1
0
mirror of https://github.com/haiwen/seahub.git synced 2025-10-20 18:32:41 +00:00

Merge pull request #1739 from haiwen/shib_role_map

[shibboleth] Add joker * in affiliation role map
This commit is contained in:
xiez
2017-08-02 18:32:22 +08:00
committed by GitHub
2 changed files with 59 additions and 6 deletions

View File

@@ -146,3 +146,35 @@ class ShibbolethRemoteUserMiddlewareTest(BaseTestCase):
assert len(Profile.objects.all()) == 1
assert Profile.objects.all()[0].nickname == ''
@override_settings(SHIBBOLETH_AFFILIATION_ROLE_MAP={
'employee@school.edu': 'staff',
'member@school.edu': 'staff',
'student@school.edu': 'student',
'patterns': (
('a@*.edu', 'aaa'),
('*@*.edu', 'student'),
('*', 'guest'),
)
})
@patch('shibboleth.middleware.SHIB_ATTRIBUTE_MAP', {
"Shibboleth-eppn": (True, "username"),
"givenname": (False, "givenname"),
"surname": (False, "surname"),
"emailaddress": (False, "contact_email"),
"organization": (False, "institution"),
"Shibboleth-affiliation": (False, "affiliation"),
"Shibboleth-displayName": (False, "display_name"),
})
def test_get_role_by_affiliation(self):
obj = ShibbolethRemoteUserMiddleware()
assert obj._get_role_by_affiliation('employee@school.edu') == 'staff'
assert obj._get_role_by_affiliation('member@school.edu') == 'staff'
assert obj._get_role_by_affiliation('student@school.edu') == 'student'
# test jokers
assert obj._get_role_by_affiliation('student1@school.edu') == 'student'
assert obj._get_role_by_affiliation('a@x.edu') == 'aaa'
assert obj._get_role_by_affiliation('a@x.com') == 'guest'

View File

@@ -1,3 +1,5 @@
from collections import OrderedDict
from fnmatch import fnmatch
import logging
from django.conf import settings
@@ -156,18 +158,37 @@ class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
p.save()
def update_user_role(self, user, shib_meta):
affiliation = shib_meta.get('affiliation', '')
if not affiliation:
return
def _get_role_by_affiliation(self, affiliation):
try:
role_map = settings.SHIBBOLETH_AFFILIATION_ROLE_MAP
except AttributeError:
return
role = role_map.get(affiliation)
if role:
return role
if role_map.get('patterns') is not None:
joker_map = role_map.get('patterns')
try:
od = OrderedDict(joker_map)
except Exception as e:
logger.error(e)
return
for k in od:
if fnmatch(affiliation, k):
return od[k]
return None
def update_user_role(self, user, shib_meta):
affiliation = shib_meta.get('affiliation', '')
if not affiliation:
return
for e in affiliation.split(';'):
role = role_map.get(e)
role = self._get_role_by_affiliation(e)
if role:
User.objects.update_role(user.email, role)
return role