django_aai_eduhr.backends module
- class django_aai_eduhr.backends.AAIBackend(*args, **kwargs)
Bases:
AssertionReplayMitigationMixin,Saml2BackendReady to use authentication backend which supports basic authorisation.
- _create_aai_data(user)
Create AAI_MODEL related to the user.
- Parameters:
user (django.contrib.auth.models.User)
- Returns:
model
- Return type:
django.contrib.models.Model
- _get_aai_data(user)
Retrieve AAI_MODEL related to the user.
- Parameters:
user (django.contrib.auth.models.User)
- Returns:
aai_instance
- Return type:
django.models.Model
- _get_aai_model()
Retrieve AAI_MODEL type from the settings.
- Returns:
model
- Return type:
subclass of django.db.models.Model
- classmethod _get_nested_attribute(obj, attribute)
Traverses nested attributes returning tuple of (nested_obj, attribute, value, child_attribute).
- classmethod _get_nested_value(obj, attribute)
Returns value of a nested attribute.
- Parameters:
obj (object)
attribute (str)
- Returns:
value
- Return type:
object
Returns QuerySet of related objects for an attribute which is a (nested) relation.
- Parameters:
obj (object)
attribute (str)
- Returns:
related_values
- Return type:
django.models.db.QuerySet
- static _is_aai_relation(attribute)
Determine if an attribute matches AAI_MODEL_RELATED_NAME. Attribute can be nested, e.g. attribute.sub_attr1.sub_attr2 in which case only attribute is checked.
- Parameters:
attribute (str)
- Returns:
is_aai_relation
- Return type:
bool
- classmethod _is_relation(obj, attribute)
Determine if an attribute is a reverse side of a ForeignKey relation. Attribute can be nested, e.g. attribute.sub_attr1.sub_attr2 in which case only the attribute is checked.
- Parameters:
obj (object)
attribute (str)
- Returns:
is_relation
- Return type:
bool
- classmethod _set_nested_value(obj, attribute, value)
Set value of a nested attribute.
- Parameters:
obj (object)
attribute (str)
value (object)
Bulk create related objects for an attribute which is a (nested) relation.
- Parameters:
obj (object)
attribute (str)
values (object)
- _update_aai_data(user, attributes, attribute_mapping)
Create or update existing AAI_MODEL with the data retrieved from the IdP.
- Parameters:
user (django.contrib.auth.models.User)
attributes (dict)
attribute_mapping (dict)
- _update_user(user, attributes, attribute_mapping, force_save=False)
Sends AAI update signals, sets AAI data on the user instance, and calls self._update_aai_data to update AAI_MODEL with the retrieved data.
- Parameters:
user (django.contrib.auth.models.User)
attributes (dict)
attribute_mapping (dict)
force_save (bool)
- Returns:
user
- Return type:
django.contrib.auth.models.User
- is_authorized(attributes, attribute_mapping, idp_entityid, assertion_info, **kwargs)
Verify if user is authorised by comparing attribute values in AAI_BACKEND_AUTHORISATION based on configured AAI_BACKEND_POLICY.
- Parameters:
attributes (dict)
attribute_mapping (dict)
idp_entityid (str)
assertion_info (dict)
**kwargs (dict)
- Returns:
allowed
- Return type:
bool
- class django_aai_eduhr.backends.AssertionReplayMitigationMixin(*args, **kwargs)
Bases:
objectMitigates Assertion Replay Attack by validating NotOnOrAfter attribute and storing used assertions in cache until NotOnOrAfter.
- is_authorized(attributes, attribute_mapping, idp_entityid, assertion_info, **kwargs)
Verifies cached assertion id and NotOnOrAfter attribute.
- Parameters:
attributes (dict)
attribute_mapping (dict)
idp_entityid (str)
assertion_info (dict)
**kwargs (dict)
- Returns:
allowed
- Return type:
bool