From 39cddd3b348d49b6cc9e40bd1bb32229f8a0838f Mon Sep 17 00:00:00 2001
From: Ian Bobbitt <ian@icb.im>
Date: Fri, 7 May 2021 17:36:55 -0400
Subject: [PATCH] SAML improvements for Docker (#929)

* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
---
 configs/docker_config.py       | 8 ++++++++
 powerdnsadmin/routes/index.py  | 2 +-
 powerdnsadmin/services/saml.py | 6 +++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/configs/docker_config.py b/configs/docker_config.py
index 1723556..d06f220 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -48,6 +48,11 @@ legal_envvars = (
     'OFFLINE_MODE',
     'REMOTE_USER_LOGOUT_URL',
     'REMOTE_USER_COOKIES',
+    'SIGNUP_ENABLED',
+    'LOCAL_DB_ENABLED',
+    'LDAP_ENABLED',
+    'SAML_CERT',
+    'SAML_KEY',
     'FILESYSTEM_SESSIONS_ENABLED'
 )
 
@@ -67,6 +72,9 @@ legal_envvars_bool = (
     'SAML_ASSERTION_ENCRYPTED',
     'OFFLINE_MODE',
     'REMOTE_USER_ENABLED',
+    'SIGNUP_ENABLED',
+    'LOCAL_DB_ENABLED',
+    'LDAP_ENABLED',
     'FILESYSTEM_SESSIONS_ENABLED'
 )
 
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 847c5b7..f1ddb6b 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -943,7 +943,7 @@ def saml_authorized():
         else:
             user_groups = []
         if admin_attribute_name or group_attribute_name:
-            user_accounts = set(user.get_account())
+            user_accounts = set(user.get_accounts())
             saml_accounts = []
             for group_mapping in group_to_account_mapping:
                 mapping = group_mapping.split('=')
diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py
index 8fbeb1e..40c97bf 100644
--- a/powerdnsadmin/services/saml.py
+++ b/powerdnsadmin/services/saml.py
@@ -104,10 +104,10 @@ class SAML(object):
         settings['sp']['entityId'] = current_app.config['SAML_SP_ENTITY_ID']
 
 
-        if ('SAML_CERT_FILE' in current_app.config) and ('SAML_KEY_FILE' in current_app.config):
+        if ('SAML_CERT' in current_app.config) and ('SAML_KEY' in current_app.config):
 
-             saml_cert_file = current_app.config['SAML_CERT_FILE']
-             saml_key_file = current_app.config['SAML_KEY_FILE']
+             saml_cert_file = current_app.config['SAML_CERT']
+             saml_key_file = current_app.config['SAML_KEY']
 
              if os.path.isfile(saml_cert_file):
                  cert = open(saml_cert_file, "r").readlines()