Update tornado version. Remove unnecesary doc. Improve demo

pitbulk · pitbulk · commit 4d28828d8d67 · 2019-11-20T17:31:34.000+01:00
diff --git a/README.md b/README.md
@@ -178,6 +178,8 @@ This folder contains a Pyramid project that will be used as demo to show how to
 
 This folder contains a Tornado project that will be used as demo to show how to add SAML support to the Tornado Framework. ``views.py`` (with its ``settings.py``) is the main Flask file that has all the code, this file uses the templates stored at the ``templates`` folder. In the ``saml`` folder we found the ``certs`` folder to store the X.509 public and private key, and the SAML toolkit settings (``settings.json`` and ``advanced_settings.json``).
 
+It requires python3.5 (it's using tornado 6.0.3)
+
 #### setup.py ####
 
 Setup script is the centre of all activity in building, distributing, and installing modules.
@@ -1253,33 +1255,6 @@ First we need to edit the ``saml/settings.json`` file, configure the SP part and
 
 Once the SP is configured, the metadata of the SP is published at the ``/metadata`` url. Based on that info, configure the IdP.
 
-##### Test with keycloack #####
-
-You can test your SP with every compatible IdP, for example Keycloack by Red Hat (Check if you need also authorization and not only authentication )
-
-###### Install Docker ######
-
-Install docker as suggested by [docker guide](https://docs.docker.com/install/linux/docker-ce/ubuntu/) 
-
-###### Keycloack starting ######
-
-First run:
-* docker run --name keycloackContainer -d -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_VENDOR=H2 jboss/keycloak
-
-After first run:
-* sudo docker start keycloackContainer
-
-Remember to stop keycloack after usage:
-* sudo docker stop keycloackContainer
-
-
-###### Keycloack useful urls ######
-
-* master: http://localhost:8080/auth/admin
-* users: http://localhost:8080/auth/realms/idp_dacd/account/
-* saml request: http://localhost:8080/auth/realms/idp_dacd/protocol/saml
-* metadata: http://localhost:8080/auth/realms/idp_dacd/protocol/saml/descriptor
-
 #### How it works ####
 
 1. First time you access to the main view (http://localhost:8000), you can select to login and return to the same view or login and be redirected to ``/?attrs`` (attrs view).
diff --git a/demo-tornado/requirements.txt b/demo-tornado/requirements.txt
@@ -1,8 +1 @@
-defusedxml==0.5.0
-isodate==0.6.0
-lxml==4.3.3
-pkgconfig==1.5.1
-python3-saml==1.6.0
-six==1.12.0
-tornado==6.0.2
-xmlsec==1.3.3
+tornado==6.0.3
diff --git a/demo-tornado/templates/index.html b/demo-tornado/templates/index.html
@@ -9,6 +9,9 @@
         {% for err in errors %}
           <li>{{err}}</li>
         {% end %}
+        {% if error_reason %}
+          <span>{{error_reason}}</span>
+        {% end %}
     </ul>
   </div>
 {% end %}
diff --git a/demo-tornado/views.py b/demo-tornado/views.py
@@ -31,31 +31,36 @@ class IndexHandler(tornado.web.RequestHandler):
     def post(self):
         req = prepare_tornado_request(self.request)
         auth = init_saml_auth(req)
+        error_reason = None
         attributes = False
         paint_logout = False
+        success_slo = False
 
         auth.process_response()
         errors = auth.get_errors()
         not_auth_warn = not auth.is_authenticated()
 
         if len(errors) == 0:
-             session['samlUserdata'] = auth.get_attributes()
-             session['samlNameId'] = auth.get_nameid()
-             session['samlSessionIndex'] = auth.get_session_index()
-             self_url = OneLogin_Saml2_Utils.get_self_url(req)
-             if 'RelayState' in self.request.arguments and self_url != self.request.arguments['RelayState'][0].decode('utf-8'):
+            session['samlUserdata'] = auth.get_attributes()
+            session['samlNameId'] = auth.get_nameid()
+            session['samlSessionIndex'] = auth.get_session_index()
+            self_url = OneLogin_Saml2_Utils.get_self_url(req)
+            if 'RelayState' in self.request.arguments and self_url != self.request.arguments['RelayState'][0].decode('utf-8'):
                 return self.redirect(self.request.arguments['RelayState'][0].decode('utf-8'))
+        elif auth.get_settings().is_debug_active():
+            error_reason = auth.get_last_error_reason()
 
         if 'samlUserdata' in session:
             paint_logout = True
             if len(session['samlUserdata']) > 0:
                 attributes = session['samlUserdata'].items()
 
-        self.render('index.html',errors=errors,not_auth_warn=not_auth_warn,attributes=attributes,paint_logout=paint_logout)
+        self.render('index.html',errors=errors,error_reason=error_reason,not_auth_warn=not_auth_warn,success_slo=success_slo,attributes=attributes,paint_logout=paint_logout)
 
     def get(self):
         req = prepare_tornado_request(self.request)
         auth = init_saml_auth(req)
+        error_reason = None
         errors = []
         not_auth_warn = False
         success_slo = False
@@ -90,6 +95,8 @@ def get(self):
                 self_url = OneLogin_Saml2_Utils.get_self_url(req)
                 if 'RelayState' in self.request.arguments and self_url != self.request.arguments['RelayState'][0].decode('utf-8'):
                     return self.redirect(auth.redirect_to(self.request.arguments['RelayState'][0].decode('utf-8')))
+                elif auth.get_settings().is_debug_active():
+                    error_reason = auth.get_last_error_reason()
         elif 'sls' in req['get_data']:
             print('-sls-')
             dscb = lambda: session.clear() ## clear out the session
@@ -100,14 +107,15 @@ def get(self):
                     return self.redirect(url)
                 else:
                     success_slo = True
-
+            elif auth.get_settings().is_debug_active():
+                error_reason = auth.get_last_error_reason()
         if 'samlUserdata' in session:
             print('-samlUserdata-')
             paint_logout = True
             if len(session['samlUserdata']) > 0:
                 attributes = session['samlUserdata'].items()
                 print("ATTRIBUTES", attributes)
-        self.render('index.html',errors=errors,not_auth_warn=not_auth_warn,success_slo=success_slo,attributes=attributes,paint_logout=paint_logout)
+        self.render('index.html',errors=errors,error_reason=error_reason,not_auth_warn=not_auth_warn,success_slo=success_slo,attributes=attributes,paint_logout=paint_logout)
 
 class AttrsHandler(tornado.web.RequestHandler):
     def get(self):
