auth saml: put newly created user in default OU (#46484)

2020-10-27 18:26:55 +01:00 · 2020-10-27 18:26:55 +01:00 · 9f08f5c475
parent 79045bf99d
commit 9f08f5c475
2 changed files with 6 additions and 0 deletions
--- a/src/authentic2_auth_saml/adapters.py
+++ b/src/authentic2_auth_saml/adapters.py
@ -28,6 +28,8 @@ from mellon.utils import get_setting
 from authentic2 import utils
 from authentic2.utils.evaluate import evaluate_condition
 from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU
+from authentic2.a2_rbac.utils import get_default_ou
+

 logger = logging.getLogger('authentic2.auth_saml')

@ -71,6 +73,9 @@ class AuthenticAdapter(DefaultAdapter):
            self.provision_a2_attributes(user, idp, saml_attributes)
        except MappingError as e:
            raise UserCreationError('user creation failed on a mandatory mapping action: %s' % e)
+        if not user.ou:
+            user.ou = get_default_ou()
+            user.save()

    def provision(self, user, idp, saml_attributes):
        super(AuthenticAdapter, self).provision(user, idp, saml_attributes)
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@ -142,6 +142,7 @@ def test_provision_add_role(db, simple_role, action_name):
    user = adapter.lookup_user(idp, saml_attributes)
    user.refresh_from_db()
    assert simple_role not in user.roles.all()
+    assert user.ou.default is True
    user.delete()

    # if a toggle-role is mandatory, failure to evaluate condition block user creation