adapters: report warning about TRANSIENT_FEDERATION_ATTRIBUTE to user (#51568)
This commit is contained in:
parent
3678c49fc0
commit
672cfb90a4
|
@ -33,9 +33,11 @@ from django.core.exceptions import PermissionDenied, FieldDoesNotExist
|
|||
from django.core.files.storage import default_storage
|
||||
from django.contrib import auth
|
||||
from django.contrib.auth.models import Group
|
||||
from django.contrib import messages
|
||||
from django.utils import six
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.six.moves.urllib.parse import urlparse
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from . import utils, app_settings, models
|
||||
|
||||
|
@ -304,6 +306,9 @@ class DefaultAdapter(object):
|
|||
transient_federation_attribute)
|
||||
return None
|
||||
else:
|
||||
if self.request:
|
||||
messages.warning(self.request, _('A transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set.'))
|
||||
logger.warning('transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set')
|
||||
return None
|
||||
else:
|
||||
name_id = saml_attributes['name_id_content']
|
||||
|
|
|
@ -21,6 +21,7 @@ import lasso
|
|||
import time
|
||||
from multiprocessing.pool import ThreadPool
|
||||
|
||||
import mock
|
||||
import pytest
|
||||
|
||||
from django.contrib import auth
|
||||
|
@ -29,6 +30,7 @@ from django.db import connection
|
|||
from mellon.adapters import DefaultAdapter
|
||||
from mellon.backends import SAMLBackend
|
||||
|
||||
|
||||
pytestmark = pytest.mark.django_db
|
||||
|
||||
User = auth.get_user_model()
|
||||
|
@ -212,11 +214,18 @@ def test_provision_long_attribute(settings, django_user_model, idp, saml_attribu
|
|||
assert 'set field email' in caplog.text
|
||||
|
||||
|
||||
def test_lookup_user_transient_with_email(private_settings, idp, saml_attributes):
|
||||
private_settings.MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'email'
|
||||
adapter = DefaultAdapter()
|
||||
def test_lookup_user_transient_with_email(rf, private_settings, idp, saml_attributes):
|
||||
request = rf.get('/')
|
||||
request._messages = mock.Mock()
|
||||
adapter = DefaultAdapter(request=request)
|
||||
saml_attributes['name_id_format'] = lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT
|
||||
assert User.objects.count() == 0
|
||||
|
||||
user = adapter.lookup_user(idp, saml_attributes)
|
||||
assert User.objects.count() == 0
|
||||
request._messages.add.assert_called_once_with(30, 'A transient NameID was received but TRANSIENT_FEDERATION_ATTRIBUTE is not set.', '')
|
||||
|
||||
private_settings.MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'email'
|
||||
user = adapter.lookup_user(idp, saml_attributes)
|
||||
assert user is not None
|
||||
assert user.saml_identifiers.count() == 1
|
||||
|
|
Loading…
Reference in New Issue