Skip to content

Commit

Permalink
Make defusedxml an optional requirement
Browse files Browse the repository at this point in the history 
If it is not present, the /samlValidate endpoint will raise an
exception.
  • Loading branch information
@jbittel
jbittel committed Jan 27, 2015
1 parent cf867eb commit 216be36
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 5 deletions.
8 changes: 8 additions & 0 deletions mama_cas/compat.py
View file
Expand Up @@ -69,6 +69,14 @@ def register_namespace(prefix, uri):
gevent = None


# defusedxml is optional, and is used for the /samlValidate
# endpoint. If it is not present, this endpoint raises an exception.
try:
import defusedxml.ElementTree as defused_etree
except ImportError: # pragma: no cover
defused_etree = None


# Support both Python 2 and Python 3 locations for urllib imports.
try:
from urllib.parse import parse_qsl, urlencode, urlparse, urlunparse
Expand Down
9 changes: 5 additions & 4 deletions mama_cas/views.py
View file
Expand Up @@ -9,8 +9,7 @@
from django.views.generic import TemplateView
from django.views.generic import View

import defusedxml.ElementTree as etree

from mama_cas.compat import defused_etree
from mama_cas.compat import get_username
from mama_cas.forms import LoginForm
from mama_cas.mixins import CasResponseMixin
Expand Down Expand Up @@ -348,10 +347,12 @@ def render_to_response(self, context):
def get_context_data(self, **kwargs):
target = self.request.GET.get('target')

assert defused_etree, '/samlValidate endpoint requires defusedxml to be installed'

try:
root = etree.parse(self.request, forbid_dtd=True).getroot()
root = defused_etree.parse(self.request, forbid_dtd=True).getroot()
ticket = root.find('.//{urn:oasis:names:tc:SAML:1.0:protocol}AssertionArtifact').text
except (etree.ParseError, ValueError, AttributeError):
except (defused_etree.ParseError, ValueError, AttributeError):
ticket = None

st, pgt, error = self.validate_service_ticket(target, ticket, None, None)
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Expand Up @@ -21,7 +21,7 @@
download_url='https://pypi.python.org/pypi/django-mama-cas/',
packages=find_packages(),
include_package_data=True,
install_requires=['requests>=2.0.0,<3.0.0', 'defusedxml'],
install_requires=['requests>=2.0.0,<3.0.0'],
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Web Environment',
Expand Down

0 comments on commit 216be36

Please sign in to comment.