Merge pull request #4 from SUNET/template-attributes

templating attributes with mako

Author: Roland Hedberg

setup.py

@@ -25,6 +25,7 @@
         "requests",
         "PyYAML",
         "gunicorn",
+        "mako",
         "Werkzeug"
     ],
     zip_safe=False,

src/satosa/internal_data.py

@@ -6,6 +6,7 @@
 from enum import Enum
 import hashlib
 import json
+from mako.template import Template
 from satosa.exception import SATOSAError
 
 __author__ = 'haho0032'
@@ -42,6 +43,7 @@ def __init__(self, internal_attributes):
         (dict[internal_name, dict[external_type, external_name]])
         """
         self.separator = "."  # separator for nested attribute values, e.g. address.street_address
+        self.multivalue_separator = ";" # separates multiple values, e.g. when using templates
         self.from_internal_attributes = internal_attributes["attributes"]
 
         self.external2internal_attribute_name_mapping = {}
@@ -119,14 +121,23 @@ def to_internal(self, external_type, external_dict):
     def _collate_attribute_values_by_priority_order(self, attribute_names, data):
         result = []
         for attr_name in attribute_names:
-            attr_val = self._get_nested_attribute_value(attr_name, data)
+            attr_val = None
+            if '$' in attr_name: # this looks like a template...
+                attr_val = self._render_attribute_template(attr_name, data)
+            else:
+                attr_val = self._get_nested_attribute_value(attr_name, data)
+
             if isinstance(attr_val, list):
                 result.extend(attr_val)
             elif attr_val:
                 result.append(attr_val)
 
         return result
 
+    def _render_attribute_template(self, template, data):
+        t = Template(template,cache_enabled=True,imports=["from satosa.util import scope"])
+        return t.render(**data).split(self.multivalue_separator)
+
     def _get_nested_attribute_value(self, nested_key, data):
         keys = nested_key.split(self.separator)
 

src/satosa/util.py

@@ -168,3 +168,9 @@ def rndstr(size=16, alphabet=""):
     if not alphabet:
         alphabet = string.ascii_letters[0:52] + string.digits
     return type(alphabet)().join(rng.choice(alphabet) for _ in range(size))
+
+def scope(s):
+   if not '@' in s:
+      raise ValueError("Unscoped string")
+   (local_part, _, domain_part) = s.partition('@')
+   return domain_part

tests/satosa/test_internal_data.py

@@ -249,6 +249,52 @@ def test_to_internal_filter_profile_missing_attribute_mapping(self):
         filter = converter.to_internal_filter("bar", ["email", "uid"])
         assert Counter(filter) == Counter(["id"])
 
+    def test_simple_template_mapping(self):
+        mapping = {
+            "attributes": {
+                "last_name": {
+                   "p1": ["sn"],
+                   "p2": ["sn"]
+                },
+                "first_name": {
+                   "p1": ["givenName"],
+                   "p2": ["givenName"]
+                },
+                "name": {
+                   "p2": ["cn","${givenName[0]} ${sn[0]}"]
+                }
+            }
+        }
+
+        converter = DataConverter(mapping)
+        internal_repr = converter.to_internal("p2", {"givenName": ["Valfrid"], "sn": ["Lindeman"]})
+        assert "name" in internal_repr
+        assert len(internal_repr["name"]) == 1
+        assert internal_repr["name"][0] == "Valfrid Lindeman"
+
+    def test_scoped_template_mapping(self):
+        mapping = {
+            "attributes": {
+                "unscoped_affiliation": {
+                   "p1": ["eduPersonAffiliation"]
+                },
+                "uid": {
+                   "p1": ["eduPersonPrincipalName"],
+                },
+                "affiliation": {
+                   "p1": ["eduPersonScopedAffiliation","${eduPersonAffiliation[0]}@${eduPersonPrincipalName[0] | scope}"]
+                }
+            }
+        }
+
+        converter = DataConverter(mapping)
+        internal_repr = converter.to_internal("p1", {
+             "eduPersonAffiliation": ["student"], 
+             "eduPersonPrincipalName": ["[email protected]"]})
+        assert "affiliation" in internal_repr
+        assert len(internal_repr["affiliation"]) == 1
+        assert internal_repr["affiliation"][0] == "[email protected]"
+
 
     @pytest.mark.parametrize("attribute_value", [
         {"email": "[email protected]"},