diff --git a/README.md b/README.md index 2ed3f11..e89e68a 100644 --- a/README.md +++ b/README.md @@ -187,8 +187,8 @@ python setup.py install 'GET_USER_ID_FROM_SAML_RESPONSE': 'path.to.your.get.user.from.saml.hook.method', # This can override the METADATA_AUTO_CONF_URL to enumerate all existing metadata autoconf URLs 'GET_METADATA_AUTO_CONF_URLS': 'path.to.your.get.metadata.conf.hook.method', - # This will override ASSERTION_URL to allow more dynamic assertion URIs - 'GET_CUSTOM_ASSERTION_URI': 'path.to.your.get.custom.assertion.uri.hook.method', + # This will override ASSERTION_URL to allow more dynamic assertion URLs + 'GET_CUSTOM_ASSERTION_URL': 'path.to.your.get.custom.assertion.url.hook.method', }, 'ASSERTION_URL': 'https://mysite.com', # Custom URL to validate incoming SAML requests against 'ENTITY_ID': 'https://mysite.com/sso/acs/', # Populates the Issuer element in authn request @@ -259,8 +259,8 @@ Some of the following settings are related to how this module operates. The rest | **TRIGGER.CUSTOM\_DECODE\_JWT** | A hook function to decode the user JWT. This method will be called instead of the `decode_jwt_token` default function and should return the user_model.USERNAME_FIELD. This method accepts one parameter: `token`. | `str` | `None` | `my_app.models.users.decode_custom_token` | | **TRIGGER.CUSTOM\_CREATE\_JWT** | A hook function to create a custom JWT for the user. This method will be called instead of the `create_jwt_token` default function and should return the token. This method accepts one parameter: `user`. | `str` | `None` | `my_app.models.users.create_custom_token` | | **TRIGGER.CUSTOM\_TOKEN\_QUERY** | A hook function to create a custom query params with the JWT for the user. This method will be called after `CUSTOM_CREATE_JWT` to populate a query and attach it to a URL; should return the query params containing the token (e.g., `?token=encoded.jwt.token`). This method accepts one parameter: `token`. | `str` | `None` | `my_app.models.users.get_custom_token_query` | -| **TRIGGER.GET\_CUSTOM\_ASSERTION\_URI** | A hook function to get the assertion URI dynamically. Useful when you have dynamic routing, multi-tenant setup and etc. Overrides `ASSERTION_URL`. | `str` | `None` | `my_app.utils.get_custom_assertion_uri` | -| **ASSERTION\_URL** | A URL to validate incoming SAML responses against. By default, `django-saml2-auth` will validate the SAML response's Service Provider address against the actual HTTP request's host and scheme. If this value is set, it will validate against `ASSERTION_URL` instead - perfect for when Django is running behind a reverse proxy. This will only allow to customize the domain part of the URI, for more customization use `GET_CUSTOM_ASSERTION_URI`. | `str` | `None` | `https://example.com` | +| **TRIGGER.GET\_CUSTOM\_ASSERTION\_URL** | A hook function to get the assertion URL dynamically. Useful when you have dynamic routing, multi-tenant setup and etc. Overrides `ASSERTION_URL`. | `str` | `None` | `my_app.utils.get_custom_assertion_uri` | +| **ASSERTION\_URL** | A URL to validate incoming SAML responses against. By default, `django-saml2-auth` will validate the SAML response's Service Provider address against the actual HTTP request's host and scheme. If this value is set, it will validate against `ASSERTION_URL` instead - perfect for when Django is running behind a reverse proxy. This will only allow to customize the domain part of the URL, for more customization use `GET_CUSTOM_ASSERTION_URL`. | `str` | `None` | `https://example.com` | | **ENTITY\_ID** | The optional entity ID string to be passed in the 'Issuer' element of authentication request, if required by the IDP. | `str` | `None` | `https://exmaple.com/sso/acs` | | **NAME\_ID\_FORMAT** | Set to the string `'None'`, to exclude sending the `'Format'` property of the `'NameIDPolicy'` element in authentication requests. | `str` | `` | | | **USE\_JWT** | Set this to the boolean `True` if you are using Django with JWT authentication | `bool` | `False` | | diff --git a/django_saml2_auth/saml.py b/django_saml2_auth/saml.py index ff4b42f..62cf61b 100644 --- a/django_saml2_auth/saml.py +++ b/django_saml2_auth/saml.py @@ -156,8 +156,8 @@ def get_metadata( ) -def get_custom_acs_uri() -> Optional[str]: - get_custom_acs_url_hook = dictor(settings.SAML2_AUTH, "TRIGGER.GET_CUSTOM_ASSERTION_URI") +def get_custom_acs_url() -> Optional[str]: + get_custom_acs_url_hook = dictor(settings.SAML2_AUTH, "TRIGGER.GET_CUSTOM_ASSERTION_URL") return run_hook(get_custom_acs_url_hook) if get_custom_acs_url_hook else None @@ -206,7 +206,7 @@ def get_saml_client( }, ) - acs_url = get_custom_acs_uri() + acs_url = get_custom_acs_url() if not acs_url: # get_reverse raises an exception if the view is not found, so we can safely ignore type errors acs_url = domain + get_reverse([acs, "acs", "django_saml2_auth:acs"]) # type: ignore diff --git a/django_saml2_auth/tests/test_saml.py b/django_saml2_auth/tests/test_saml.py index b1bcb12..ce8f813 100644 --- a/django_saml2_auth/tests/test_saml.py +++ b/django_saml2_auth/tests/test_saml.py @@ -115,11 +115,11 @@ def get_metadata_auto_conf_urls( return [{"url": METADATA_URL1}, {"url": METADATA_URL2}] -def get_custom_assertion_uri(): +def get_custom_assertion_url(): return "https://example.com/custom-tenant/acs" -GET_CUSTOM_ASSERTION_URI = "django_saml2_auth.tests.test_saml.get_custom_assertion_uri" +GET_CUSTOM_ASSERTION_URL = "django_saml2_auth.tests.test_saml.get_custom_assertion_url" def mock_extract_user_identity( @@ -466,10 +466,10 @@ def test_get_saml_client_success_with_key_and_cert_files( del settings.SAML2_AUTH[key] -def test_get_saml_client_success_with_custom_assertion_uri_hook(settings: SettingsWrapper): +def test_get_saml_client_success_with_custom_assertion_url_hook(settings: SettingsWrapper): settings.SAML2_AUTH["METADATA_LOCAL_FILE_PATH"] = "django_saml2_auth/tests/metadata.xml" - settings.SAML2_AUTH["TRIGGER"]["GET_CUSTOM_ASSERTION_URI"] = GET_CUSTOM_ASSERTION_URI + settings.SAML2_AUTH["TRIGGER"]["GET_CUSTOM_ASSERTION_URL"] = GET_CUSTOM_ASSERTION_URL result = get_saml_client("example.com", acs, "test@example.com") assert result is not None