Skip to content
Snippets Groups Projects
Commit d60db93b authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Bug fixes related to Shib auth

parent 56a15b63
No related branches found
Tags v0.8.4
No related merge requests found
===========
0.8.4 RELEASE
Vulnerability prevention/bug fixes release
Fixes:
- Fixed a bug where the shib auth backend erased non-shibboleth users info
- Added an authsource variable to prevent authentication backend overlapping
- Added exception handling for non-Shibboleth users that do not belong to a peer
===========
0.8.3 RELEASE
Feature enhancement release
......
......@@ -10,6 +10,9 @@ class shibauthBackend:
firstname = kwargs.get('firstname')
lastname = kwargs.get('lastname')
mail = kwargs.get('mail')
authsource = kwargs.get('authsource')
if authsource != 'shibboleth':
return None
try:
user = self._auth_user(username, firstname, lastname, mail)
except:
......@@ -22,10 +25,6 @@ class shibauthBackend:
try:
user = User.objects.get(username__exact=username)
user.email = mail
user.first_name = firstname
user.last_name = lastname
user.save()
# The user did not exist. Create one with no privileges
except:
user = User.objects.create_user(username, mail, None)
......
......@@ -63,12 +63,16 @@ def welcome(request):
@never_cache
def group_routes(request):
group_routes = []
peer = request.user.get_profile().peer
try:
peer = request.user.get_profile().peer
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username
return render_to_response('error.html', {'error': error})
if peer:
peer_members = UserProfile.objects.filter(peer=peer)
users = [prof.user for prof in peer_members]
group_routes = Route.objects.filter(applier__in=users)
return render_to_response('user_routes.html', {'routes': group_routes},
return render_to_response('user_routes.html', {'routes': group_routes},
context_instance=RequestContext(request))
......@@ -207,8 +211,11 @@ def delete_route(request, route_slug):
@never_cache
def user_profile(request):
user = request.user
peer = request.user.get_profile().peer
try:
peer = request.user.get_profile().peer
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username
return render_to_response('error.html', {'error': error})
return render_to_response('profile.html', {'user': user, 'peer':peer},
context_instance=RequestContext(request))
......@@ -250,10 +257,14 @@ def user_login(request):
context_instance=RequestContext(request))
try:
user = User.objects.get(username__exact=username)
user.email = mail
user.first_name = firstname
user.last_name = lastname
user.save()
user_exists = True
except:
user_exists = False
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail)
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth')
if user is not None:
try:
peer = Peer.objects.get(domain_name=organization)
......
......@@ -73,7 +73,7 @@ $(document).ready(function(){
</div>
<div id="content">
{% block brcrmb_container %}
<div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My routes" %}</a>{% endif %}
<div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My rules" %}</a>{% endif %}
{% block breadcrumbs %}{% endblock %}
</div>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment