Hotfix to saml.

dfadeb45 · Markus Scheidgen · 9d45e203 · dfadeb45
Commit dfadeb45 authored Nov 16, 2018 by Markus Scheidgen
--- a/rest-api-service/app/api_v1_0/routes.py
+++ b/rest-api-service/app/api_v1_0/routes.py
@@ -51,6 +51,8 @@ elif hostname == 'enc-production-hv-nomad':
    saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-production-hv')
 elif hostname == 'enc-staging-nomad':
    saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-staging')
+elif 'production' in hostname:
+    saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-production')
 else:
    saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-testing')

@@ -67,18 +69,7 @@ def prepare_flask_request(request):
    # On staging machine we still have HTTP by default so, I want the API app to
    # work when using SAML authentication with the IdP provider. That's why I need
    # different settings for this function
-    if hostname == 'enc-production-nomad':
-        return {
-            'https': 'on' if request.scheme == 'https' else 'off',
-            'http_host': request.host + '/api',
-            'server_port': 443,
-            'script_name': request.path,
-            'get_data': request.args.copy(),
-            # Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144
-            # 'lowercase_urlencoding': True,
-            'post_data': request.form.copy()
-        }
-    elif hostname == 'enc-production-hv-nomad':
+    if 'production' in hostname:
        return {
            'https': 'on' if request.scheme == 'https' else 'off',
            'http_host': request.host + '/api',
@@ -610,9 +601,7 @@ def index():
    elif 'sso2' in request.args:
        # based on machine's hostname use different base URL for redirection
        # TODO switch to use environment variables: PRODUCTION, TESTING, DEVELOPMENT
-        if hostname == 'enc-production-nomad':
-            return_to = 'https://encyclopedia.nomad-coe.eu/gui/'
-        elif hostname == 'enc-production-hv-nomad':
+        if 'production' in hostname:
            return_to = 'https://encyclopedia.nomad-coe.eu/gui/'
        else:
            return_to = '%sgui/' % request.host_url
@@ -665,7 +654,7 @@ def index():
                                         "expires_in": session['token_expires_in']}}
                # production and staging machines have different domain names
                # and the cookie should be set on the corresponding domain name
-                if hostname == 'enc-production-nomad' or hostname == 'enc-production-hv-nomad':
+                if 'production' in hostname:
                    response.set_cookie('user_info', json.dumps(cookie_data), domain='.nomad-coe.eu')
                else:
                    response.set_cookie('user_info', json.dumps(cookie_data), domain='.mpg.de')
@@ -718,7 +707,10 @@ def index():
        # Added 'api' string as a quick fix for redirection to /saml/user/ after the user is authenticated.
        # Before the fix the url was domain.com/v1.0/saml/user/ which doesn't exists (because should be
        # domain.com/api/v1.0/saml/user/) and nginx redirected to the /gui and not showing the user's details, token ...
-        return redirect('api' + url_for('api.user_attrs'))
+        if 'production' in hostname:
+            return redirect('api' + url_for('api.user_attrs'))
+        else:
+            return redirect(url_for('api.user_attrs'))
    else:
        return redirect(auth.login())