openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File devel.patch of Package ipsilon

ssh://git@pagure.io/forks/bmwiedemann/ipsilon.git devel branch
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 203eaf6..29c62b9 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -114,6 +114,24 @@ Info plugin that uses LDAP to retrieve user data. """
 
         return conn
 
+    @classmethod
+    def _try_decode_value(cls, value):
+        """Decode values to unicode if possible
+
+        python-ldap doesn't know the LDAP schema, so all attribute
+        values are returned in binary since the value could be anything.
+        However, ipsilon expects that all info data is in string format.
+        Try to convert the value to unicode, maintaining the original
+        binary value if the decoding fails.
+        """
+        if isinstance(value, list):
+            return [cls._try_decode_value(v) for v in value]
+        else:
+            try:
+                return value.decode('utf-8')
+            except UnicodeDecodeError:
+                return value
+
     def _get_user_data(self, conn, dn):
         result = conn.search_s(dn, ldap.SCOPE_BASE)
         if result is None or result == []:
@@ -124,7 +142,7 @@ Info plugin that uses LDAP to retrieve user data. """
         for name, value in six.iteritems(result[0][1]):
             if isinstance(value, list) and len(value) == 1:
                 value = value[0]
-            data[name] = value
+            data[name] = self._try_decode_value(value)
         return data
 
     def _get_user_groups(self, conn, base, username):
@@ -137,7 +155,7 @@ Info plugin that uses LDAP to retrieve user data. """
         groups = []
         for r in results:
             if 'cn' in r[1]:
-                groups.append(r[1]['cn'][0])
+                groups.append(self._try_decode_value(r[1]['cn'][0]))
         return groups
 
     def get_user_data_from_conn(self, conn, dn, base, username):
diff --git a/ipsilon/providers/openid/extensions/ax.py b/ipsilon/providers/openid/extensions/ax.py
index a4fdb5e..b94f8bf 100644
--- a/ipsilon/providers/openid/extensions/ax.py
+++ b/ipsilon/providers/openid/extensions/ax.py
@@ -47,6 +47,8 @@ class OpenidExtension(OpenidExtensionBase):
                     value = userdata[AP_MAP[name]]
                 else:
                     value = userdata[name]
+                if isinstance(value, bytes):
+                    value = value.decode('utf-8')
 
                 if '\n' in value:
                     raise AuthenticationError('Newline in attribute %s' % name)
diff --git a/ipsilon/providers/openidc/api.py b/ipsilon/providers/openidc/api.py
index 0410027..62541ec 100644
--- a/ipsilon/providers/openidc/api.py
+++ b/ipsilon/providers/openidc/api.py
@@ -154,6 +154,8 @@ class APIRequest(ProviderPageBase):
                 try:
                     client_id, client_secret = \
                         base64.b64decode(hdr).split(b':', 1)
+                    client_id = client_id.decode()
+                    client_secret = client_secret.decode()
                 except Exception as e:  # pylint: disable=broad-except
                     self.error('Invalid request received: %s' % repr(e))
                     return self._respond_error('invalid_request',
diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py
index ada49ec..ca5a553 100644
--- a/ipsilon/providers/openidc/auth.py
+++ b/ipsilon/providers/openidc/auth.py
@@ -455,6 +455,8 @@ class Continue(AuthenticateRequest):
         for requested_claim in request['claims']['userinfo']:
             if requested_claim in userinfo:
                 claims_userinfo[requested_claim] = userinfo[requested_claim]
+                if isinstance(claims_userinfo[requested_claim], bytes):
+                    claims_userinfo[requested_claim] = claims_userinfo[requested_claim].decode('utf-8')
         claims_userinfo['sub'] = userinfo['sub']
 
         userinfocode = None
diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py
index 9f2b0e9..fdbcfe3 100644
--- a/ipsilon/providers/openidp.py
+++ b/ipsilon/providers/openidp.py
@@ -59,7 +59,7 @@ Provides OpenID 2.0 authentication infrastructure. """
             pconfig.MappingList(
                 'default attribute mapping',
                 'Defines how to map attributes before calling extensions',
-                [['*', '*']]),
+                [['*', '*'], ['_username', 'nickname']]),
             pconfig.ComplexList(
                 'default allowed attributes',
                 'Defines a list of allowed attributes, applied after mapping',
@@ -80,11 +80,7 @@ Provides OpenID 2.0 authentication infrastructure. """
 
     @property
     def identity_url_template(self):
-        url = self.get_config_value('identity url template')
-        if url.endswith('/'):
-            return url
-        else:
-            return url+'/'
+        return self.get_config_value('identity url template')
 
     @property
     def trusted_roots(self):
@@ -166,7 +162,7 @@ class Installer(ProviderInstaller):
 
         proto = 'https'
         if opts['secure'].lower() == 'no':
-            proto = 'http'
+            proto = 'https'
         url = '%s://%s%s/openid/' % (
             proto, opts['hostname'], opts['instanceurl'])
 
diff --git a/ipsilon/util/cookies.py b/ipsilon/util/cookies.py
index f9b0889..c30b3ec 100644
--- a/ipsilon/util/cookies.py
+++ b/ipsilon/util/cookies.py
@@ -53,6 +53,7 @@ class SecureCookie(Log):
         self._set_cookie_attr('httponly', self.httponly)
         self._set_cookie_attr('max-age', self.maxage)
         self._set_cookie_attr('expires', self.expires)
+        self._set_cookie_attr('domain', '.opensuse.org')
         self.debug('Cookie op: %s' % cherrypy.response.cookie[self.name])
 
     def delete(self):
diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index 9ee2813..3ac6ce7 100644
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -88,7 +88,7 @@ class Page(Endpoint):
 
     def _template_model(self):
         model = dict()
-        model['basepath'] = self.basepath
+        model['basepath'] = 'https://id.opensuse.org' + self.basepath
         model['title'] = 'IPSILON'
         model['user'] = self.user
         return model

Places

File devel.patch of Package ipsilon

Places