Commit dfadeb45 authored by Markus Scheidgen's avatar Markus Scheidgen
Browse files

Hotfix to saml.

parent 9d45e203
......@@ -51,6 +51,8 @@ elif hostname == 'enc-production-hv-nomad':
saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-production-hv')
elif hostname == 'enc-staging-nomad':
saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-staging')
elif 'production' in hostname:
saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-production')
else:
saml_config_dir = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'saml-testing')
......@@ -67,18 +69,7 @@ def prepare_flask_request(request):
# On staging machine we still have HTTP by default so, I want the API app to
# work when using SAML authentication with the IdP provider. That's why I need
# different settings for this function
if hostname == 'enc-production-nomad':
return {
'https': 'on' if request.scheme == 'https' else 'off',
'http_host': request.host + '/api',
'server_port': 443,
'script_name': request.path,
'get_data': request.args.copy(),
# Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144
# 'lowercase_urlencoding': True,
'post_data': request.form.copy()
}
elif hostname == 'enc-production-hv-nomad':
if 'production' in hostname:
return {
'https': 'on' if request.scheme == 'https' else 'off',
'http_host': request.host + '/api',
......@@ -610,9 +601,7 @@ def index():
elif 'sso2' in request.args:
# based on machine's hostname use different base URL for redirection
# TODO switch to use environment variables: PRODUCTION, TESTING, DEVELOPMENT
if hostname == 'enc-production-nomad':
return_to = 'https://encyclopedia.nomad-coe.eu/gui/'
elif hostname == 'enc-production-hv-nomad':
if 'production' in hostname:
return_to = 'https://encyclopedia.nomad-coe.eu/gui/'
else:
return_to = '%sgui/' % request.host_url
......@@ -665,7 +654,7 @@ def index():
"expires_in": session['token_expires_in']}}
# production and staging machines have different domain names
# and the cookie should be set on the corresponding domain name
if hostname == 'enc-production-nomad' or hostname == 'enc-production-hv-nomad':
if 'production' in hostname:
response.set_cookie('user_info', json.dumps(cookie_data), domain='.nomad-coe.eu')
else:
response.set_cookie('user_info', json.dumps(cookie_data), domain='.mpg.de')
......@@ -718,7 +707,10 @@ def index():
# Added 'api' string as a quick fix for redirection to /saml/user/ after the user is authenticated.
# Before the fix the url was domain.com/v1.0/saml/user/ which doesn't exists (because should be
# domain.com/api/v1.0/saml/user/) and nginx redirected to the /gui and not showing the user's details, token ...
return redirect('api' + url_for('api.user_attrs'))
if 'production' in hostname:
return redirect('api' + url_for('api.user_attrs'))
else:
return redirect(url_for('api.user_attrs'))
else:
return redirect(auth.login())
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment