Skip to content
Snippets Groups Projects
Commit d60db93b authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Bug fixes related to Shib auth

parent 56a15b63
No related branches found
Tags v0.8.4
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ChangeLog
+ 8
0
View file @ d60db93b
===========
0.8.4 RELEASE
Vulnerability prevention/bug fixes release
Fixes:
- Fixed a bug where the shib auth backend erased non-shibboleth users info
- Added an authsource variable to prevent authentication backend overlapping
- Added exception handling for non-Shibboleth users that do not belong to a peer
===========
0.8.3 RELEASE
Feature enhancement release
......
djangobackends/shibauthBackend.py
+ 3
4
View file @ d60db93b
......@@ -10,6 +10,9 @@ class shibauthBackend:
firstname = kwargs.get('firstname')
lastname = kwargs.get('lastname')
mail = kwargs.get('mail')
authsource = kwargs.get('authsource')
if authsource != 'shibboleth':
return None
try:
user = self._auth_user(username, firstname, lastname, mail)
except:
......@@ -22,10 +25,6 @@ class shibauthBackend:
try:
user = User.objects.get(username__exact=username)
user.email = mail
user.first_name = firstname
user.last_name = lastname
user.save()
# The user did not exist. Create one with no privileges
except:
user = User.objects.create_user(username, mail, None)
......
flowspec/views.py
+ 16
5
View file @ d60db93b
......@@ -63,12 +63,16 @@ def welcome(request):
@never_cache
def group_routes(request):
group_routes = []
peer = request.user.get_profile().peer
try:
peer = request.user.get_profile().peer
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username
return render_to_response('error.html', {'error': error})
if peer:
peer_members = UserProfile.objects.filter(peer=peer)
users = [prof.user for prof in peer_members]
group_routes = Route.objects.filter(applier__in=users)
return render_to_response('user_routes.html', {'routes': group_routes},
return render_to_response('user_routes.html', {'routes': group_routes},
context_instance=RequestContext(request))
......@@ -207,8 +211,11 @@ def delete_route(request, route_slug):
@never_cache
def user_profile(request):
user = request.user
peer = request.user.get_profile().peer
try:
peer = request.user.get_profile().peer
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username
return render_to_response('error.html', {'error': error})
return render_to_response('profile.html', {'user': user, 'peer':peer},
context_instance=RequestContext(request))
......@@ -250,10 +257,14 @@ def user_login(request):
context_instance=RequestContext(request))
try:
user = User.objects.get(username__exact=username)
user.email = mail
user.first_name = firstname
user.last_name = lastname
user.save()
user_exists = True
except:
user_exists = False
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail)
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth')
if user is not None:
try:
peer = Peer.objects.get(domain_name=organization)
......
templates/error.html
+ 1
1
View file @ d60db93b
......@@ -73,7 +73,7 @@ $(document).ready(function(){
</div>
<div id="content">
{% block brcrmb_container %}
<div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My routes" %}</a>{% endif %}
<div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My rules" %}</a>{% endif %}
{% block breadcrumbs %}{% endblock %}
</div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment