diff --git a/ChangeLog b/ChangeLog index 66eebda6836be51dd0e6a8a4168ec9d0e25a57d9..0d0c05d9deca26515e7a673d37f82bc9876cc7e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +=========== +0.8.4 RELEASE +Vulnerability prevention/bug fixes release +Fixes: + - Fixed a bug where the shib auth backend erased non-shibboleth users info + - Added an authsource variable to prevent authentication backend overlapping + - Added exception handling for non-Shibboleth users that do not belong to a peer + =========== 0.8.3 RELEASE Feature enhancement release diff --git a/djangobackends/shibauthBackend.py b/djangobackends/shibauthBackend.py index 6ed5442ec68434aff5dbcdd4638f08df6e498cfd..c262baeb689e59d604dc06c0dcab532bc0377ca8 100644 --- a/djangobackends/shibauthBackend.py +++ b/djangobackends/shibauthBackend.py @@ -10,6 +10,9 @@ class shibauthBackend: firstname = kwargs.get('firstname') lastname = kwargs.get('lastname') mail = kwargs.get('mail') + authsource = kwargs.get('authsource') + if authsource != 'shibboleth': + return None try: user = self._auth_user(username, firstname, lastname, mail) except: @@ -22,10 +25,6 @@ class shibauthBackend: try: user = User.objects.get(username__exact=username) - user.email = mail - user.first_name = firstname - user.last_name = lastname - user.save() # The user did not exist. Create one with no privileges except: user = User.objects.create_user(username, mail, None) diff --git a/flowspec/views.py b/flowspec/views.py index 1502e6123df5510f163140541cfeb27838a43ad1..f579ed456cfd0525bb102ddc74a8370785a7dbfb 100644 --- a/flowspec/views.py +++ b/flowspec/views.py @@ -63,12 +63,16 @@ def welcome(request): @never_cache def group_routes(request): group_routes = [] - peer = request.user.get_profile().peer + try: + peer = request.user.get_profile().peer + except UserProfile.DoesNotExist: + error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username + return render_to_response('error.html', {'error': error}) if peer: peer_members = UserProfile.objects.filter(peer=peer) users = [prof.user for prof in peer_members] group_routes = Route.objects.filter(applier__in=users) - return render_to_response('user_routes.html', {'routes': group_routes}, + return render_to_response('user_routes.html', {'routes': group_routes}, context_instance=RequestContext(request)) @@ -207,8 +211,11 @@ def delete_route(request, route_slug): @never_cache def user_profile(request): user = request.user - peer = request.user.get_profile().peer - + try: + peer = request.user.get_profile().peer + except UserProfile.DoesNotExist: + error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username + return render_to_response('error.html', {'error': error}) return render_to_response('profile.html', {'user': user, 'peer':peer}, context_instance=RequestContext(request)) @@ -250,10 +257,14 @@ def user_login(request): context_instance=RequestContext(request)) try: user = User.objects.get(username__exact=username) + user.email = mail + user.first_name = firstname + user.last_name = lastname + user.save() user_exists = True except: user_exists = False - user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail) + user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth') if user is not None: try: peer = Peer.objects.get(domain_name=organization) diff --git a/templates/error.html b/templates/error.html index a6a79e2e3acace201188f105fe29a8455fb60fcc..e9bc4e8189595b45f44a74fbd004ff6f2e8e0be1 100644 --- a/templates/error.html +++ b/templates/error.html @@ -73,7 +73,7 @@ $(document).ready(function(){ </div> <div id="content"> {% block brcrmb_container %} - <div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My routes" %}</a>{% endif %} + <div class="info_content_title">{% if user.is_authenticated %}<a href="{% url group-routes %}">{% trans "My rules" %}</a>{% endif %} {% block breadcrumbs %}{% endblock %} </div>