possibility to limit PT delivery by service

2015-05-28 15:26:46 +02:00 · 2015-05-28 15:26:46 +02:00 · 4fd4afd9c0
parent 5ebc5169c3
commit 4fd4afd9c0
6 changed files with 121 additions and 68 deletions
--- a/cas_server/locale/en/LC_MESSAGES/django.po
+++ b/cas_server/locale/en/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: cas_server\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-05-28 02:10+0200\n"
+"POT-Creation-Date: 2015-05-28 15:24+0200\n"
 "PO-Revision-Date: 2015-05-23 19:03+0100\n"
 "Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
 "Language-Team: django <LL@li.org>\n"
@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites."
 msgid "Bad user"
 msgstr "The credentials you provided cannot be determined to be authentic."
-#: models.py:89
+#: models.py:58
 #, fuzzy, python-format
 #| msgid "Error during service logout %s"
-msgid "Error during service logout %r"
+msgid "Error during service logout %s"
 msgstr "Error during service logout %s"
-#: models.py:147
+#: models.py:117
 msgid "position"
 msgstr ""
-#: models.py:154 models.py:239
+#: models.py:124 models.py:213
 msgid "name"
 msgstr ""
-#: models.py:155
+#: models.py:125
 #, fuzzy
 #| msgid "Connect to the service"
 msgid "A name for the service"
 msgstr "Connect to the service"
-#: models.py:160 models.py:266 models.py:283
+#: models.py:130 models.py:240 models.py:257
 msgid "pattern"
 msgstr ""
-#: models.py:166
+#: models.py:136
 msgid "user field"
 msgstr ""
-#: models.py:167
+#: models.py:137
 msgid "Name of the attribut to transmit as username, empty = login"
 msgstr ""
-#: models.py:171
+#: models.py:141
 msgid "restrict username"
 msgstr ""
-#: models.py:172
+#: models.py:142
 msgid "Limit username allowed to connect to the list provided bellow"
 msgstr ""
-#: models.py:176
+#: models.py:146
 msgid "proxy"
 msgstr ""
-#: models.py:177
+#: models.py:147
-msgid ""
+msgid "Proxy tickets can be delivered to the service"
 "A ProxyGrantingTicket can be delivered to the service in order to "
 "authenticate for the user on a backend service"
 msgstr ""
-#: models.py:182
+#: models.py:151
 msgid "proxy callback"
 msgstr ""
 #: models.py:152
 msgid "can be used as a proxy callback to deliver PGT"
 msgstr ""
 #: models.py:156
 msgid "single log out"
 msgstr ""
-#: models.py:183
+#: models.py:157
 #, fuzzy
 #| msgid "Connect to the service"
 msgid "Enable SLO for the service"
 msgstr "Connect to the service"
-#: models.py:225
+#: models.py:199
 msgid "username"
 msgstr ""
-#: models.py:226
+#: models.py:200
 #, fuzzy
 #| msgid "Connect to the service"
 msgid "username allowed to connect to the service"
 msgstr "Connect to the service"
-#: models.py:240
+#: models.py:214
 #, fuzzy
 #| msgid "The attribut %(field)s is needed to use that service"
 msgid "name of an attribut to send to the service"
 msgstr "The attribut %(field)s is needed to use that service"
-#: models.py:245 models.py:289
+#: models.py:219 models.py:263
 msgid "replace"
 msgstr ""
-#: models.py:246
+#: models.py:220
 msgid ""
 "name under which the attribut will be showto the service. empty = default "
 "name of the attribut"
 msgstr ""
-#: models.py:261 models.py:278
+#: models.py:235 models.py:252
 msgid "attribut"
 msgstr ""
-#: models.py:262
+#: models.py:236
 msgid "Name of the attribut which must verify pattern"
 msgstr ""
-#: models.py:267
+#: models.py:241
 msgid "a regular expression"
 msgstr ""
-#: models.py:279
+#: models.py:253
 msgid "Name of the attribut for which the value must be replace"
 msgstr ""
-#: models.py:284
+#: models.py:258
 msgid "An regular expression maching whats need to be replaced"
 msgstr ""
-#: models.py:290
+#: models.py:264
 msgid "replace expression, groups are capture by \\1, \\2 …"
 msgstr ""
-#: models.py:337
+#: models.py:313
 #, python-format
 msgid ""
 "Error during service logout %(service)s:\n"
--- a/cas_server/locale/fr/LC_MESSAGES/django.mo
+++ b/cas_server/locale/fr/LC_MESSAGES/django.mo
--- a/cas_server/locale/fr/LC_MESSAGES/django.po
+++ b/cas_server/locale/fr/LC_MESSAGES/django.po
@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: cas_server\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-05-28 02:10+0200\n"
+"POT-Creation-Date: 2015-05-28 15:24+0200\n"
-"PO-Revision-Date: 2015-05-28 02:15+0100\n"
+"PO-Revision-Date: 2015-05-28 15:25+0100\n"
 "Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
 "Language-Team: django <LL@li.org>\n"
 "Language: fr\n"
@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services."
 msgid "Bad user"
 msgstr "Les informations transmises n'ont pas permis de vous authentifier."
-#: models.py:89
+#: models.py:58
 #, python-format
-msgid "Error during service logout %r"
+msgid "Error during service logout %s"
-msgstr "Une erreur est survenue durant la déconnexion du service %r"
+msgstr "Une erreur est survenue durant la déconnexion du service %s"
-#: models.py:147
+#: models.py:117
 msgid "position"
 msgstr "position"
-#: models.py:154 models.py:239
+#: models.py:124 models.py:213
 msgid "name"
 msgstr "nom"
-#: models.py:155
+#: models.py:125
 msgid "A name for the service"
 msgstr "Un nom pour le service"
-#: models.py:160 models.py:266 models.py:283
+#: models.py:130 models.py:240 models.py:257
 msgid "pattern"
 msgstr "motif"
-#: models.py:166
+#: models.py:136
 msgid "user field"
 msgstr "champ utilisateur"
-#: models.py:167
+#: models.py:137
 msgid "Name of the attribut to transmit as username, empty = login"
 msgstr ""
 "Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
 "vide = nom de connection"
-#: models.py:171
+#: models.py:141
 msgid "restrict username"
 msgstr "limiter les noms d'utilisateurs"
-#: models.py:172
+#: models.py:142
 msgid "Limit username allowed to connect to the list provided bellow"
 msgstr ""
 "Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
 "ci-dessous"
-#: models.py:176
+#: models.py:146
 msgid "proxy"
 msgstr "proxy"
-#: models.py:177
+#: models.py:147
-msgid ""
+msgid "Proxy tickets can be delivered to the service"
-"A ProxyGrantingTicket can be delivered to the service in order to "
+msgstr "des proxy tickets peuvent être délivrés au service"
 "authenticate for the user on a backend service"
 msgstr ""
 "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
 "s'authentifier en temps l'utilisateur à un autre service"
-#: models.py:182
+#: models.py:151
 msgid "proxy callback"
 msgstr ""
 #: models.py:152
 msgid "can be used as a proxy callback to deliver PGT"
 msgstr "peut être utilisé comme un callback pour recevoir un PGT"
 #: models.py:156
 msgid "single log out"
 msgstr ""
-#: models.py:183
+#: models.py:157
 msgid "Enable SLO for the service"
 msgstr "Active le SLO pour le service"
-#: models.py:225
+#: models.py:199
 msgid "username"
 msgstr "nom d'utilisateur"
-#: models.py:226
+#: models.py:200
 msgid "username allowed to connect to the service"
 msgstr "noms d'utilisateurs autorisé à se connecter au service"
-#: models.py:240
+#: models.py:214
 msgid "name of an attribut to send to the service"
 msgstr "nom d'un attribut a envoyer au service"
-#: models.py:245 models.py:289
+#: models.py:219 models.py:263
 msgid "replace"
 msgstr "remplacement"
-#: models.py:246
+#: models.py:220
 msgid ""
 "name under which the attribut will be showto the service. empty = default "
 "name of the attribut"
 msgstr ""
 "nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
-#: models.py:261 models.py:278
+#: models.py:235 models.py:252
 msgid "attribut"
 msgstr "attribut"
-#: models.py:262
+#: models.py:236
 msgid "Name of the attribut which must verify pattern"
 msgstr "Nom de l'attribut devant vérifier un motif"
-#: models.py:267
+#: models.py:241
 msgid "a regular expression"
 msgstr "une expression régulière"
-#: models.py:279
+#: models.py:253
 msgid "Name of the attribut for which the value must be replace"
 msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
-#: models.py:284
+#: models.py:258
 msgid "An regular expression maching whats need to be replaced"
 msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
-#: models.py:290
+#: models.py:264
 msgid "replace expression, groups are capture by \\1, \\2 …"
 msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
-#: models.py:337
+#: models.py:313
 #, python-format
 msgid ""
 "Error during service logout %(service)s:\n"
@ -222,6 +226,13 @@ msgstr ""
 "Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
 "des raisons de sécurité, veuillez fermer votre navigateur."
 #~ msgid ""
 #~ "A ProxyGrantingTicket can be delivered to the service in order to "
 #~ "authenticate for the user on a backend service"
 #~ msgstr ""
 #~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
 #~ "s'authentifier en temps l'utilisateur à un autre service"
 #~ msgid ""
 #~ "Une demande d'authentification a été émise pour le service %(name)s "
 #~ "(%(url)s)"
--- a/cas_server/migrations/0016_auto_20150528_1326.py
+++ b/cas_server/migrations/0016_auto_20150528_1326.py
@ -0,0 +1,26 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('cas_server', '0015_auto_20150528_1202'),
    ]
    operations = [
        migrations.AddField(
            model_name='servicepattern',
            name='proxy_callback',
            field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'),
            preserve_default=True,
        ),
        migrations.AlterField(
            model_name='servicepattern',
            name='proxy',
            field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'),
            preserve_default=True,
        ),
    ]
--- a/cas_server/models.py
+++ b/cas_server/models.py
@ -144,8 +144,12 @@ class ServicePattern(models.Model):
    proxy = models.BooleanField(
        default=False,
        verbose_name=_(u"proxy"),
-        help_text=_("A ProxyGrantingTicket can be delivered to the service " \
+        help_text=_("Proxy tickets can be delivered to the service")
-        "in order to authenticate for the user on a backend service")
+    )
    proxy_callback = models.BooleanField(
        default=False,
        verbose_name=_(u"proxy callback"),
        help_text=_("can be used as a proxy callback to deliver PGT")
    )
    single_log_out = models.BooleanField(
        default=False,
--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None):
                params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
            if pgt_url and pgt_url.startswith("https://"):
                pattern = models.ServicePattern.validate(pgt_url)
-                if pattern.proxy:
+                if pattern.proxy_callback:
                    proxyid = utils.gen_pgtiou()
                    pticket = models.ProxyGrantingTicket.objects.create(
                        user=ticket.user,
@ -358,6 +358,12 @@ def proxy(request):
        try:
            # is the target service allowed
            pattern = models.ServicePattern.validate(target_service)
            if not pattern.proxy:
                return _validate_error(
                    request,
                    'UNAUTHORIZED_SERVICE',
                    'the service do not allow proxy ticket'
                )
            # is the proxy granting ticket valid
            ticket = models.ProxyGrantingTicket.objects.get(
                value=pgt,