Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:infrastructure:ipsilon
ipsilon
devel.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File devel.patch of Package ipsilon
ssh://git@pagure.io/forks/bmwiedemann/ipsilon.git devel branch diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py index 203eaf6..29c62b9 100644 --- a/ipsilon/info/infoldap.py +++ b/ipsilon/info/infoldap.py @@ -114,6 +114,24 @@ Info plugin that uses LDAP to retrieve user data. """ return conn + @classmethod + def _try_decode_value(cls, value): + """Decode values to unicode if possible + + python-ldap doesn't know the LDAP schema, so all attribute + values are returned in binary since the value could be anything. + However, ipsilon expects that all info data is in string format. + Try to convert the value to unicode, maintaining the original + binary value if the decoding fails. + """ + if isinstance(value, list): + return [cls._try_decode_value(v) for v in value] + else: + try: + return value.decode('utf-8') + except UnicodeDecodeError: + return value + def _get_user_data(self, conn, dn): result = conn.search_s(dn, ldap.SCOPE_BASE) if result is None or result == []: @@ -124,7 +142,7 @@ Info plugin that uses LDAP to retrieve user data. """ for name, value in six.iteritems(result[0][1]): if isinstance(value, list) and len(value) == 1: value = value[0] - data[name] = value + data[name] = self._try_decode_value(value) return data def _get_user_groups(self, conn, base, username): @@ -137,7 +155,7 @@ Info plugin that uses LDAP to retrieve user data. """ groups = [] for r in results: if 'cn' in r[1]: - groups.append(r[1]['cn'][0]) + groups.append(self._try_decode_value(r[1]['cn'][0])) return groups def get_user_data_from_conn(self, conn, dn, base, username): diff --git a/ipsilon/providers/openid/extensions/ax.py b/ipsilon/providers/openid/extensions/ax.py index a4fdb5e..b94f8bf 100644 --- a/ipsilon/providers/openid/extensions/ax.py +++ b/ipsilon/providers/openid/extensions/ax.py @@ -47,6 +47,8 @@ class OpenidExtension(OpenidExtensionBase): value = userdata[AP_MAP[name]] else: value = userdata[name] + if isinstance(value, bytes): + value = value.decode('utf-8') if '\n' in value: raise AuthenticationError('Newline in attribute %s' % name) diff --git a/ipsilon/providers/openidc/api.py b/ipsilon/providers/openidc/api.py index 0410027..62541ec 100644 --- a/ipsilon/providers/openidc/api.py +++ b/ipsilon/providers/openidc/api.py @@ -154,6 +154,8 @@ class APIRequest(ProviderPageBase): try: client_id, client_secret = \ base64.b64decode(hdr).split(b':', 1) + client_id = client_id.decode() + client_secret = client_secret.decode() except Exception as e: # pylint: disable=broad-except self.error('Invalid request received: %s' % repr(e)) return self._respond_error('invalid_request', diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py index ada49ec..ca5a553 100644 --- a/ipsilon/providers/openidc/auth.py +++ b/ipsilon/providers/openidc/auth.py @@ -455,6 +455,8 @@ class Continue(AuthenticateRequest): for requested_claim in request['claims']['userinfo']: if requested_claim in userinfo: claims_userinfo[requested_claim] = userinfo[requested_claim] + if isinstance(claims_userinfo[requested_claim], bytes): + claims_userinfo[requested_claim] = claims_userinfo[requested_claim].decode('utf-8') claims_userinfo['sub'] = userinfo['sub'] userinfocode = None diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py index 9f2b0e9..fdbcfe3 100644 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -59,7 +59,7 @@ Provides OpenID 2.0 authentication infrastructure. """ pconfig.MappingList( 'default attribute mapping', 'Defines how to map attributes before calling extensions', - [['*', '*']]), + [['*', '*'], ['_username', 'nickname']]), pconfig.ComplexList( 'default allowed attributes', 'Defines a list of allowed attributes, applied after mapping', @@ -80,11 +80,7 @@ Provides OpenID 2.0 authentication infrastructure. """ @property def identity_url_template(self): - url = self.get_config_value('identity url template') - if url.endswith('/'): - return url - else: - return url+'/' + return self.get_config_value('identity url template') @property def trusted_roots(self): @@ -166,7 +162,7 @@ class Installer(ProviderInstaller): proto = 'https' if opts['secure'].lower() == 'no': - proto = 'http' + proto = 'https' url = '%s://%s%s/openid/' % ( proto, opts['hostname'], opts['instanceurl']) diff --git a/ipsilon/util/cookies.py b/ipsilon/util/cookies.py index f9b0889..c30b3ec 100644 --- a/ipsilon/util/cookies.py +++ b/ipsilon/util/cookies.py @@ -53,6 +53,7 @@ class SecureCookie(Log): self._set_cookie_attr('httponly', self.httponly) self._set_cookie_attr('max-age', self.maxage) self._set_cookie_attr('expires', self.expires) + self._set_cookie_attr('domain', '.opensuse.org') self.debug('Cookie op: %s' % cherrypy.response.cookie[self.name]) def delete(self): diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py index 9ee2813..3ac6ce7 100644 --- a/ipsilon/util/page.py +++ b/ipsilon/util/page.py @@ -88,7 +88,7 @@ class Page(Endpoint): def _template_model(self): model = dict() - model['basepath'] = self.basepath + model['basepath'] = 'https://id.opensuse.org' + self.basepath model['title'] = 'IPSILON' model['user'] = self.user return model
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor