projects
/
cascardo
/
ipsilon.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix E256 with stricter pep8 error checker
[cascardo/ipsilon.git]
/
ipsilon
/
providers
/
saml2
/
auth.py
diff --git
a/ipsilon/providers/saml2/auth.py
b/ipsilon/providers/saml2/auth.py
index
ff81af6
..
036ed5e
100755
(executable)
--- a/
ipsilon/providers/saml2/auth.py
+++ b/
ipsilon/providers/saml2/auth.py
@@
-42,6
+42,13
@@
class InvalidRequest(ProviderException):
self._debug(message)
self._debug(message)
+class UnknownProvider(ProviderException):
+
+ def __init__(self, message):
+ super(UnknownProvider, self).__init__(message)
+ self._debug(message)
+
+
class AuthenticateRequest(ProviderPageBase):
def __init__(self, *args, **kwargs):
class AuthenticateRequest(ProviderPageBase):
def __init__(self, *args, **kwargs):
@@
-59,7
+66,7
@@
class AuthenticateRequest(ProviderPageBase):
def _parse_request(self, message):
def _parse_request(self, message):
- login =
lasso.Login(self.cfg.idp
)
+ login =
self.cfg.idp.get_login_handler(
)
try:
login.processAuthnRequestMsg(message)
try:
login.processAuthnRequestMsg(message)
@@
-81,7
+88,7
@@
class AuthenticateRequest(ProviderPageBase):
msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
e, message)
msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
e, message)
- raise
InvalidRequest
(msg)
+ raise
UnknownProvider
(msg)
self._debug('SP %s requested authentication' % login.remoteProviderId)
self._debug('SP %s requested authentication' % login.remoteProviderId)
@@
-98,6
+105,9
@@
class AuthenticateRequest(ProviderPageBase):
except InvalidRequest, e:
self._debug(str(e))
raise cherrypy.HTTPError(400, 'Invalid SAML request token')
except InvalidRequest, e:
self._debug(str(e))
raise cherrypy.HTTPError(400, 'Invalid SAML request token')
+ except UnknownProvider, e:
+ self._debug(str(e))
+ raise cherrypy.HTTPError(400, 'Unknown Service Provider')
except Exception, e: # pylint: disable=broad-except
self._debug(str(e))
raise cherrypy.HTTPError(500)
except Exception, e: # pylint: disable=broad-except
self._debug(str(e))
raise cherrypy.HTTPError(500)
@@
-164,10
+174,10
@@
class AuthenticateRequest(ProviderPageBase):
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
- #
#
TODO map to something else ?
+ # TODO map to something else ?
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
- #
#
TODO map to something else ?
+ # TODO map to something else ?
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')