From 2d56640e73e84aa559826f66c2f312d949e716d8 Mon Sep 17 00:00:00 2001
From: "Economou, Matthew (NIH/NIAID) [C]" <economoum@niaid.nih.gov>
Date: Sun, 20 Nov 2022 18:18:29 -0500
Subject: [PATCH] feat(*): serve SAML metadata using custom frontend

---
 Dockerfile                                    | 13 ++++-
 plugins/frontends/idp_metadata.yaml           |  4 ++
 plugins/frontends/sp_metadata.yaml            |  4 ++
 proxy_conf.yaml                               |  2 +
 src/static_content/setup.py                   |  9 +++
 src/static_content/static_content/__init__.py | 55 +++++++++++++++++++
 6 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 plugins/frontends/idp_metadata.yaml
 create mode 100644 plugins/frontends/sp_metadata.yaml
 create mode 100644 src/static_content/setup.py
 create mode 100644 src/static_content/static_content/__init__.py

diff --git a/Dockerfile b/Dockerfile
index d9bfffb..5c9ca9f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,19 @@
+FROM satosa AS custom_code
+# workaround https://github.com/IdentityPython/satosa-docker/issues/6
+USER root
+RUN mkdir -p /home/satosa; chown satosa:satosa /home/satosa
+USER satosa
+# build custom micro services
+COPY --chown=satosa:satosa src /home/satosa/src
+RUN cd /home/satosa/src/static_content; pip install --user .
+
 FROM satosa
 USER root
 RUN pip install --no-cache-dir satosa[ldap]==${SATOSA_VERSION}
 COPY --chown=satosa:satosa *.yaml /etc/satosa/
-COPY --chown=satosa:satosa plugins /etc/satosa/
+COPY --chown=satosa:satosa plugins /etc/satosa/plugins
+RUN mkdir -p /home/satosa; chown satosa:satosa /home/satosa
+COPY --from=custom_code /home/satosa/.local /home/satosa/.local
 COPY delayed-entrypoint.sh /usr/local/bin/
 USER satosa:satosa
 ENV STARTUP_DELAY=300
diff --git a/plugins/frontends/idp_metadata.yaml b/plugins/frontends/idp_metadata.yaml
new file mode 100644
index 0000000..1fa6823
--- /dev/null
+++ b/plugins/frontends/idp_metadata.yaml
@@ -0,0 +1,4 @@
+module: static_content.StaticContentFrontend
+name: idp_metadata
+config:
+  file: frontend.xml
diff --git a/plugins/frontends/sp_metadata.yaml b/plugins/frontends/sp_metadata.yaml
new file mode 100644
index 0000000..6ebab44
--- /dev/null
+++ b/plugins/frontends/sp_metadata.yaml
@@ -0,0 +1,4 @@
+module: static_content.StaticContentFrontend
+name: sp_metadata
+config:
+  file: backend.xml
diff --git a/proxy_conf.yaml b/proxy_conf.yaml
index 055e9eb..457e1b2 100644
--- a/proxy_conf.yaml
+++ b/proxy_conf.yaml
@@ -11,6 +11,8 @@ BACKEND_MODULES:
 FRONTEND_MODULES:
   - plugins/frontends/saml2_frontend.yaml
   - plugins/frontends/ping_frontend.yaml
+  - plugins/frontends/idp_metadata.yaml
+  - plugins/frontends/sp_metadata.yaml
 MICRO_SERVICES:
   - plugins/microservices/static_attributes.yaml
 LOGGING:
diff --git a/src/static_content/setup.py b/src/static_content/setup.py
new file mode 100644
index 0000000..2457310
--- /dev/null
+++ b/src/static_content/setup.py
@@ -0,0 +1,9 @@
+from setuptools import setup
+
+setup(
+    name='static_content',
+    version='0.0.1',
+    install_requires=[
+        'satosa'
+    ],
+)
diff --git a/src/static_content/static_content/__init__.py b/src/static_content/static_content/__init__.py
new file mode 100644
index 0000000..4ce9ab4
--- /dev/null
+++ b/src/static_content/static_content/__init__.py
@@ -0,0 +1,55 @@
+import logging
+
+import satosa.logging_util as lu
+import satosa.frontends.base
+from satosa.response import Response
+
+
+logger = logging.getLogger(__name__)
+
+
+class StaticContentFrontend(satosa.frontends.base.FrontendModule):
+    """
+    A simple file server for SATOSA
+    """
+
+    def __init__(self, auth_req_callback_func, internal_attributes, config, base_url, name):
+        super().__init__(auth_req_callback_func, internal_attributes, base_url, name)
+        self.config = config
+
+    def handle_authn_response(self, context, internal_resp, extra_id_token_claims=None):
+        """
+        See super class method satosa.frontends.base.FrontendModule#handle_authn_response
+        :type context: satosa.context.Context
+        :type internal_response: satosa.internal.InternalData
+        :rtype oic.utils.http_util.Response
+        """
+        raise NotImplementedError()
+
+    def handle_backend_error(self, exception):
+        """
+        See super class satosa.frontends.base.FrontendModule
+        :type exception: satosa.exception.SATOSAError
+        :rtype: oic.utils.http_util.Response
+        """
+        raise NotImplementedError()
+
+    def register_endpoints(self, backend_names):
+        """
+        See super class satosa.frontends.base.FrontendModule
+        :type backend_names: list[str]
+        :rtype: list[(str, ((satosa.context.Context, Any) -> satosa.response.Response, Any))]
+        :raise ValueError: if more than one backend is configured
+        """
+        url_map = [("^{}".format(self.name), self.static_content_endpoint)]
+        return url_map
+
+    def static_content_endpoint(self, context):
+        """
+        """
+        msg = f"Static content returning {self.config['file']}"
+        logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
+        logger.debug(logline)
+        file = open(self.config['file'], 'r')
+        msg = file.read()
+        return Response(msg)