adapters: report warning about TRANSIENT_FEDERATION_ATTRIBUTE to user (#51568)

This commit is contained in:
Benjamin Dauvergne 2021-03-02 12:20:46 +01:00
parent 3678c49fc0
commit 672cfb90a4
2 changed files with 17 additions and 3 deletions

View File

@ -33,9 +33,11 @@ from django.core.exceptions import PermissionDenied, FieldDoesNotExist
from django.core.files.storage import default_storage
from django.contrib import auth
from django.contrib.auth.models import Group
from django.contrib import messages
from django.utils import six
from django.utils.encoding import force_text
from django.utils.six.moves.urllib.parse import urlparse
from django.utils.translation import ugettext as _
from . import utils, app_settings, models
@ -304,6 +306,9 @@ class DefaultAdapter(object):
transient_federation_attribute)
return None
else:
if self.request:
messages.warning(self.request, _('A transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set.'))
logger.warning('transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set')
return None
else:
name_id = saml_attributes['name_id_content']

View File

@ -21,6 +21,7 @@ import lasso
import time
from multiprocessing.pool import ThreadPool
import mock
import pytest
from django.contrib import auth
@ -29,6 +30,7 @@ from django.db import connection
from mellon.adapters import DefaultAdapter
from mellon.backends import SAMLBackend
pytestmark = pytest.mark.django_db
User = auth.get_user_model()
@ -212,11 +214,18 @@ def test_provision_long_attribute(settings, django_user_model, idp, saml_attribu
assert 'set field email' in caplog.text
def test_lookup_user_transient_with_email(private_settings, idp, saml_attributes):
private_settings.MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'email'
adapter = DefaultAdapter()
def test_lookup_user_transient_with_email(rf, private_settings, idp, saml_attributes):
request = rf.get('/')
request._messages = mock.Mock()
adapter = DefaultAdapter(request=request)
saml_attributes['name_id_format'] = lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT
assert User.objects.count() == 0
user = adapter.lookup_user(idp, saml_attributes)
assert User.objects.count() == 0
request._messages.add.assert_called_once_with(30, 'A transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set.', '')
private_settings.MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'email'
user = adapter.lookup_user(idp, saml_attributes)
assert user is not None
assert user.saml_identifiers.count() == 1