From 2107e3b1a67e7ae54d3f7f186d3ba580c3d6fec8 Mon Sep 17 00:00:00 2001 From: "fang.li" Date: Thu, 13 Apr 2017 17:22:52 +0800 Subject: [PATCH] Version 2.1.0, add DEFAULT_NEXT_URL --- README.rst | 9 ++++++++- django_saml2_auth/views.py | 8 ++++---- setup.py | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.rst b/README.rst index c358955..9db6ee0 100644 --- a/README.rst +++ b/README.rst @@ -96,9 +96,13 @@ How to use? url(r'^saml2_auth/', include('django_saml2_auth.urls')), # The following line will replace the default user login with SAML2 (optional) + # If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want" + # with this view. url(r'^accounts/login/$', django_saml2_auth.views.signin), # The following line will replace the admin login with SAML2 (optional) + # If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want" + # with this view. url(r'^admin/login/$', django_saml2_auth.views.signin), #. Add 'django_saml2_auth' to INSTALLED_APPS @@ -122,7 +126,8 @@ How to use? # Required setting 'METADATA_AUTO_CONF_URL': '[The auto(dynamic) metadata configuration URL of SAML2]', - # Optional settings + # Optional settings below + 'DEFAULT_NEXT_URL': '/admin', # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL. 'NEW_USER_PROFILE': { 'USER_GROUPS': [], # The default group name when a new user logs in 'ACTIVE_STATUS': True, # The default active status for new users @@ -232,6 +237,8 @@ How to Contribute Release Log =========== +2.1.0: Add DEFAULT_NEXT_URL. Issue #19. + 2.0.4: Fixed compatibility with Windows. 2.0.3: Fixed a vulnerabilities in the login flow, thanks qwrrty. diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py index 58c0e28..a778f42 100644 --- a/django_saml2_auth/views.py +++ b/django_saml2_auth/views.py @@ -96,7 +96,7 @@ def welcome(r): try: return render(r, 'django_saml2_auth/welcome.html', {'user': r.user}) except TemplateDoesNotExist: - return HttpResponseRedirect(get_reverse('admin:index')) + return HttpResponseRedirect(settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index'))) def denied(r): @@ -119,7 +119,7 @@ def _create_new_user(username, email, firstname, lastname): def acs(r): saml_client = _get_saml_client(get_current_domain(r)) resp = r.POST.get('SAMLResponse', None) - next_url = r.session.get('login_next_url', get_reverse('admin:index')) + next_url = r.session.get('login_next_url', settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index'))) if not resp: return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied'])) @@ -175,13 +175,13 @@ def signin(r): except: import urllib.parse as _urlparse from urllib.parse import unquote - next_url = r.GET.get('next', get_reverse('admin:index')) + next_url = r.GET.get('next', settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index'))) try: if 'next=' in unquote(next_url): next_url = _urlparse.parse_qs(_urlparse.urlparse(unquote(next_url)).query)['next'][0] except: - next_url = r.GET.get('next', get_reverse('admin:index')) + next_url = r.GET.get('next', settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index'))) # Only permit signin requests where the next_url is a safe URL if not is_safe_url(next_url): diff --git a/setup.py b/setup.py index 8d2429e..b9bf49d 100644 --- a/setup.py +++ b/setup.py @@ -16,7 +16,7 @@ setup( name='django_saml2_auth', - version='2.0.4', + version='2.1.0', description='Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta', long_description=long_description,