manager: include oidc and saml federation info in user details (#28210)

2021-03-25 15:16:24 +01:00 · 2021-03-25 15:16:24 +01:00 · fd74358a9e
parent 30ee547427
commit fd74358a9e
7 changed files with 66 additions and 1 deletions
--- a/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html
+++ b/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html
@ -1,6 +1,6 @@
 {% load i18n %}
 {% for account in user.fc_accounts.all %}
 <div class="auth-fc-user-sidebar">
-<p>{% trans "Link with FranceConnect created on" %} {{ account.created }}</p>
+<p>{% trans "Link with FranceConnect created on" %} {{ account.created }}.</p>
 </div>
 {% endfor %}
--- a/src/authentic2_auth_oidc/apps.py
+++ b/src/authentic2_auth_oidc/apps.py
@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import django.apps
+from django import template


 class Plugin(object):
@ -101,3 +102,9 @@ class AppConfig(django.apps.AppConfig):
                    'sub': oidc_account.sub,
                }
            )
+
+    def a2_hook_manager_user_data(self, view, user):
+        context = {'user': user}
+        return [
+            template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context)
+        ]
--- a/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
+++ b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
@ -0,0 +1,8 @@
+{% load i18n %}
+{% if user.oidc_account %}
+<p>
+{% blocktrans trimmed with created=user.oidc_account.created name=user.oidc_account.provider.name sub=user.oidc_account.sub %}
+Link with OIDC provider {{ name }} created on {{ created }} (sub {{ sub }}).
+{% endblocktrans %}
+</p>
+{% endif %}
--- a/src/authentic2_auth_saml/apps.py
+++ b/src/authentic2_auth_saml/apps.py
@ -15,6 +15,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import django.apps
+from django import template
+from mellon.utils import get_idp


 class AppConfig(django.apps.AppConfig):
@ -41,3 +43,14 @@ class AppConfig(django.apps.AppConfig):
                    'name_id': saml_account.name_id,
                }
            )
+
+    def a2_hook_manager_user_data(self, view, user):
+        user_saml_identifiers = user.saml_identifiers.all()
+        if not user_saml_identifiers:
+            return ['']
+        for user_saml_identifier in user_saml_identifiers:
+            user_saml_identifier.idp = get_idp(user_saml_identifier.issuer)
+        context = {'user_saml_identifiers': user_saml_identifiers}
+        return [
+            template.loader.get_template('authentic2_auth_saml/manager_user_sidebar.html').render(context)
+        ]
--- a/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
+++ b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
@ -0,0 +1,9 @@
+{% load i18n %}
+{% for identifier in user_saml_identifiers %}
+{% firstof identifier.idp.DISPLAY_NAME identifier.issuer as provider %}
+<p>
+{% blocktrans trimmed with created=identifier.created name_id=identifier.name_id %}
+Link with SAML provider {{ provider }} created on {{ created }} (NameID {{ name_id }}).
+{% endblocktrans %}
+</p>
+{% endfor %}
--- a/tests/test_auth_oidc.py
+++ b/tests/test_auth_oidc.py
@ -899,3 +899,16 @@ def test_multiple_users_with_same_email(app, caplog, code, oidc_provider_jwkset,
    assert '_auth_user_id' not in app.session
    assert OIDCAccount.objects.count() == 0
    assert 'too many users' in caplog.records[-1].message
+
+
+def test_manager_user_sidebar(app, superuser, simple_user, oidc_provider):
+    utils.login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'OIDC' not in response
+
+    OIDCAccount.objects.create(user=simple_user, provider=oidc_provider, sub='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'OIDC' in response
+    assert 'Server' in response
+    assert '1234' in response
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@ -26,6 +26,8 @@ from authentic2.custom_user.models import DeletedUser
 from authentic2.models import Attribute
 from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError

+from .utils import login
+
 User = get_user_model()


@ -273,3 +275,16 @@ def test_save_account_on_delete_user(db):
            'name_id': '4567',
        },
    ]
+
+
+def test_manager_user_sidebar(app, superuser, simple_user):
+    login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' not in response
+
+    UserSAMLIdentifier.objects.create(user=simple_user, issuer='https://idp1.com/', name_id='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' in response
+    assert 'https://idp1.com/' in response
+    assert '1234' in response