From: Simo Sorce <simo@redhat.com>
Date: Mon, 16 Jun 2014 23:36:03 +0000 (-0400)
Subject: Add support for returning user attributes
X-Git-Tag: v0.3.0~91
X-Git-Url: http://git.cascardo.eti.br/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=e9e517a0385a321f2f42625f739469b79e33ac16

Add support for returning user attributes

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---

diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 9dbcc0f..7fb1342 100755
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -22,6 +22,7 @@ from ipsilon.util.page import Page
 from ipsilon.util.user import UserSession
 from ipsilon.util.plugin import PluginLoader, PluginObject
 from ipsilon.util.plugin import PluginInstaller
+from ipsilon.info.common import Info
 import cherrypy
 
 
@@ -34,6 +35,7 @@ class LoginManagerBase(PluginObject, Log):
         super(LoginManagerBase, self).__init__()
         self.path = '/'
         self.next_login = None
+        self.info = None
 
     def redirect_to_path(self, path):
         base = cherrypy.config.get('base.mount', "")
@@ -47,6 +49,14 @@ class LoginManagerBase(PluginObject, Log):
         if not ref:
             ref = cherrypy.config.get('base.mount', "") + '/'
 
+        if self.info:
+            userattrs = self.info.get_user_attrs(username)
+            if userdata:
+                userdata.update(userattrs or {})
+            else:
+                userdata = userattrs
+            self.debug("User %s attributes: %s" % (username, repr(userdata)))
+
         if auth_type:
             if userdata:
                 userdata.update({'auth_type': auth_type})
@@ -114,6 +124,9 @@ class LoginManagerBase(PluginObject, Log):
         plugins['enabled'].append(self)
         self._debug('Login plugin enabled: %s' % self.name)
 
+        # Get handle of the info plugin
+        self.info = root.info
+
     def disable(self, site):
         plugins = site[FACILITY]
         if self not in plugins['enabled']:
@@ -193,6 +206,7 @@ class Login(Page):
     def __init__(self, *args, **kwargs):
         super(Login, self).__init__(*args, **kwargs)
         self.first_login = None
+        self.info = Info()
 
         loader = PluginLoader(Login, FACILITY, 'LoginManager')
         self._site[FACILITY] = loader.get_plugin_data()
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 036ed5e..e35ff13 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -193,7 +193,29 @@ class AuthenticateRequest(ProviderPageBase):
             raise AuthenticationError("Unavailable Name ID type",
                                       lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
 
-        # TODO: add user attributes as policy requires from 'usersession'
+        # TODO: filter user attributes as policy requires from 'usersession'
+        if not login.assertion.attributeStatement:
+            attrstat = lasso.Saml2AttributeStatement()
+            login.assertion.attributeStatement = [attrstat]
+        else:
+            attrstat = login.assertion.attributeStatement[0]
+        if not attrstat.attribute:
+            attrstat.attribute = ()
+
+        attributes = us.get_user_attrs()
+        for key in attributes:
+            attr = lasso.Saml2Attribute()
+            attr.name = key
+            attr.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC
+            value = str(attributes[key]).encode('utf-8')
+            node = lasso.MiscTextNode.newWithString(value)
+            node.textChild = True
+            attrvalue = lasso.Saml2AttributeValue()
+            attrvalue.any = [node]
+            attr.attributeValue = [attrvalue]
+            attrstat.attribute = attrstat.attribute + (attr,)
+
+        self.debug('Assertion: %s' % login.assertion.dump())
 
     def saml2error(self, login, code, message):
         status = lasso.Samlp2Status()