auth_saml: raise error when no saml attribute value received (#47706)

2020-10-15 09:42:34 +02:00 · 2020-10-15 09:42:34 +02:00 · 4fed275ba3
parent 8487d33cff
commit 4fed275ba3
2 changed files with 15 additions and 1 deletions
--- a/src/authentic2_auth_saml/adapters.py
+++ b/src/authentic2_auth_saml/adapters.py
@ -158,8 +158,10 @@ class AuthenticAdapter(DefaultAdapter):

    def set_user_attribute(self, user, attribute, value):
        if isinstance(value, list):
+            if len(value) == 0:
+                raise MappingError('no value for %s' % attribute, details={'attribute': attribute})
            if len(value) > 1:
-                raise MappingError('too much values')
+                raise MappingError('too many values for %s' % attribute, details={'attribute': attribute})
            value = value[0]
        if attribute in ('first_name', 'last_name', 'email', 'username'):
            if getattr(user, attribute) != value:
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@ -23,6 +23,8 @@ import lasso

 from django.contrib.auth import get_user_model
 from authentic2.models import Attribute
+from authentic2_auth_saml.adapters import MappingError
+

 def test_providers_on_login_page(db, app, settings):
    settings.A2_AUTH_SAML_ENABLE = True
@ -134,6 +136,16 @@ def test_provision_attributes(db, caplog, simple_role):
    del saml_attributes['mail']
    assert adapter.lookup_user(idp, saml_attributes) is None

+    # simulate no attribute value
+    saml_attributes['first_name'] = []
+    mapping = {
+        'attribute': 'first_name',
+        'saml_attribute': 'first_name',
+    }
+    with pytest.raises(MappingError, match='no value for first_name'):
+        adapter.action_set_attribute(user, idp, saml_attributes, mapping)
+
+

 def test_login_with_conditionnal_authenticators(db, app, settings, caplog):