add: admin login with SAML + Andrvotr instead of Cosign

Author: TomiBelan

.gitmodules

@@ -30,7 +30,8 @@
 
 UA_CODE = 'UA-23362538-7'
 
-COSIGN_PROXY_DIR = '/opt/cosign/proxy'
+MY_ENTITY_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+ANDRVOTR_API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
 
 SUBMISSIONS_OPEN = True
 UPLOADS_ENABLED = True

config-sample.py

@@ -1,19 +1,26 @@
-import os
 import sys
 import re
 import flask.json
 from flask import url_for
-DIR = os.path.dirname(os.path.abspath(__file__))
-sys.path.insert(0, DIR + '/votr/')
-
-from aisikl.context import Context # noqa
 from aisikl.app import Application # noqa
 import aisikl.portal # noqa
-
-
-def create_context(cookies, origin='ais2-beta.uniba.sk'):
-    ctx = Context(cookies, ais_url='https://'+origin+'/')
-    return ctx
+from fladgejt.login import create_client # noqa
+
+
+def create_context(*,
+                   my_entity_id,
+                   andrvotr_api_key,
+                   andrvotr_authority_token,
+                   beta):
+    ais_url = 'https://ais2-beta.uniba.sk/' if beta else 'https://ais2.uniba.sk/'
+    server = dict(login_types=('saml_andrvotr',), ais_url=ais_url)
+    params = dict(
+        type='saml_andrvotr',
+        my_entity_id=my_entity_id,
+        andrvotr_api_key=andrvotr_api_Key,
+        andrvotr_authority_token=andrvotr_authority_token,
+    )
+    return create_client(server, params).context
 
 
 def test_ais(ctx):

eprihlaska/ais_utils.py

@@ -986,29 +986,21 @@ def admin_file_download(id, uuid):
     return send_from_directory(receipt_dir, file, as_attachment=True)
 
 
-def get_cosign_cookies():
-    name = request.environ['COSIGN_SERVICE']
-    value = request.cookies[name]
-    filename = name + '=' + value.partition('/')[0]
-    result = {}
-    with open(os.path.join(app.config['COSIGN_PROXY_DIR'],
-                           filename)) as f:
-        for line in f:
-            # Remove starting "x" and everything after the space.
-            name, _, value = line[1:].split()[0].partition('=')
-            result[name] = value
-    return result
+def create_votr_context(*, beta):
+    from .ais_utils import create_context
+    return create_context(
+        my_entity_id=app.config['MY_ENTITY_ID'],
+        andrvotr_api_key=app.config['ANDRVOTR_API_KEY'],
+        andrvotr_authority_token=request.environ['ANDRVOTR_AUTHORITY_TOKEN'],
+        beta=beta,
+    )
 
 
 @app.route('/admin/ais_test')
 @require_remote_user
 def admin_ais_test():
-    from .ais_utils import (create_context, test_ais)
-    cosign_cookies = get_cosign_cookies()
-    ctx = create_context(cosign_cookies,
-                         origin='ais2.uniba.sk')
-    # Do log in
-    ctx.request_html('/ais/loginCosign.do', method='POST')
+    from .ais_utils import test_ais
+    ctx = create_votr_context(beta=False)
     test_ais(ctx)
     return redirect(url_for('admin_list'))
 
@@ -1158,17 +1150,9 @@ def admin_process_special(id, process_type):
 
 
 def send_application_to_ais2(id, application, form, process_type, beta=False):
-    from .ais_utils import (create_context, save_application_form)
+    from .ais_utils import save_application_form
     if form.validate_on_submit():
-        origin = 'ais2.uniba.sk'
-        if beta:
-            origin = 'ais2-beta.uniba.sk'
-
-        cosign_cookies = get_cosign_cookies()
-        ctx = create_context(cosign_cookies,
-                             origin=origin)
-        # Do log in
-        ctx.request_html('/ais/loginCosign.do', method='POST')
+        ctx = create_votr_context(beta=beta)
 
         ais2_output = None
         error_output = None

eprihlaska/views.py

@@ -53,6 +53,7 @@ SQLAlchemy==1.3.0
 tinycss2==0.6.1
 urllib3==1.26.5
 visitor==0.1.3
+votr @ git+https://github.com/fmfi-svt/votr.git@2f4a488747f131b8d413b6879a41663e9fbc2880
 WeasyPrint==0.42
 webencodings==0.5.1
 Werkzeug==0.15.3