v0.5.0

* chore: spidSaml2 backend - template loader moved to backend constructor * feat: metadata builder - soggetti aggregatori * chore: README - general updates and cleanup * feat: pySAML2 and SATOSA dependencies updated * feat: SPID AgID template for specialized errors * fix: general spidSaml2 backend refactor and error handler (logger)
italia · Jun 15, 2021 · 32d9373 · 32d9373
1 parent 4ff7cae
commit 32d9373
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -45,10 +45,15 @@ with the help of an additional webserver dedicated for static contents:
 #### Discovery Service page
 ![disco](gallery/disco.png)
 
-
 #### Error page
-![disco](gallery/error_page.png)
+![err_gen](gallery/error_page.png)
+###### Generic error page
+
+![err1](gallery/error1.png)
+###### Saml2 Signature Error page
 
+![err2](gallery/error2.png)
+###### AgID SPID test #104
 
 You can find these demo pages in `example/static` and edit at your taste.
 To get redirection to these pages, or redirection to third-party services, consider the following configuration files:
@@ -107,7 +112,7 @@ pip install -r repository/requirements.txt
 
 ## Configure the Proxy
 
-Create certificates for SAML2 operations, thanks to [psmiraglia](https://github.com/psmiraglia/spid-compliant-certificates).
+Create certificates for SAML2 operations, see [psmiraglia](https://github.com/italia/spid-compliant-certificates).
 ````
 export WD="pki/"
 
@@ -142,7 +147,7 @@ These are the configuration files:
 - `example/plugins/frontend/saml2_frontend.yaml`
 
 
-## Handling Metadata
+## Saml2 Metadata
 
 If you want to handle metadata file manually, as this example purpose as demostration,
 create `metadata/idp` and `metadata/sp` folders, then copy metadata:
@@ -246,8 +251,8 @@ The SaToSa **SPID** backend contained in this project adopt specialized forks of
 read [this](README.idpy.forks.mngmnt.md) for any further explaination about how to patch by hands.
 
 All the patches and features are currently merged and available with the following releases:
-- [pysaml2](https://github.com/peppelinux/pysaml2/tree/pplnx-v6.5.0)
-- [SATOSA](https://github.com/peppelinux/SATOSA/tree/pplnx-v7.0.1)
+- [pysaml2](https://github.com/peppelinux/pysaml2/tree/pplnx-v7.0.1)
+- [SATOSA](https://github.com/peppelinux/SATOSA/tree/pplnx-v7.0.3)
 
 
 #### Pending contributions to idpy

diff --git a/example/backends/spidsaml2.py b/example/backends/spidsaml2.py
@@ -75,6 +75,28 @@ class SpidSAMLBackend(SAMLBackend):
     """
     _authn_context = 'https://www.spid.gov.it/SpidL1'
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        # error pages handler
+        self.template_loader = Environment(
+                        loader=FileSystemLoader(
+                            searchpath=self.config['template_folder']
+                        ),
+                        autoescape=select_autoescape(['html'])
+        )
+        _static_url = (
+            self.config['static_storage_url']
+            if self.config['static_storage_url'][-1] == '/' else
+            self.config['static_storage_url'] + '/'
+        )
+        self.template_loader.globals.update({
+            'static': _static_url,
+        })
+        self.error_page = self.template_loader.get_template(
+                                            self.config['error_template']
+        )
+
     def _metadata_endpoint(self, context):
         """
         Endpoint for retrieving the backend metadata
@@ -148,6 +170,10 @@ def _metadata_endpoint(self, context):
                             namespace=SPID_PREFIXES['spid'],
                             text=v
                     )
+                    # Avviso SPID n. 19 v.4 per enti AGGREGATORI il tag ContactPerson deve avere l’attributo spid:entityType valorizzato come spid:aggregator
+                    if k == "PublicServicesFullOperator":
+                        spid_contact.extension_attributes= {"spid:entityType": "spid:aggregator"}
+
                     spid_extensions.children.append(ext)
 
             elif contact['contact_type'] == 'billing':
@@ -299,7 +325,6 @@ def authn_request(self, context, entity_id):
             logger.debug(f'Redirecting user to the IdP via {binding} binding.')
             # use the html provided by pysaml2 if no template was specified or it didn't exist
 
-
             # SPID want the fqdn of the IDP as entityID, not the SSO endpoint
             # 'http://idpspid.testunical.it:8088'
             # dovrebbe essere destination ma nel caso di spid-testenv2 è entityid...
@@ -349,7 +374,7 @@ def authn_request(self, context, entity_id):
             session_id = authn_req.id
 
             _req_str = authn_req_signed
-            logger.debug('AuthRequest to {}: {}'.format(destination, (_req_str)))
+            logger.debug(f'AuthRequest to {destination}: {_req_str}')
 
             relay_state = util.rndstr()
             ht_args = client.apply_binding(binding,
@@ -370,7 +395,7 @@ def authn_request(self, context, entity_id):
             # these will give the way to check compliances between the req and resp
             context.state['req_args'] = {'id': authn_req.id}
 
-            logger.debug("ht_args: %s" % ht_args)
+            logger.debug(f"ht_args: {ht_args}")
             return make_saml_response(binding, ht_args)
 
         except Exception as exc:
@@ -382,34 +407,22 @@ def authn_request(self, context, entity_id):
 
     def handle_error(self, message:str, troubleshoot:str='',
                      err='', template_path='templates',
-                     template_name='spid_login_error.html'):
+                     error_template='spid_login_error.html'):
         """
             Todo: Jinja2 tempalte loader and rendering :)
         """
         logger.error(f"Failed to parse authn request: {message} {err}")
-        loader = Environment(
-                        loader=FileSystemLoader(searchpath=template_path),
-                        autoescape=select_autoescape(['html'])
-        )
-        _static_url = (
-            self.config['static_storage_url']
-            if self.config['static_storage_url'][-1] == '/' else
-            self.config['static_storage_url'] + '/'
-        )
-        loader.globals.update({
-            'static': _static_url,
-        })
-        template = loader.get_template(template_name)
-        result = template.render({
+        result = self.error_page.render({
             'message': message,
             'troubleshoot': troubleshoot
 
         })
+        # the raw way :)
         # msg = (
             # f'<b>{message}</b><br>'
             # f'{troubleshoot}'
         # )
-        # text_type(msg).encode('utf-8')
+        # result = text_type(msg).encode('utf-8')
         return Response(result, content="text/html; charset=utf8")
 
 

diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml
@@ -3,7 +3,11 @@ module: backends.spidsaml2.SpidSAMLBackend
 name: spidSaml2
 config:
   # idp_blacklist_file: /path/to/blacklist.json
-  static_storage_url: "https://localhost:9999/"
+
+  # error templates
+  static_storage_url: "https://localhost:9999"
+  error_template: "spid_login_error.html"
+  template_folder: "templates" # project root
 
   # make metadata downloadable from entityid url
   entityid_endpoint: true

diff --git a/gallery/error1.png b/gallery/error1.png
diff --git a/gallery/error2.png b/gallery/error2.png