summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerghei Mihai <smihai@entrouvert.com>2020-10-15 07:42:34 (GMT)
committerSerghei Mihai <smihai@entrouvert.com>2020-10-15 15:35:15 (GMT)
commit4fed275ba33b131c2155917a78f721475b32113d (patch)
treec96a0d25d73552c411e4315dd2d984aec7a9817b
parent8487d33cff4c18211056f56dbdc58b67daa27691 (diff)
downloadauthentic-4fed275ba33b131c2155917a78f721475b32113d.zip
authentic-4fed275ba33b131c2155917a78f721475b32113d.tar.gz
authentic-4fed275ba33b131c2155917a78f721475b32113d.tar.bz2
auth_saml: raise error when no saml attribute value received (#47706)
-rw-r--r--src/authentic2_auth_saml/adapters.py4
-rw-r--r--tests/test_auth_saml.py12
2 files changed, 15 insertions, 1 deletions
diff --git a/src/authentic2_auth_saml/adapters.py b/src/authentic2_auth_saml/adapters.py
index 99227ec..2f0a42a 100644
--- a/src/authentic2_auth_saml/adapters.py
+++ b/src/authentic2_auth_saml/adapters.py
@@ -158,8 +158,10 @@ class AuthenticAdapter(DefaultAdapter):
def set_user_attribute(self, user, attribute, value):
if isinstance(value, list):
+ if len(value) == 0:
+ raise MappingError('no value for %s' % attribute, details={'attribute': attribute})
if len(value) > 1:
- raise MappingError('too much values')
+ raise MappingError('too many values for %s' % attribute, details={'attribute': attribute})
value = value[0]
if attribute in ('first_name', 'last_name', 'email', 'username'):
if getattr(user, attribute) != value:
diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py
index f5ca36c..9e33491 100644
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@@ -23,6 +23,8 @@ import lasso
from django.contrib.auth import get_user_model
from authentic2.models import Attribute
+from authentic2_auth_saml.adapters import MappingError
+
def test_providers_on_login_page(db, app, settings):
settings.A2_AUTH_SAML_ENABLE = True
@@ -134,6 +136,16 @@ def test_provision_attributes(db, caplog, simple_role):
del saml_attributes['mail']
assert adapter.lookup_user(idp, saml_attributes) is None
+ # simulate no attribute value
+ saml_attributes['first_name'] = []
+ mapping = {
+ 'attribute': 'first_name',
+ 'saml_attribute': 'first_name',
+ }
+ with pytest.raises(MappingError, match='no value for first_name'):
+ adapter.action_set_attribute(user, idp, saml_attributes, mapping)
+
+
def test_login_with_conditionnal_authenticators(db, app, settings, caplog):