Skip to content

Commit

Permalink
site_selector: base64 encode most of query string
Browse files Browse the repository at this point in the history 
Instead of having everything in cleartext, we base64 encode a json object that we can unpack on the other side.
  • Loading branch information
@mickenordin
mickenordin committed Feb 28, 2024
1 parent 4861f48 commit 267cc5e
Showing 1 changed file with 20 additions and 8 deletions.
28 changes: 20 additions & 8 deletions src/swamid_plugins/site_selector/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import base64
import json
from re import match as match_regex
from urllib.parse import urlencode

Expand All @@ -17,6 +19,8 @@ def __init__(self, config, *args, **kwargs):
# TODO: validate configuration format
self.access_rules = config.get("access_rules", {})
self.redirect_url = config.get("redirect_url", None)
self.primary_identifier = config.get("primary_identifier",
"edupersonprincipalname")
self.access_rules_default = (self.access_rules.pop("", None)
or self.access_rules.pop("default", None))

Expand All @@ -41,14 +45,22 @@ def process(self, context, internal_data):
"rules": access_rules_for_service,
}
raise Error(error_context)
query_string = urlencode({
"user_id": internal_data.subject_id,
"displayname": (internal_data.attributes.get("displayname") or ["Unknown"])[0],
"timestamp": internal_data.auth_info.timestamp,
"issuer": internal_data.auth_info.issuer,
"service": service_id,
"session_id": context.state.session_id
})
context = {
"user_id": (internal_data.attributes.get(self.primary_identifier)
or ["Unknown"])[0],
"displayname": (internal_data.attributes.get("displayname")
or ["Unknown"])[0],
"timestamp":
internal_data.auth_info.timestamp,
"issuer":
internal_data.auth_info.issuer,
"service":
service_id,
"session_id":
context.state.session_id
}
query_string = urlencode(
{"context": base64.b64encode(json.dumps(context).encode("utf-8"))})
return Redirect(self.redirect_url + f'?{query_string}')


Expand Down

0 comments on commit 267cc5e

Please sign in to comment.