Django 4 compatibility

2022-11-27 16:45:02 +00:00 · 2022-11-27 16:45:02 +00:00 · 02400d5ce0
parent 860c497c86
commit 02400d5ce0
4 changed files with 44 additions and 13 deletions
--- a/authentication/mixins/session.py
+++ b/authentication/mixins/session.py
@ -1,5 +1,5 @@
 from django.contrib.auth import REDIRECT_FIELD_NAME, logout
-from django.contrib.auth.views import SuccessURLAllowedHostsMixin
+from django.contrib.auth.views import RedirectURLMixin
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib import messages
 from django.conf import settings
@ -11,7 +11,7 @@ from django.shortcuts import resolve_url
 from ..models.session import AuthSession


-class AuthSessionRequiredMixin(SuccessURLAllowedHostsMixin):
+class AuthSessionRequiredMixin(RedirectURLMixin):
    redirect_field_name = REDIRECT_FIELD_NAME
    redirect_authenticated_user = True

--- a/kumidc/settings.py
+++ b/kumidc/settings.py
@ -22,6 +22,7 @@ SECRET_KEY = CONFIG_FILE.secret_key
 DEBUG = CONFIG_FILE.config.getboolean("App", "Debug", fallback=False)

 ALLOWED_HOSTS = json.loads(CONFIG_FILE.config["App"]["Hosts"])
+CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
 BASE_URL = CONFIG_FILE.config["App"]["BaseURL"]

 CERTIFICATE_DIR = Path(CONFIG_FILE.config.get("App", "CertificateDir", fallback=BASE_DIR / "certificates"))
@ -171,18 +172,18 @@ SAML_IDP_CONFIG = {
            'name': 'KumiDC',
            'endpoints': {
                'single_sign_on_service': [
-                    #(urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST),
+                    (urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST),
                    (urljoin(BASE_URL, '/saml/sso/redirect/'), saml2.BINDING_HTTP_REDIRECT),
                ],
                "single_logout_service": [
-                    #(urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST),
+                    (urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST),
                    (urljoin(BASE_URL, "/saml/slo/redirect/"), saml2.BINDING_HTTP_REDIRECT)
                ],
            },
            'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
-            'sign_response': True,
-            'sign_assertion': True,
-            'want_authn_requests_signed': True,
+            'sign_response': False,
+            'sign_assertion': False,
+            'want_authn_requests_signed': False,
        },
    },

@ -205,6 +206,37 @@ SAML_IDP_MULTIFACTOR_VIEW = "frontend.views.saml.SAMLMultiFactorView"
 SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
 SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256

+SAML_IDP_SHOW_CONSENT_FORM = True
+SAML_IDP_SHOW_USER_AGREEMENT_SCREEN = True
+
+DEFAULT_SPCONFIG = {
+    'processor': 'uniauth_saml2_idp.processors.ldap.LdapUnicalMultiAcademiaProcessor',
+    'attribute_mapping': {
+        "cn": "cn",
+        "eduPersonEntitlement": "eduPersonEntitlement",
+        "eduPersonPrincipalName": "eduPersonPrincipalName",
+        "schacHomeOrganization": "schacHomeOrganization",
+        "eduPersonHomeOrganization": "eduPersonHomeOrganization",
+        "eduPersonAffiliation": "eduPersonAffiliation",
+        "eduPersonScopedAffiliation": "eduPersonScopedAffiliation",
+        "eduPersonTargetedID": "eduPersonTargetedID",
+        "mail": ["mail", "email"],
+        "email": ["mail", "email"],
+        "schacPersonalUniqueCode": "schacPersonalUniqueCode",
+        "schacPersonalUniqueID": "schacPersonalUniqueID",
+        "sn": "sn",
+        "givenName": ["givenName", "another_possible_occourrence"],
+        "displayName": "displayName",
+    },
+    'display_name': 'Unical SP',
+    'display_description': 'This is for test purpose',
+    'display_agreement_message': 'Some information about you has been requested',
+    'signing_algorithm': saml2.xmldsig.SIG_RSA_SHA256,
+    'digest_algorithm': saml2.xmldsig.DIGEST_SHA256,
+    'disable_encrypted_assertions': True,
+    'show_user_agreement_screen': SAML_IDP_SHOW_USER_AGREEMENT_SCREEN
+}
+
 # Session Timeouts

 REVERIFY_AFTER_INACTIVITY_MINUTES = 5
--- a/kumidc/urls.py
+++ b/kumidc/urls.py
@ -5,7 +5,8 @@ from django.views.generic import RedirectView

 urlpatterns = [
    re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
-    re_path(r'^saml/', include('djangosaml2idp.urls', namespace="djangosaml2idp")),
+    
+    re_path(r'^saml/', include('djangosaml2idp.urls')),

    path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login"), query_string=True)),
    path('admin/', admin.site.urls),
--- a/requirements.txt
+++ b/requirements.txt
@ -1,13 +1,11 @@
-Django<4
+Django

-django-oidc-provider
-djangosaml2idp
+git+https://kumig.it/kumitterer/django-oidc-provider/
+git+https://github.com/OTA-Insight/djangosaml2idp/

 dbsettings
 django-autosecretkey

-git+https://github.com/IdentityPython/pysaml2
-
 cryptography
 pyotp
 django-timezone-field