Merge dev for closing release v0.9.1

italia · Jun 22, 2021 · 59c177f · 59c177f
2 parents c1c191e + 7cbc29b
commit 59c177f
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 6 deletions.
diff --git a/example/example/develop_settings.py b/example/example/develop_settings.py
@@ -0,0 +1,9 @@
+#
+# Settings file for running the demo projects with Django's development server.
+#
+# noinspection PyUnresolvedReferences
+from .settings import *
+
+SESSION_COOKIE_SECURE = False  # Allows the sent of session cookie on http
+CSRF_COOKIE_SECURE = False     # Allows the sent of csrf cookie on http
+SPID_BASE_URL = None           # the base URL is got dynamically from request.build_absolute_uri('/')
diff --git a/example/example/dynamic_settings.py b/example/example/dynamic_settings.py
@@ -0,0 +1,8 @@
+#
+# Settings file for running the demo projects with dynamic base URL setting.
+# Useful for running the demo with a non-local IP address.
+#
+# noinspection PyUnresolvedReferences
+from .settings import *
+
+SPID_BASE_URL = None  # With None the base URL is got dynamically from request.build_absolute_uri('/')
diff --git a/example/run.sh b/example/run.sh
@@ -1,5 +1,56 @@
-python -B ./manage.py migrate
-python -B ./manage.py collectstatic --noinput
+#!/usr/bin/env bash
+# 
+# Run the demo project with uwsgi web server (https, the default) or the development server (http)
+#  
 
-# python -B ./manage.py runserver 0.0.0.0:8000
-uwsgi --http-keepalive  --https 0.0.0.0:8000,./certificates/public.cert,./certificates/private.key --module example.wsgi:application --env example.settings --chdir .
+# Default run settings
+address="0.0.0.0:8000"
+protocol="https"
+
+# Parse cli arguments provided with -p PROTOCOL or -a ADDRESS (take the lasts)
+while getopts p:a: flag
+do
+    case "${flag}" in
+        p) protocol=${OPTARG};;
+        a) address=${OPTARG};;
+    esac
+done
+
+# Select and run the proper server and settings
+if [[ $protocol = "http" ]]
+then
+  echo "Run on http with Django's development server ..."
+  python -B ./manage.py migrate
+  DJANGO_SETTINGS_MODULE='example.develop_settings' python -B ./manage.py runserver $address
+
+elif [[ $protocol != "https" ]]
+then
+  echo -e "\033[1;31mWrong protocol '$protocol' provided (use 'https' or 'http').\033[0m"
+  exit 1
+
+elif [[ $address != "0.0.0.0:8000" ]]
+then
+  echo "Run on https with uwsgi server and dynamic SPID_BASE_URL ..."
+  python -B ./manage.py migrate
+  python -B ./manage.py collectstatic --noinput
+
+  DJANGO_SETTINGS_MODULE='example.dynamic_settings' uwsgi \
+    --http-keepalive \
+    --https $address,./certificates/public.cert,./certificates/private.key \
+    --module example.wsgi:application \
+    --env example.dynamic_settings \
+    --chdir .
+
+else
+  echo "Run on https with uwsgi server and fixed SPID_BASE_URL ..."
+  python -B ./manage.py migrate
+  python -B ./manage.py collectstatic --noinput
+
+  uwsgi \
+    --http-keepalive \
+    --https 0.0.0.0:8000,./certificates/public.cert,./certificates/private.key \
+    --module example.wsgi:application \
+    --env example.settings \
+    --chdir .
+
+fi
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 
 setup(
     name="djangosaml2-spid",
-    version='0.8.0',
+    version='0.9.1',
     description="Djangosaml2 SPID Service Provider",
     long_description=README,
     long_description_content_type='text/markdown',

diff --git a/src/djangosaml2_spid/spid_validator.py b/src/djangosaml2_spid/spid_validator.py
@@ -231,10 +231,17 @@ def validate_assertion_authn_statement(self):
                     )
                 # 94, 95, 96
                 if authns.authn_context.authn_context_class_ref.text != self.authn_context_class_ref:
-                    raise SpidError(
+                    _msg = (
                         'Invalid Spid authn_context_class_ref, requested: '
                         f"{self.authn_context_class_ref}, got {authns.authn_context.authn_context_class_ref.text}"
                     )
+                    try:
+                        level_sp = int(self.authn_context_class_ref[-1])
+                        level_idp = int(authns.authn_context.authn_context_class_ref.text.strip().replace('\n', '')[-1])
+                        if level_idp < level_sp:
+                            raise SpidError(_msg)
+                    except Exception as e:
+                        raise SpidError(_msg)
 
                 # 97
                 if authns.authn_context.authn_context_class_ref.text \