auth_saml: raise error when no saml attribute value received (#47706)
This commit is contained in:
parent
8487d33cff
commit
4fed275ba3
|
@ -158,8 +158,10 @@ class AuthenticAdapter(DefaultAdapter):
|
|||
|
||||
def set_user_attribute(self, user, attribute, value):
|
||||
if isinstance(value, list):
|
||||
if len(value) == 0:
|
||||
raise MappingError('no value for %s' % attribute, details={'attribute': attribute})
|
||||
if len(value) > 1:
|
||||
raise MappingError('too much values')
|
||||
raise MappingError('too many values for %s' % attribute, details={'attribute': attribute})
|
||||
value = value[0]
|
||||
if attribute in ('first_name', 'last_name', 'email', 'username'):
|
||||
if getattr(user, attribute) != value:
|
||||
|
|
|
@ -23,6 +23,8 @@ import lasso
|
|||
|
||||
from django.contrib.auth import get_user_model
|
||||
from authentic2.models import Attribute
|
||||
from authentic2_auth_saml.adapters import MappingError
|
||||
|
||||
|
||||
def test_providers_on_login_page(db, app, settings):
|
||||
settings.A2_AUTH_SAML_ENABLE = True
|
||||
|
@ -134,6 +136,16 @@ def test_provision_attributes(db, caplog, simple_role):
|
|||
del saml_attributes['mail']
|
||||
assert adapter.lookup_user(idp, saml_attributes) is None
|
||||
|
||||
# simulate no attribute value
|
||||
saml_attributes['first_name'] = []
|
||||
mapping = {
|
||||
'attribute': 'first_name',
|
||||
'saml_attribute': 'first_name',
|
||||
}
|
||||
with pytest.raises(MappingError, match='no value for first_name'):
|
||||
adapter.action_set_attribute(user, idp, saml_attributes, mapping)
|
||||
|
||||
|
||||
|
||||
def test_login_with_conditionnal_authenticators(db, app, settings, caplog):
|
||||
|
||||
|
|
Loading…
Reference in New Issue