES/django.po | 81 ++++++++++-------- .../migrations/0016_auto_20150528_1326.py | 26 ++++++ cas_server/models.py | 8 +- cas_server/views.py | 8 +- 6 files changed, 121 insertions(+), 68 deletions(-) create mode 100644 cas_server/migrations/0016_auto_20150528_1326.py diff --git a/cas_server/locale/en/LC_MESSAGES/django.po b/cas_server/locale/en/LC_MESSAGES/django.po index 9a30362..bd302ab 100644 --- a/cas_server/locale/en/LC_MESSAGES/django.po +++ b/cas_server/locale/en/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: cas_server\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-05-28 02:10+0200\n" +"POT-Creation-Date: 2015-05-28 15:24+0200\n" "PO-Revision-Date: 2015-05-23 19:03+0100\n" "Last-Translator: Valentin Samir \n" "Language-Team: django \n" @@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites." msgid "Bad user" msgstr "The credentials you provided cannot be determined to be authentic." -#: models.py:89 +#: models.py:58 #, fuzzy, python-format #| msgid "Error during service logout %s" -msgid "Error during service logout %r" +msgid "Error during service logout %s" msgstr "Error during service logout %s" -#: models.py:147 +#: models.py:117 msgid "position" msgstr "" -#: models.py:154 models.py:239 +#: models.py:124 models.py:213 msgid "name" msgstr "" -#: models.py:155 +#: models.py:125 #, fuzzy #| msgid "Connect to the service" msgid "A name for the service" msgstr "Connect to the service" -#: models.py:160 models.py:266 models.py:283 +#: models.py:130 models.py:240 models.py:257 msgid "pattern" msgstr "" -#: models.py:166 +#: models.py:136 msgid "user field" msgstr "" -#: models.py:167 +#: models.py:137 msgid "Name of the attribut to transmit as username, empty = login" msgstr "" -#: models.py:171 +#: models.py:141 msgid "restrict username" msgstr "" -#: models.py:172 +#: models.py:142 msgid "Limit username allowed to connect to the list provided bellow" msgstr "" -#: models.py:176 +#: models.py:146 msgid "proxy" msgstr "" -#: models.py:177 -msgid "" -"A ProxyGrantingTicket can be delivered to the service in order to " -"authenticate for the user on a backend service" +#: models.py:147 +msgid "Proxy tickets can be delivered to the service" msgstr "" -#: models.py:182 +#: models.py:151 +msgid "proxy callback" +msgstr "" + +#: models.py:152 +msgid "can be used as a proxy callback to deliver PGT" +msgstr "" + +#: models.py:156 msgid "single log out" msgstr "" -#: models.py:183 +#: models.py:157 #, fuzzy #| msgid "Connect to the service" msgid "Enable SLO for the service" msgstr "Connect to the service" -#: models.py:225 +#: models.py:199 msgid "username" msgstr "" -#: models.py:226 +#: models.py:200 #, fuzzy #| msgid "Connect to the service" msgid "username allowed to connect to the service" msgstr "Connect to the service" -#: models.py:240 +#: models.py:214 #, fuzzy #| msgid "The attribut %(field)s is needed to use that service" msgid "name of an attribut to send to the service" msgstr "The attribut %(field)s is needed to use that service" -#: models.py:245 models.py:289 +#: models.py:219 models.py:263 msgid "replace" msgstr "" -#: models.py:246 +#: models.py:220 msgid "" "name under which the attribut will be showto the service. empty = default " "name of the attribut" msgstr "" -#: models.py:261 models.py:278 +#: models.py:235 models.py:252 msgid "attribut" msgstr "" -#: models.py:262 +#: models.py:236 msgid "Name of the attribut which must verify pattern" msgstr "" -#: models.py:267 +#: models.py:241 msgid "a regular expression" msgstr "" -#: models.py:279 +#: models.py:253 msgid "Name of the attribut for which the value must be replace" msgstr "" -#: models.py:284 +#: models.py:258 msgid "An regular expression maching whats need to be replaced" msgstr "" -#: models.py:290 +#: models.py:264 msgid "replace expression, groups are capture by \\1, \\2 …" msgstr "" -#: models.py:337 +#: models.py:313 #, python-format msgid "" "Error during service logout %(service)s:\n" diff --git a/cas_server/locale/fr/LC_MESSAGES/django.mo b/cas_server/locale/fr/LC_MESSAGES/django.mo index a9f29a6d4f66e091836c296e5797b229f4fddc3d..9402047ab9dd1ab07dc681ca23a84b01357f0fb2 100644 GIT binary patch delta 1221 zcmX}r-%FEG7{KxK>ZZHT%=K9NCld`H@<3|`0jDs zRYVJ|hIZXhstdmra3S6mDzzP#@i6|tZme?T9Kb`2XR!o7pv?b*JMlNRV~JC#I_$z@ zIEY0`O{n{H_^8LZ8|pb8VLXqL$WQcPJ+s}|j|XuGCE;5r3#M@^E@20*;%;;mD^-c! zyxk~?o<|?+tIKp)L)}D@Rnypvvp9rrQ6A7-=qfMDxQ&ZE=g;3ifwJ%^tiT&sij&Ak zJ>VkmeTuTq3QkQ>?$31O7lfGIi{p3>m#_ytn{t)7h%%nW9k`0M_zU~6v`nd^IEa_< z9vZxV4PA`aDPKAML77*!nfiz5oThUC7jPSX#ZFwqeb~fP^>`NNFou$7&6eDA0o06d zqwM(t@|)B$`tcKzqjFOgj*qIwCakTX{%7d)a)Tt*BuYsiqP*Zqems}|{xu%w{vyiW z{zX2j&XcnhI&$D7BwGnNNV2em zlvH9DE&pe+lWt@zC%u{`K@shc(o5{8NtO4~YWujf&?Kmm9UNS{3RNiOms2hKEv1w4 zN@&_18b?HVX;MAe!i?83Wf<|y8>iE7_gm2`S9KyB95EB|nUz94vsm=e7YvN)VN)mL zW=IF(I-q0rv|u0-84d(TbRw!lW+a?4E!}_eLgr5KBg5I&>2L3tX>~O?q?Z|RRT`P~ zQeOcp)w>4^IzwhW|C;=2I%XzQ=2${!UnDG3hq7tjXl2u^m(+37N`-@F=34nn!_UNx oS;<5=5{_rnIv5=tCBrfOKdD$WX=%$0nyF~ml5Zrnriy3AKTcGi=Kufz delta 1252 zcmZwGPe>F|9Ki86?jO@MTeGqNCjFs;0x`CA%t77N*%?bDmO9v> zAYqXpECLTVQ5_+0l} zV*j+F)KSZ*j-ga5zRlr6S@0<}g3oXr*7}ud!VYZ5@vIBDkM=KIf%So<@lCjq_AzWk z3(Ii^4=9yX&$$WG@f-Ph4QU6tG-Dx3K!>p&uVEoRMG5#NN?@OH4gSPEn47EA7Hq>3 z?8!Qc65u2Tm|xxEhM?6n*5V!P#YL2XRb04LJ5kzuxk#Yx+5S$H3A-_bS1}(`$WPtl zBJX{GGS7RQBFi6flKIsDqh$p@uoHtTl{$$>@etlc$-viayR1N|^|a69X1s*QaT?q3 zJD$Y~(qu5v1m@AcvP!8UypA&NHYWSH`M^yb?&sgNXkr*Aa4XK@BV0rYaCG(3_<7W{ zzoG20kL9x{RgT1}!pN~vyRinFunT*U7}Z>e{7Wk5>5vCsptKjW1K!|4+MiJNvb1<9 z#m!l}P|ipX$`(u`3-+=JUU2f>3aY$U&WB7ag`u1u$$z$NM-t)fRrPWw%4wCt?s#Pr zS6P)5Noy5VwqXNR3Q6(`N%>bKtCdt)gk)L@Yf|bARSp-2R+UmEO>$agfBjTRs}$J| z*$PSPHmZC9-WS@TPuTIx<45dB%&}q@Pg~JJ(@6~mb*r{wI&Sxwwszt=;yME+Bcc(< z)ctY#22AZH_%j~U5q%-TW3fI>$Cwp0)31C}hGD1A1p-FuX7FA5M(&IeXlQKN)sWhe zSLv6#^r^fOBl(}n^@!;@I`h!6P2HE78?wgi%p3tMzg&;RU0V;i76a{J)A7ccIuTxu zvEL#rGo~GLcqE~R!meWtSqTE?vCMt#60j=|5v<>fHk#j<QAUVJzvn0lddUx KY@`cAv<{BCT`) diff --git a/cas_server/locale/fr/LC_MESSAGES/django.po b/cas_server/locale/fr/LC_MESSAGES/django.po index 140c162..45520da 100644 --- a/cas_server/locale/fr/LC_MESSAGES/django.po +++ b/cas_server/locale/fr/LC_MESSAGES/django.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: cas_server\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-05-28 02:10+0200\n" -"PO-Revision-Date: 2015-05-28 02:15+0100\n" +"POT-Creation-Date: 2015-05-28 15:24+0200\n" +"PO-Revision-Date: 2015-05-28 15:25+0100\n" "Last-Translator: Valentin Samir \n" "Language-Team: django \n" "Language: fr\n" @@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services." msgid "Bad user" msgstr "Les informations transmises n'ont pas permis de vous authentifier." -#: models.py:89 +#: models.py:58 #, python-format -msgid "Error during service logout %r" -msgstr "Une erreur est survenue durant la déconnexion du service %r" +msgid "Error during service logout %s" +msgstr "Une erreur est survenue durant la déconnexion du service %s" -#: models.py:147 +#: models.py:117 msgid "position" msgstr "position" -#: models.py:154 models.py:239 +#: models.py:124 models.py:213 msgid "name" msgstr "nom" -#: models.py:155 +#: models.py:125 msgid "A name for the service" msgstr "Un nom pour le service" -#: models.py:160 models.py:266 models.py:283 +#: models.py:130 models.py:240 models.py:257 msgid "pattern" msgstr "motif" -#: models.py:166 +#: models.py:136 msgid "user field" msgstr "champ utilisateur" -#: models.py:167 +#: models.py:137 msgid "Name of the attribut to transmit as username, empty = login" msgstr "" "Nom de l'attribut devant être transmis comme nom d'utilisateur au service. " "vide = nom de connection" -#: models.py:171 +#: models.py:141 msgid "restrict username" msgstr "limiter les noms d'utilisateurs" -#: models.py:172 +#: models.py:142 msgid "Limit username allowed to connect to the list provided bellow" msgstr "" "Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie " "ci-dessous" -#: models.py:176 +#: models.py:146 msgid "proxy" msgstr "proxy" -#: models.py:177 -msgid "" -"A ProxyGrantingTicket can be delivered to the service in order to " -"authenticate for the user on a backend service" -msgstr "" -"Un ProxyGrantingTicket peut être délivré au service pour lui permettre de " -"s'authentifier en temps l'utilisateur à un autre service" +#: models.py:147 +msgid "Proxy tickets can be delivered to the service" +msgstr "des proxy tickets peuvent être délivrés au service" -#: models.py:182 +#: models.py:151 +msgid "proxy callback" +msgstr "" + +#: models.py:152 +msgid "can be used as a proxy callback to deliver PGT" +msgstr "peut être utilisé comme un callback pour recevoir un PGT" + +#: models.py:156 msgid "single log out" msgstr "" -#: models.py:183 +#: models.py:157 msgid "Enable SLO for the service" msgstr "Active le SLO pour le service" -#: models.py:225 +#: models.py:199 msgid "username" msgstr "nom d'utilisateur" -#: models.py:226 +#: models.py:200 msgid "username allowed to connect to the service" msgstr "noms d'utilisateurs autorisé à se connecter au service" -#: models.py:240 +#: models.py:214 msgid "name of an attribut to send to the service" msgstr "nom d'un attribut a envoyer au service" -#: models.py:245 models.py:289 +#: models.py:219 models.py:263 msgid "replace" msgstr "remplacement" -#: models.py:246 +#: models.py:220 msgid "" "name under which the attribut will be showto the service. empty = default " "name of the attribut" msgstr "" "nom sous lequel l'attribut sera rendu visible au service. vide = inchangé" -#: models.py:261 models.py:278 +#: models.py:235 models.py:252 msgid "attribut" msgstr "attribut" -#: models.py:262 +#: models.py:236 msgid "Name of the attribut which must verify pattern" msgstr "Nom de l'attribut devant vérifier un motif" -#: models.py:267 +#: models.py:241 msgid "a regular expression" msgstr "une expression régulière" -#: models.py:279 +#: models.py:253 msgid "Name of the attribut for which the value must be replace" msgstr "nom de l'attribue pour lequel la valeur doit être remplacé" -#: models.py:284 +#: models.py:258 msgid "An regular expression maching whats need to be replaced" msgstr "une expression régulière reconnaissant ce qui doit être remplacé" -#: models.py:290 +#: models.py:264 msgid "replace expression, groups are capture by \\1, \\2 …" msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2" -#: models.py:337 +#: models.py:313 #, python-format msgid "" "Error during service logout %(service)s:\n" @@ -222,6 +226,13 @@ msgstr "" "Vous vous êtes déconnecté(e) du Service Central d'Authentification.
Pour " "des raisons de sécurité, veuillez fermer votre navigateur." +#~ msgid "" +#~ "A ProxyGrantingTicket can be delivered to the service in order to " +#~ "authenticate for the user on a backend service" +#~ msgstr "" +#~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de " +#~ "s'authentifier en temps l'utilisateur à un autre service" + #~ msgid "" #~ "Une demande d'authentification a été émise pour le service %(name)s " #~ "(%(url)s)" diff --git a/cas_server/migrations/0016_auto_20150528_1326.py b/cas_server/migrations/0016_auto_20150528_1326.py new file mode 100644 index 0000000..2e250fb --- /dev/null +++ b/cas_server/migrations/0016_auto_20150528_1326.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('cas_server', '0015_auto_20150528_1202'), + ] + + operations = [ + migrations.AddField( + model_name='servicepattern', + name='proxy_callback', + field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'), + preserve_default=True, + ), + migrations.AlterField( + model_name='servicepattern', + name='proxy', + field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'), + preserve_default=True, + ), + ] diff --git a/cas_server/models.py b/cas_server/models.py index 7ae4ab7..8c1b783 100644 --- a/cas_server/models.py +++ b/cas_server/models.py @@ -144,8 +144,12 @@ class ServicePattern(models.Model): proxy = models.BooleanField( default=False, verbose_name=_(u"proxy"), - help_text=_("A ProxyGrantingTicket can be delivered to the service " \ - "in order to authenticate for the user on a backend service") + help_text=_("Proxy tickets can be delivered to the service") + ) + proxy_callback = models.BooleanField( + default=False, + verbose_name=_(u"proxy callback"), + help_text=_("can be used as a proxy callback to deliver PGT") ) single_log_out = models.BooleanField( default=False, diff --git a/cas_server/views.py b/cas_server/views.py index ef3d785..d892ab2 100644 --- a/cas_server/views.py +++ b/cas_server/views.py @@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None): params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field) if pgt_url and pgt_url.startswith("https://"): pattern = models.ServicePattern.validate(pgt_url) - if pattern.proxy: + if pattern.proxy_callback: proxyid = utils.gen_pgtiou() pticket = models.ProxyGrantingTicket.objects.create( user=ticket.user, @@ -358,6 +358,12 @@ def proxy(request): try: # is the target service allowed pattern = models.ServicePattern.validate(target_service) + if not pattern.proxy: + return _validate_error( + request, + 'UNAUTHORIZED_SERVICE', + 'the service do not allow proxy ticket' + ) # is the proxy granting ticket valid ticket = models.ProxyGrantingTicket.objects.get( value=pgt,