further removals

SUNET · Sep 28, 2023 · 50a8ff6 · 50a8ff6
1 parent 8d6d884
commit 50a8ff6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 95 deletions.
diff --git a/src/eduid/webapp/idp/login.py b/src/eduid/webapp/idp/login.py
@@ -234,45 +234,16 @@ def _redirect_or_post(self, info: SAMLQueryParams, binding: str) -> WerkzeugResp
             current_app.logger.info(f"Redirecting user without a SAML request to {current_app.conf.eduid_site_url}")
             return redirect(current_app.conf.eduid_site_url)
 
-        if current_app.conf.login_bundle_url:
-            if info.SAMLRequest:
-                # redirect user to the Login javascript bundle
-                loc = urlappend(current_app.conf.login_bundle_url, ticket.request_ref)
-                current_app.logger.info(f"Redirecting user to login bundle {loc}")
-                return redirect(loc)
-            else:
-                raise BadRequest("No SAMLRequest, and login_bundle_url is set")
-
-    def perform_login(self, ticket: LoginContextSAML, authn_info: AuthnInfo) -> WerkzeugResponse:
-        """
-        Validate request, and then proceed with creating an AuthnResponse and
-        invoking the 'outgoing' SAML2 binding.
-
-        :param ticket: Login process state
-        :return: Response
-        """
-        current_app.logger.debug("\n\n---\n\n")
-        current_app.logger.debug("--- In SSO.perform_login() ---")
-
-        if not isinstance(self.sso_session, SSOSession):
-            raise RuntimeError(f"self.sso_session is not of type {SSOSession} ({type(self.sso_session)})")
-
-        user = current_app.userdb.lookup_user(self.sso_session.eppn)
-        if not user:
-            current_app.logger.error(f"User with eppn {self.sso_session.eppn} (from SSO session) not found")
-            raise Forbidden("User in SSO session not found")
-
-        params = self.get_response_params(authn_info, ticket, user)
-
-        if session.common.eppn and session.common.eppn != user.eppn:
-            current_app.logger.warning(f"Refusing to change eppn in session from {session.common.eppn} to {user.eppn}")
-            raise BadRequest("WRONG_USER")
-        session.common.eppn = user.eppn
-
-        # We're done with this SAML request. Remove it from the session.
-        del session.idp.pending_requests[ticket.request_ref]
+        if not current_app.conf.login_bundle_url:
+            raise BadRequest("No login_bundle_url configured")
 
-        return mischttp.create_html_response(params.binding, params.http_args)
+        if info.SAMLRequest:
+            # redirect user to the Login javascript bundle
+            loc = urlappend(current_app.conf.login_bundle_url, ticket.request_ref)
+            current_app.logger.info(f"Redirecting user to login bundle {loc}")
+            return redirect(loc)
+        else:
+            raise BadRequest("No SAMLRequest, and login_bundle_url is set")
 
     def get_response_params(self, authn_info: AuthnInfo, ticket: LoginContextSAML, user: IdPUser) -> SAMLResponseParams:
         resp_args = self._validate_login_request(ticket)
@@ -533,41 +504,6 @@ def _validate_login_request(ticket: LoginContextSAML) -> ResponseArgs:
         return ticket.saml_req.get_response_args(ticket.request_ref, current_app.conf)
 
 
-# -----------------------------------------------------------------------------
-# === Authentication ====
-# -----------------------------------------------------------------------------
-
-
-def do_verify() -> WerkzeugResponse:
-    """
-    Perform authentication of user based on user provided credentials.
-
-    What kind of authentication to perform was chosen by SSO._not_authn() when
-    the login web page was to be rendered. It is passed to this function through
-    an HTTP POST parameter (authn_reference).
-
-    This function should not be thought of as a "was login successful" or not.
-    It will figure out what authentication level to assert based on the authncontext
-    requested, and the actual authentication that succeeded.
-
-    :return: Does not return
-    :raise eduid_idp.mischttp.Redirect: On successful authentication, redirect to redirect_uri.
-    """
-    query = mischttp.get_post()
-    # extract password to keep it away from as much code as possible
-    password = query.pop("password", None)
-    if password:
-        query["password"] = "<redacted>"
-    current_app.logger.debug(f"do_verify parsed query :\n{pprint.pformat(query)}")
-
-    if "ref" not in query:
-        raise BadRequest(f"Missing parameter - please re-initiate login")
-    _info = SAMLQueryParams(request_ref=query["ref"])
-    _ticket = get_ticket(_info, None)
-    if not _ticket:
-        raise BadRequest(f"Missing parameter - please re-initiate login")
-
-
 # ----------------------------------------------------------------------------
 def _add_saml_request_to_session(info: SAMLQueryParams, binding: str) -> RequestRef:
     if info.request_ref:

diff --git a/src/eduid/webapp/idp/views/misc.py b/src/eduid/webapp/idp/views/misc.py
@@ -39,10 +39,10 @@
 from eduid.webapp.common.api.decorators import MarshalWith, UnmarshalWith
 from eduid.webapp.common.api.messages import FluxData, success_response
 from eduid.webapp.common.api.schemas.models import FluxSuccessResponse
-from eduid.webapp.common.session.namespaces import IdP_SAMLPendingRequest, RequestRef
+from eduid.webapp.common.session.namespaces import IdP_SAMLPendingRequest
 from eduid.webapp.idp.app import current_idp_app as current_app
 from eduid.webapp.idp.decorators import require_ticket, uses_sso_session
-from eduid.webapp.idp.login import do_verify, get_ticket
+from eduid.webapp.idp.login import get_ticket
 from eduid.webapp.idp.login_context import LoginContext, LoginContextSAML
 from eduid.webapp.idp.service import SAMLQueryParams
 from eduid.webapp.idp.sso_session import SSOSession, session
@@ -139,23 +139,3 @@ def logout(ref: Optional[str], sso_session: Optional[SSOSession]) -> WerkzeugRes
     current_app.logger.info("User logged out")
 
     return resp
-
-
-@misc_views.route("/verify", methods=["GET", "POST"])
-def verify() -> WerkzeugResponse:
-    current_app.logger.debug("\n\n")
-    current_app.logger.debug(f"--- Verify ({request.method}) ---")
-
-    if request.method == "GET":
-        query = parse_query_string()
-        if "ref" not in query:
-            raise BadRequest(f"Missing parameter - please re-initiate login")
-        _info = SAMLQueryParams(request_ref=RequestRef(query["ref"]))
-        ticket = get_ticket(_info, None)
-        if not ticket:
-            raise BadRequest(f"Missing parameter - please re-initiate login")
-
-    if request.method == "POST":
-        return do_verify()
-
-    raise BadRequest()