]>
git.proxmox.com Git - ceph.git/blob - ceph/src/pybind/mgr/dashboard/controllers/saml2.py
1 # -*- coding: utf-8 -*-
2 from __future__
import absolute_import
7 from onelogin
.saml2
.auth
import OneLogin_Saml2_Auth
8 from onelogin
.saml2
.errors
import OneLogin_Saml2_Error
9 from onelogin
.saml2
.settings
import OneLogin_Saml2_Settings
11 python_saml_imported
= True
13 python_saml_imported
= False
16 from ..exceptions
import UserDoesNotExist
17 from ..services
.auth
import JwtManager
18 from ..tools
import prepare_url_prefix
19 from . import Controller
, Endpoint
, BaseController
22 @Controller('/auth/saml2', secure
=False)
23 class Saml2(BaseController
):
26 def _build_req(request
, post_data
):
28 'https': 'on' if request
.scheme
== 'https' else 'off',
29 'http_host': request
.host
,
30 'script_name': request
.path_info
,
31 'server_port': str(request
.port
),
33 'post_data': post_data
37 def _check_python_saml():
38 if not python_saml_imported
:
39 raise cherrypy
.HTTPError(400, 'Required library not found: `python3-saml`')
41 OneLogin_Saml2_Settings(mgr
.SSO_DB
.saml2
.onelogin_settings
)
42 except OneLogin_Saml2_Error
:
43 raise cherrypy
.HTTPError(400, 'Single Sign-On is not configured.')
45 @Endpoint('POST', path
="")
46 def auth_response(self
, **kwargs
):
47 Saml2
._check_python_saml()
48 req
= Saml2
._build_req(self
._request
, kwargs
)
49 auth
= OneLogin_Saml2_Auth(req
, mgr
.SSO_DB
.saml2
.onelogin_settings
)
50 auth
.process_response()
51 errors
= auth
.get_errors()
53 if auth
.is_authenticated():
54 JwtManager
.reset_user()
55 username_attribute
= auth
.get_attribute(mgr
.SSO_DB
.saml2
.get_username_attribute())
56 if username_attribute
is None:
57 raise cherrypy
.HTTPError(400,
58 'SSO error - `{}` not found in auth attributes. '
59 'Received attributes: {}'
61 mgr
.SSO_DB
.saml2
.get_username_attribute(),
62 auth
.get_attributes()))
63 username
= username_attribute
[0]
64 url_prefix
= prepare_url_prefix(mgr
.get_module_option('url_prefix', default
=''))
66 mgr
.ACCESS_CTRL_DB
.get_user(username
)
67 except UserDoesNotExist
:
68 raise cherrypy
.HTTPRedirect("{}/#/sso/404".format(url_prefix
))
70 token
= JwtManager
.gen_token(username
)
71 JwtManager
.set_user(JwtManager
.decode_token(token
))
72 token
= token
.decode('utf-8')
73 raise cherrypy
.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix
, token
))
76 'is_authenticated': auth
.is_authenticated(),
78 'reason': auth
.get_last_error_reason()
83 Saml2
._check_python_saml()
84 saml_settings
= OneLogin_Saml2_Settings(mgr
.SSO_DB
.saml2
.onelogin_settings
)
85 return saml_settings
.get_sp_metadata()
87 @Endpoint(json_response
=False)
89 Saml2
._check_python_saml()
90 req
= Saml2
._build_req(self
._request
, {})
91 auth
= OneLogin_Saml2_Auth(req
, mgr
.SSO_DB
.saml2
.onelogin_settings
)
92 raise cherrypy
.HTTPRedirect(auth
.login())
94 @Endpoint(json_response
=False)
96 Saml2
._check_python_saml()
97 req
= Saml2
._build_req(self
._request
, {})
98 auth
= OneLogin_Saml2_Auth(req
, mgr
.SSO_DB
.saml2
.onelogin_settings
)
99 raise cherrypy
.HTTPRedirect(auth
.logout())
101 @Endpoint(json_response
=False)
102 def logout(self
, **kwargs
):
103 # pylint: disable=unused-argument
104 Saml2
._check_python_saml()
105 JwtManager
.reset_user()
106 url_prefix
= prepare_url_prefix(mgr
.get_module_option('url_prefix', default
=''))
107 raise cherrypy
.HTTPRedirect("{}/#/login".format(url_prefix
))