possibility to limit PT delivery by service

This commit is contained in:
Valentin Samir 2015-05-28 15:26:46 +02:00
parent 5ebc5169c3
commit 4fd4afd9c0
6 changed files with 121 additions and 68 deletions

View file

@ -7,7 +7,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: cas_server\n" "Project-Id-Version: cas_server\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-05-28 02:10+0200\n" "POT-Creation-Date: 2015-05-28 15:24+0200\n"
"PO-Revision-Date: 2015-05-23 19:03+0100\n" "PO-Revision-Date: 2015-05-23 19:03+0100\n"
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n" "Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
"Language-Team: django <LL@li.org>\n" "Language-Team: django <LL@li.org>\n"
@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites."
msgid "Bad user" msgid "Bad user"
msgstr "The credentials you provided cannot be determined to be authentic." msgstr "The credentials you provided cannot be determined to be authentic."
#: models.py:89 #: models.py:58
#, fuzzy, python-format #, fuzzy, python-format
#| msgid "Error during service logout %s" #| msgid "Error during service logout %s"
msgid "Error during service logout %r" msgid "Error during service logout %s"
msgstr "Error during service logout %s" msgstr "Error during service logout %s"
#: models.py:147 #: models.py:117
msgid "position" msgid "position"
msgstr "" msgstr ""
#: models.py:154 models.py:239 #: models.py:124 models.py:213
msgid "name" msgid "name"
msgstr "" msgstr ""
#: models.py:155 #: models.py:125
#, fuzzy #, fuzzy
#| msgid "Connect to the service" #| msgid "Connect to the service"
msgid "A name for the service" msgid "A name for the service"
msgstr "Connect to the service" msgstr "Connect to the service"
#: models.py:160 models.py:266 models.py:283 #: models.py:130 models.py:240 models.py:257
msgid "pattern" msgid "pattern"
msgstr "" msgstr ""
#: models.py:166 #: models.py:136
msgid "user field" msgid "user field"
msgstr "" msgstr ""
#: models.py:167 #: models.py:137
msgid "Name of the attribut to transmit as username, empty = login" msgid "Name of the attribut to transmit as username, empty = login"
msgstr "" msgstr ""
#: models.py:171 #: models.py:141
msgid "restrict username" msgid "restrict username"
msgstr "" msgstr ""
#: models.py:172 #: models.py:142
msgid "Limit username allowed to connect to the list provided bellow" msgid "Limit username allowed to connect to the list provided bellow"
msgstr "" msgstr ""
#: models.py:176 #: models.py:146
msgid "proxy" msgid "proxy"
msgstr "" msgstr ""
#: models.py:177 #: models.py:147
msgid "" msgid "Proxy tickets can be delivered to the service"
"A ProxyGrantingTicket can be delivered to the service in order to "
"authenticate for the user on a backend service"
msgstr "" msgstr ""
#: models.py:182 #: models.py:151
msgid "proxy callback"
msgstr ""
#: models.py:152
msgid "can be used as a proxy callback to deliver PGT"
msgstr ""
#: models.py:156
msgid "single log out" msgid "single log out"
msgstr "" msgstr ""
#: models.py:183 #: models.py:157
#, fuzzy #, fuzzy
#| msgid "Connect to the service" #| msgid "Connect to the service"
msgid "Enable SLO for the service" msgid "Enable SLO for the service"
msgstr "Connect to the service" msgstr "Connect to the service"
#: models.py:225 #: models.py:199
msgid "username" msgid "username"
msgstr "" msgstr ""
#: models.py:226 #: models.py:200
#, fuzzy #, fuzzy
#| msgid "Connect to the service" #| msgid "Connect to the service"
msgid "username allowed to connect to the service" msgid "username allowed to connect to the service"
msgstr "Connect to the service" msgstr "Connect to the service"
#: models.py:240 #: models.py:214
#, fuzzy #, fuzzy
#| msgid "The attribut %(field)s is needed to use that service" #| msgid "The attribut %(field)s is needed to use that service"
msgid "name of an attribut to send to the service" msgid "name of an attribut to send to the service"
msgstr "The attribut %(field)s is needed to use that service" msgstr "The attribut %(field)s is needed to use that service"
#: models.py:245 models.py:289 #: models.py:219 models.py:263
msgid "replace" msgid "replace"
msgstr "" msgstr ""
#: models.py:246 #: models.py:220
msgid "" msgid ""
"name under which the attribut will be showto the service. empty = default " "name under which the attribut will be showto the service. empty = default "
"name of the attribut" "name of the attribut"
msgstr "" msgstr ""
#: models.py:261 models.py:278 #: models.py:235 models.py:252
msgid "attribut" msgid "attribut"
msgstr "" msgstr ""
#: models.py:262 #: models.py:236
msgid "Name of the attribut which must verify pattern" msgid "Name of the attribut which must verify pattern"
msgstr "" msgstr ""
#: models.py:267 #: models.py:241
msgid "a regular expression" msgid "a regular expression"
msgstr "" msgstr ""
#: models.py:279 #: models.py:253
msgid "Name of the attribut for which the value must be replace" msgid "Name of the attribut for which the value must be replace"
msgstr "" msgstr ""
#: models.py:284 #: models.py:258
msgid "An regular expression maching whats need to be replaced" msgid "An regular expression maching whats need to be replaced"
msgstr "" msgstr ""
#: models.py:290 #: models.py:264
msgid "replace expression, groups are capture by \\1, \\2 …" msgid "replace expression, groups are capture by \\1, \\2 …"
msgstr "" msgstr ""
#: models.py:337 #: models.py:313
#, python-format #, python-format
msgid "" msgid ""
"Error during service logout %(service)s:\n" "Error during service logout %(service)s:\n"

View file

@ -7,8 +7,8 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: cas_server\n" "Project-Id-Version: cas_server\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-05-28 02:10+0200\n" "POT-Creation-Date: 2015-05-28 15:24+0200\n"
"PO-Revision-Date: 2015-05-28 02:15+0100\n" "PO-Revision-Date: 2015-05-28 15:25+0100\n"
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n" "Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
"Language-Team: django <LL@li.org>\n" "Language-Team: django <LL@li.org>\n"
"Language: fr\n" "Language: fr\n"
@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services."
msgid "Bad user" msgid "Bad user"
msgstr "Les informations transmises n'ont pas permis de vous authentifier." msgstr "Les informations transmises n'ont pas permis de vous authentifier."
#: models.py:89 #: models.py:58
#, python-format #, python-format
msgid "Error during service logout %r" msgid "Error during service logout %s"
msgstr "Une erreur est survenue durant la déconnexion du service %r" msgstr "Une erreur est survenue durant la déconnexion du service %s"
#: models.py:147 #: models.py:117
msgid "position" msgid "position"
msgstr "position" msgstr "position"
#: models.py:154 models.py:239 #: models.py:124 models.py:213
msgid "name" msgid "name"
msgstr "nom" msgstr "nom"
#: models.py:155 #: models.py:125
msgid "A name for the service" msgid "A name for the service"
msgstr "Un nom pour le service" msgstr "Un nom pour le service"
#: models.py:160 models.py:266 models.py:283 #: models.py:130 models.py:240 models.py:257
msgid "pattern" msgid "pattern"
msgstr "motif" msgstr "motif"
#: models.py:166 #: models.py:136
msgid "user field" msgid "user field"
msgstr "champ utilisateur" msgstr "champ utilisateur"
#: models.py:167 #: models.py:137
msgid "Name of the attribut to transmit as username, empty = login" msgid "Name of the attribut to transmit as username, empty = login"
msgstr "" msgstr ""
"Nom de l'attribut devant être transmis comme nom d'utilisateur au service. " "Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
"vide = nom de connection" "vide = nom de connection"
#: models.py:171 #: models.py:141
msgid "restrict username" msgid "restrict username"
msgstr "limiter les noms d'utilisateurs" msgstr "limiter les noms d'utilisateurs"
#: models.py:172 #: models.py:142
msgid "Limit username allowed to connect to the list provided bellow" msgid "Limit username allowed to connect to the list provided bellow"
msgstr "" msgstr ""
"Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie " "Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
"ci-dessous" "ci-dessous"
#: models.py:176 #: models.py:146
msgid "proxy" msgid "proxy"
msgstr "proxy" msgstr "proxy"
#: models.py:177 #: models.py:147
msgid "" msgid "Proxy tickets can be delivered to the service"
"A ProxyGrantingTicket can be delivered to the service in order to " msgstr "des proxy tickets peuvent être délivrés au service"
"authenticate for the user on a backend service"
msgstr ""
"Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
"s'authentifier en temps l'utilisateur à un autre service"
#: models.py:182 #: models.py:151
msgid "proxy callback"
msgstr ""
#: models.py:152
msgid "can be used as a proxy callback to deliver PGT"
msgstr "peut être utilisé comme un callback pour recevoir un PGT"
#: models.py:156
msgid "single log out" msgid "single log out"
msgstr "" msgstr ""
#: models.py:183 #: models.py:157
msgid "Enable SLO for the service" msgid "Enable SLO for the service"
msgstr "Active le SLO pour le service" msgstr "Active le SLO pour le service"
#: models.py:225 #: models.py:199
msgid "username" msgid "username"
msgstr "nom d'utilisateur" msgstr "nom d'utilisateur"
#: models.py:226 #: models.py:200
msgid "username allowed to connect to the service" msgid "username allowed to connect to the service"
msgstr "noms d'utilisateurs autorisé à se connecter au service" msgstr "noms d'utilisateurs autorisé à se connecter au service"
#: models.py:240 #: models.py:214
msgid "name of an attribut to send to the service" msgid "name of an attribut to send to the service"
msgstr "nom d'un attribut a envoyer au service" msgstr "nom d'un attribut a envoyer au service"
#: models.py:245 models.py:289 #: models.py:219 models.py:263
msgid "replace" msgid "replace"
msgstr "remplacement" msgstr "remplacement"
#: models.py:246 #: models.py:220
msgid "" msgid ""
"name under which the attribut will be showto the service. empty = default " "name under which the attribut will be showto the service. empty = default "
"name of the attribut" "name of the attribut"
msgstr "" msgstr ""
"nom sous lequel l'attribut sera rendu visible au service. vide = inchangé" "nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
#: models.py:261 models.py:278 #: models.py:235 models.py:252
msgid "attribut" msgid "attribut"
msgstr "attribut" msgstr "attribut"
#: models.py:262 #: models.py:236
msgid "Name of the attribut which must verify pattern" msgid "Name of the attribut which must verify pattern"
msgstr "Nom de l'attribut devant vérifier un motif" msgstr "Nom de l'attribut devant vérifier un motif"
#: models.py:267 #: models.py:241
msgid "a regular expression" msgid "a regular expression"
msgstr "une expression régulière" msgstr "une expression régulière"
#: models.py:279 #: models.py:253
msgid "Name of the attribut for which the value must be replace" msgid "Name of the attribut for which the value must be replace"
msgstr "nom de l'attribue pour lequel la valeur doit être remplacé" msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
#: models.py:284 #: models.py:258
msgid "An regular expression maching whats need to be replaced" msgid "An regular expression maching whats need to be replaced"
msgstr "une expression régulière reconnaissant ce qui doit être remplacé" msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
#: models.py:290 #: models.py:264
msgid "replace expression, groups are capture by \\1, \\2 …" msgid "replace expression, groups are capture by \\1, \\2 …"
msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2" msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
#: models.py:337 #: models.py:313
#, python-format #, python-format
msgid "" msgid ""
"Error during service logout %(service)s:\n" "Error during service logout %(service)s:\n"
@ -222,6 +226,13 @@ msgstr ""
"Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour " "Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
"des raisons de sécurité, veuillez fermer votre navigateur." "des raisons de sécurité, veuillez fermer votre navigateur."
#~ msgid ""
#~ "A ProxyGrantingTicket can be delivered to the service in order to "
#~ "authenticate for the user on a backend service"
#~ msgstr ""
#~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
#~ "s'authentifier en temps l'utilisateur à un autre service"
#~ msgid "" #~ msgid ""
#~ "Une demande d'authentification a été émise pour le service %(name)s " #~ "Une demande d'authentification a été émise pour le service %(name)s "
#~ "(%(url)s)" #~ "(%(url)s)"

View file

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('cas_server', '0015_auto_20150528_1202'),
]
operations = [
migrations.AddField(
model_name='servicepattern',
name='proxy_callback',
field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'),
preserve_default=True,
),
migrations.AlterField(
model_name='servicepattern',
name='proxy',
field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'),
preserve_default=True,
),
]

View file

@ -144,8 +144,12 @@ class ServicePattern(models.Model):
proxy = models.BooleanField( proxy = models.BooleanField(
default=False, default=False,
verbose_name=_(u"proxy"), verbose_name=_(u"proxy"),
help_text=_("A ProxyGrantingTicket can be delivered to the service " \ help_text=_("Proxy tickets can be delivered to the service")
"in order to authenticate for the user on a backend service") )
proxy_callback = models.BooleanField(
default=False,
verbose_name=_(u"proxy callback"),
help_text=_("can be used as a proxy callback to deliver PGT")
) )
single_log_out = models.BooleanField( single_log_out = models.BooleanField(
default=False, default=False,

View file

@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None):
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field) params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
if pgt_url and pgt_url.startswith("https://"): if pgt_url and pgt_url.startswith("https://"):
pattern = models.ServicePattern.validate(pgt_url) pattern = models.ServicePattern.validate(pgt_url)
if pattern.proxy: if pattern.proxy_callback:
proxyid = utils.gen_pgtiou() proxyid = utils.gen_pgtiou()
pticket = models.ProxyGrantingTicket.objects.create( pticket = models.ProxyGrantingTicket.objects.create(
user=ticket.user, user=ticket.user,
@ -358,6 +358,12 @@ def proxy(request):
try: try:
# is the target service allowed # is the target service allowed
pattern = models.ServicePattern.validate(target_service) pattern = models.ServicePattern.validate(target_service)
if not pattern.proxy:
return _validate_error(
request,
'UNAUTHORIZED_SERVICE',
'the service do not allow proxy ticket'
)
# is the proxy granting ticket valid # is the proxy granting ticket valid
ticket = models.ProxyGrantingTicket.objects.get( ticket = models.ProxyGrantingTicket.objects.get(
value=pgt, value=pgt,