auth saml: put newly created user in default OU (#46484)
This commit is contained in:
parent
79045bf99d
commit
9f08f5c475
|
@ -28,6 +28,8 @@ from mellon.utils import get_setting
|
|||
from authentic2 import utils
|
||||
from authentic2.utils.evaluate import evaluate_condition
|
||||
from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
|
||||
|
||||
logger = logging.getLogger('authentic2.auth_saml')
|
||||
|
||||
|
@ -71,6 +73,9 @@ class AuthenticAdapter(DefaultAdapter):
|
|||
self.provision_a2_attributes(user, idp, saml_attributes)
|
||||
except MappingError as e:
|
||||
raise UserCreationError('user creation failed on a mandatory mapping action: %s' % e)
|
||||
if not user.ou:
|
||||
user.ou = get_default_ou()
|
||||
user.save()
|
||||
|
||||
def provision(self, user, idp, saml_attributes):
|
||||
super(AuthenticAdapter, self).provision(user, idp, saml_attributes)
|
||||
|
|
|
@ -142,6 +142,7 @@ def test_provision_add_role(db, simple_role, action_name):
|
|||
user = adapter.lookup_user(idp, saml_attributes)
|
||||
user.refresh_from_db()
|
||||
assert simple_role not in user.roles.all()
|
||||
assert user.ou.default is True
|
||||
user.delete()
|
||||
|
||||
# if a toggle-role is mandatory, failure to evaluate condition block user creation
|
||||
|
|
Loading…
Reference in New Issue