File devel.patch of Package ipsilon
ssh://git@pagure.io/forks/bmwiedemann/ipsilon.git devel branch
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 203eaf6..29c62b9 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -114,6 +114,24 @@ Info plugin that uses LDAP to retrieve user data. """
return conn
+ @classmethod
+ def _try_decode_value(cls, value):
+ """Decode values to unicode if possible
+
+ python-ldap doesn't know the LDAP schema, so all attribute
+ values are returned in binary since the value could be anything.
+ However, ipsilon expects that all info data is in string format.
+ Try to convert the value to unicode, maintaining the original
+ binary value if the decoding fails.
+ """
+ if isinstance(value, list):
+ return [cls._try_decode_value(v) for v in value]
+ else:
+ try:
+ return value.decode('utf-8')
+ except UnicodeDecodeError:
+ return value
+
def _get_user_data(self, conn, dn):
result = conn.search_s(dn, ldap.SCOPE_BASE)
if result is None or result == []:
@@ -124,7 +142,7 @@ Info plugin that uses LDAP to retrieve user data. """
for name, value in six.iteritems(result[0][1]):
if isinstance(value, list) and len(value) == 1:
value = value[0]
- data[name] = value
+ data[name] = self._try_decode_value(value)
return data
def _get_user_groups(self, conn, base, username):
@@ -137,7 +155,7 @@ Info plugin that uses LDAP to retrieve user data. """
groups = []
for r in results:
if 'cn' in r[1]:
- groups.append(r[1]['cn'][0])
+ groups.append(self._try_decode_value(r[1]['cn'][0]))
return groups
def get_user_data_from_conn(self, conn, dn, base, username):
diff --git a/ipsilon/providers/openid/extensions/ax.py b/ipsilon/providers/openid/extensions/ax.py
index a4fdb5e..b94f8bf 100644
--- a/ipsilon/providers/openid/extensions/ax.py
+++ b/ipsilon/providers/openid/extensions/ax.py
@@ -47,6 +47,8 @@ class OpenidExtension(OpenidExtensionBase):
value = userdata[AP_MAP[name]]
else:
value = userdata[name]
+ if isinstance(value, bytes):
+ value = value.decode('utf-8')
if '\n' in value:
raise AuthenticationError('Newline in attribute %s' % name)
diff --git a/ipsilon/providers/openidc/api.py b/ipsilon/providers/openidc/api.py
index 0410027..62541ec 100644
--- a/ipsilon/providers/openidc/api.py
+++ b/ipsilon/providers/openidc/api.py
@@ -154,6 +154,8 @@ class APIRequest(ProviderPageBase):
try:
client_id, client_secret = \
base64.b64decode(hdr).split(b':', 1)
+ client_id = client_id.decode()
+ client_secret = client_secret.decode()
except Exception as e: # pylint: disable=broad-except
self.error('Invalid request received: %s' % repr(e))
return self._respond_error('invalid_request',
diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py
index ada49ec..ca5a553 100644
--- a/ipsilon/providers/openidc/auth.py
+++ b/ipsilon/providers/openidc/auth.py
@@ -455,6 +455,8 @@ class Continue(AuthenticateRequest):
for requested_claim in request['claims']['userinfo']:
if requested_claim in userinfo:
claims_userinfo[requested_claim] = userinfo[requested_claim]
+ if isinstance(claims_userinfo[requested_claim], bytes):
+ claims_userinfo[requested_claim] = claims_userinfo[requested_claim].decode('utf-8')
claims_userinfo['sub'] = userinfo['sub']
userinfocode = None
diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py
index 9f2b0e9..fdbcfe3 100644
--- a/ipsilon/providers/openidp.py
+++ b/ipsilon/providers/openidp.py
@@ -59,7 +59,7 @@ Provides OpenID 2.0 authentication infrastructure. """
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
- [['*', '*']]),
+ [['*', '*'], ['_username', 'nickname']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
@@ -80,11 +80,7 @@ Provides OpenID 2.0 authentication infrastructure. """
@property
def identity_url_template(self):
- url = self.get_config_value('identity url template')
- if url.endswith('/'):
- return url
- else:
- return url+'/'
+ return self.get_config_value('identity url template')
@property
def trusted_roots(self):
@@ -166,7 +162,7 @@ class Installer(ProviderInstaller):
proto = 'https'
if opts['secure'].lower() == 'no':
- proto = 'http'
+ proto = 'https'
url = '%s://%s%s/openid/' % (
proto, opts['hostname'], opts['instanceurl'])
diff --git a/ipsilon/util/cookies.py b/ipsilon/util/cookies.py
index f9b0889..c30b3ec 100644
--- a/ipsilon/util/cookies.py
+++ b/ipsilon/util/cookies.py
@@ -53,6 +53,7 @@ class SecureCookie(Log):
self._set_cookie_attr('httponly', self.httponly)
self._set_cookie_attr('max-age', self.maxage)
self._set_cookie_attr('expires', self.expires)
+ self._set_cookie_attr('domain', '.opensuse.org')
self.debug('Cookie op: %s' % cherrypy.response.cookie[self.name])
def delete(self):
diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index 9ee2813..3ac6ce7 100644
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -88,7 +88,7 @@ class Page(Endpoint):
def _template_model(self):
model = dict()
- model['basepath'] = self.basepath
+ model['basepath'] = 'https://id.opensuse.org' + self.basepath
model['title'] = 'IPSILON'
model['user'] = self.user
return model
