Skip to content

Commit

Permalink
Merge pull request haiwen#1462 from haiwen/shib
Browse files Browse the repository at this point in the history 
[shib] Add affiliation role map
  • Loading branch information
@xiez
xiez authored Jan 17, 2017
2 parents 19beb9a + 1832b2b commit e906778
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 1 deletion.
44 changes: 43 additions & 1 deletion tests/seahub/thirdpart/shibboleth/test_middleware.py
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import os
import pytest

from mock import patch
from django.conf import settings
from django.test import RequestFactory
from django.test import RequestFactory, override_settings

from seahub.base.accounts import User
from seahub.profile.models import Profile
from seahub.test_utils import BaseTestCase
from shibboleth import backends
Expand Down Expand Up @@ -39,16 +41,56 @@ def setUp(self):
self.request.META['REMOTE_USER'] = 'sampledeveloper@school.edu'
self.request.META['givenname'] = 'test_gname'
self.request.META['surname'] = 'test_sname'
self.request.META['Shibboleth-displayName'] = 'Sample Developer'
self.request.META['Shibboleth-affiliation'] = 'employee@school.edu;member@school.edu;faculty@school.edu;staff@school.edu'

# default settings
assert getattr(settings, 'SHIB_ACTIVATE_AFTER_CREATION', True) is True

@patch('shibboleth.middleware.SHIB_ATTRIBUTE_MAP', {
"Shibboleth-eppn": (True, "username"),
"givenname": (False, "givenname"),
"surname": (False, "surname"),
"emailaddress": (False, "contact_email"),
"organization": (False, "institution"),
"Shibboleth-displayName": (False, "display_name"),
})
def test_can_process(self):
assert len(Profile.objects.all()) == 0

self.middleware.process_request(self.request)
assert self.request.user.username == 'sampledeveloper@school.edu'

assert len(Profile.objects.all()) == 1
assert self.request.shib_login is True
assert Profile.objects.all()[0].user == 'sampledeveloper@school.edu'
assert Profile.objects.all()[0].nickname == 'Sample Developer'

@override_settings(SHIBBOLETH_AFFILIATION_ROLE_MAP={
'employee@school.edu': 'staff',
'member@school.edu': 'staff',
'student@school.edu': 'student',
})
@patch('shibboleth.middleware.SHIB_ATTRIBUTE_MAP', {
"Shibboleth-eppn": (True, "username"),
"givenname": (False, "givenname"),
"surname": (False, "surname"),
"emailaddress": (False, "contact_email"),
"organization": (False, "institution"),
"Shibboleth-affiliation": (False, "affiliation"),
"Shibboleth-displayName": (False, "display_name"),
})
def test_can_process_user_role(self):
assert len(Profile.objects.all()) == 0

self.middleware.process_request(self.request)
assert self.request.user.username == 'sampledeveloper@school.edu'

assert len(Profile.objects.all()) == 1
assert self.request.shib_login is True
assert Profile.objects.all()[0].user == 'sampledeveloper@school.edu'
assert Profile.objects.all()[0].nickname == 'Sample Developer'
assert User.objects.get(self.request.user.username).role == 'staff'

@pytest.mark.skipif(TRAVIS, reason="TODO: this test can only be run seperately due to the url module init in django, we may need to reload url conf: https://gist.github.com/anentropic/9ac47f6518c88fa8d2b0")
def test_process_inactive_user(self):
Expand Down
19 changes: 19 additions & 0 deletions thirdpart/shibboleth/middleware.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
from django.conf import settings
from django.contrib.auth.middleware import RemoteUserMiddleware
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
Expand All @@ -6,6 +7,7 @@
from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, LOGOUT_SESSION_KEY, SHIB_USER_HEADER

from seahub import auth
from seahub.base.accounts import User
from seahub.base.sudo_mode import update_sudo_mode_ts
from seahub.profile.models import Profile

Expand Down Expand Up @@ -77,6 +79,7 @@ def process_request(self, request):
user.save()
# call make profile.
self.make_profile(user, shib_meta)
self.update_user_role(user, shib_meta)
#setup session.
self.setup_session(request)
request.shib_login = True
Expand Down Expand Up @@ -142,6 +145,22 @@ def make_profile(self, user, shib_meta):

p.save()

def update_user_role(self, user, shib_meta):
affiliation = shib_meta.get('affiliation', '')
if not affiliation:
return

try:
role_map = settings.SHIBBOLETH_AFFILIATION_ROLE_MAP
except AttributeError:
return

for e in affiliation.split(';'):
role = role_map.get(e)
if role:
User.objects.update_role(user.email, role)
return

def setup_session(self, request):
"""
If you want to add custom code to setup user sessions, you
Expand Down

0 comments on commit e906778

Please sign in to comment.