Skip to content

Commit

Permalink
Add setting to unquote URL encoded attributes
Browse files Browse the repository at this point in the history
  • Loading branch information
jochenklar committed Nov 14, 2023
1 parent 962f6f9 commit a979507
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
3 changes: 3 additions & 0 deletions shibboleth/app_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,6 @@
#LOGOUT_REDIRECT_URL specifies a default logout page that will always be used when
#users logout from Shibboleth.
LOGOUT_REDIRECT_URL = getattr(settings, 'SHIBBOLETH_LOGOUT_REDIRECT_URL', None)

# unquote URL encoded attributes
UNQUOTE_ATTRIBUTES = getattr(settings, 'SHIBBOLETH_UNQUOTE_ATTRIBUTES', None)
17 changes: 13 additions & 4 deletions shibboleth/middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@
from django.contrib.auth.models import Group
from django.contrib import auth
from django.core.exceptions import ImproperlyConfigured

import re
from urllib.parse import unquote

from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, GROUP_ATTRIBUTES, GROUP_DELIMITERS
from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, GROUP_ATTRIBUTES, GROUP_DELIMITERS, UNQUOTE_ATTRIBUTES


class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
Expand All @@ -25,6 +27,8 @@ def process_request(self, request):
# Locate the remote user header.
try:
username = request.META[self.header]
if UNQUOTE_ATTRIBUTES:
username = unquote(username)
except KeyError:
# If specified header doesn't exist then return (leaving
# request.user set to AnonymousUser by the
Expand Down Expand Up @@ -58,7 +62,7 @@ def process_request(self, request):
# by logging the user in.
request.user = user
auth.login(request, user)

# Upgrade user groups if configured in the settings.py
# If activated, the user will be associated with those groups.
if GROUP_ATTRIBUTES:
Expand Down Expand Up @@ -112,6 +116,8 @@ def parse_attributes(request):
attr_processor = lambda x: x
value = meta.get(header, None)
if value:
if UNQUOTE_ATTRIBUTES:
value = unquote(value)
shib_attrs[name] = attr_processor(value)
elif required:
error = True
Expand All @@ -124,8 +130,11 @@ def parse_group_attributes(request):
"""
groups = []
for attr in GROUP_ATTRIBUTES:
parsed_groups = re.split('|'.join(GROUP_DELIMITERS),
request.META.get(attr, ''))
value = request.META.get(attr, '')
if UNQUOTE_ATTRIBUTES:
value = unquote(value)

parsed_groups = re.split('|'.join(GROUP_DELIMITERS), value)
groups += filter(bool, parsed_groups)
return groups

Expand Down

0 comments on commit a979507

Please sign in to comment.