views: handle empty session at authentication (#45461)

2020-07-27 17:45:13 +02:00 · 2020-07-27 17:45:13 +02:00 · bdbc251291
parent e1deb96f8c
commit bdbc251291
2 changed files with 19 additions and 0 deletions
--- a/mellon/views.py
+++ b/mellon/views.py
@ -271,6 +271,8 @@ class LoginView(ProfileMixin, LogMixin, View):
                utils.login(request, user)
                session_index = attributes['session_index']
                if session_index:
+                    if not request.session.session_key:
+                        request.session.create()
                    models.SessionIndex.objects.get_or_create(
                        saml_identifier=user.saml_identifier,
                        session_key=request.session.session_key,
--- a/tests/test_sso_slo.py
+++ b/tests/test_sso_slo.py
@ -669,3 +669,20 @@ def test_middleware_mixin_first_time(db, app, idp, caplog, settings):
    assert (urlparse.parse_qs(urlparse.urlparse(response.location).query, keep_blank_values=True)
            == {'next': ['http://testserver/'], 'passive': ['']})
    assert 'MELLON_PASSIVE_TRIED' in app.cookies
+
+
+def test_sso_user_change(db, app, idp, caplog, sp_settings):
+    response = app.get(reverse('mellon_login') + '?next=/whatever/')
+    url, body, relay_state = idp.process_authn_request_redirect(response['Location'])
+
+    response = app.get(reverse('mellon_login') + '?next=/whatever/')
+    other_identity = '<Identity xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2"><lasso:Federation xmlns:lasso="http://www.entrouvert.org/namespaces/lasso/0.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" RemoteProviderID="http://testserver/metadata/" FederationDumpVersion="2"><lasso:LocalNameIdentifier><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://idp5/metadata" SPNameQualifier="http://testserver/metadata/">_otherE805F46B436F83669FB3F6CEE7</saml:NameID></lasso:LocalNameIdentifier></lasso:Federation></Identity>'
+    idp.identity_dump = other_identity
+    url, other_body, other_relay_state = idp.process_authn_request_redirect(response['Location'])
+
+    response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state})
+    assert 'created new user' in caplog.text
+    caplog.clear()
+
+    response = app.post(reverse('mellon_login'), params={'SAMLResponse': other_body, 'RelayState': other_relay_state})
+    assert 'created new user' in caplog.text