auth_saml: use select widget for choosing user attributes (#68384)
This commit is contained in:
parent
c9a912086d
commit
2cf3d06af6
|
|
@ -204,11 +204,16 @@ class SAMLAuthenticator(BaseAuthenticator):
|
|||
class SAMLRelatedObjectBase(models.Model):
|
||||
authenticator = models.ForeignKey(SAMLAuthenticator, on_delete=models.CASCADE)
|
||||
|
||||
class Meta:
|
||||
abstract = True
|
||||
|
||||
def __repr__(self):
|
||||
return '%s (%s)' % (self._meta.object_name, self.pk)
|
||||
|
||||
class Meta:
|
||||
abstract = True
|
||||
def get_user_field_display(self):
|
||||
from authentic2.forms.widgets import SelectAttributeWidget
|
||||
|
||||
return SelectAttributeWidget.get_options().get(self.user_field, self.user_field)
|
||||
|
||||
|
||||
class RenameAttributeAction(SAMLRelatedObjectBase):
|
||||
|
|
@ -235,7 +240,7 @@ class SAMLAttributeLookup(SAMLRelatedObjectBase):
|
|||
def __str__(self):
|
||||
label = _('"%(saml_attribute)s" (from "%(user_field)s")') % {
|
||||
'saml_attribute': self.saml_attribute,
|
||||
'user_field': self.user_field,
|
||||
'user_field': self.get_user_field_display(),
|
||||
}
|
||||
if self.ignore_case:
|
||||
label = '%s, %s' % (label, _('case insensitive'))
|
||||
|
|
@ -260,7 +265,7 @@ class SetAttributeAction(SAMLRelatedObjectBase):
|
|||
|
||||
def __str__(self):
|
||||
label = _('"%(attribute)s" from "%(saml_attribute)s"') % {
|
||||
'attribute': self.user_field,
|
||||
'attribute': self.get_user_field_display(),
|
||||
'saml_attribute': self.saml_attribute,
|
||||
}
|
||||
if self.mandatory:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ from django.urls import reverse
|
|||
from django.views.generic import CreateView, DeleteView, UpdateView
|
||||
from mellon.utils import get_idp
|
||||
|
||||
from authentic2.forms.widgets import SelectAttributeWidget
|
||||
from authentic2.manager.views import MediaMixin, TitleMixin
|
||||
from authentic2.utils.misc import redirect_to_login
|
||||
|
||||
|
|
@ -66,7 +67,10 @@ class SAMLAuthenticatorMixin(MediaMixin, TitleMixin):
|
|||
|
||||
def get_form_class(self):
|
||||
return modelform_factory(
|
||||
self.model, exclude=('authenticator',), field_classes={'role': RoleChoiceField}
|
||||
self.model,
|
||||
exclude=('authenticator',),
|
||||
field_classes={'role': RoleChoiceField},
|
||||
widgets={'user_field': SelectAttributeWidget},
|
||||
)
|
||||
|
||||
def get_form_kwargs(self):
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ from django.utils.html import escape
|
|||
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.apps.authenticators.models import BaseAuthenticator, LoginPasswordAuthenticator
|
||||
from authentic2.models import Attribute
|
||||
from authentic2_auth_fc.models import FcAuthenticator
|
||||
from authentic2_auth_oidc.models import OIDCProvider
|
||||
from authentic2_auth_saml.models import SAMLAuthenticator
|
||||
|
|
@ -314,21 +315,27 @@ def test_authenticators_saml_attribute_lookup(app, superuser):
|
|||
resp = login(app, superuser, path=authenticator.get_absolute_url())
|
||||
|
||||
resp = resp.click('Add', href='samlattributelookup')
|
||||
resp.form['user_field'] = 'email'
|
||||
resp.form['user_field'].select(text='Email address (email)')
|
||||
resp.form['saml_attribute'] = 'mail'
|
||||
resp = resp.form.submit()
|
||||
assert_event('authenticator.saml.related_object.creation', user=superuser, session=app.session)
|
||||
assert '#open:samlattributelookup' in resp.location
|
||||
|
||||
resp = resp.follow()
|
||||
assert escape('"mail" (from "email")') in resp.text
|
||||
assert escape('"mail" (from "Email address (email)")') in resp.text
|
||||
|
||||
resp = resp.click('mail')
|
||||
resp.form['ignore_case'] = True
|
||||
resp = resp.form.submit().follow()
|
||||
assert escape('"mail" (from "email"), case insensitive') in resp.text
|
||||
assert escape('"mail" (from "Email address (email)"), case insensitive') in resp.text
|
||||
assert_event('authenticator.saml.related_object.edit', user=superuser, session=app.session)
|
||||
|
||||
Attribute.objects.create(kind='string', name='test', label='Test')
|
||||
resp = resp.click('mail')
|
||||
resp.form['user_field'].select(text='Test (test)')
|
||||
resp = resp.form.submit().follow()
|
||||
assert escape('"mail" (from "Test (test)"), case insensitive') in resp.text
|
||||
|
||||
resp = resp.click('Remove', href='samlattributelookup')
|
||||
resp = resp.form.submit().follow()
|
||||
assert 'mail' not in resp.text
|
||||
|
|
@ -351,15 +358,15 @@ def test_authenticators_saml_set_attribute(app, superuser):
|
|||
resp = login(app, superuser, path=authenticator.get_absolute_url())
|
||||
|
||||
resp = resp.click('Add', href='setattributeaction')
|
||||
resp.form['user_field'] = 'email'
|
||||
resp.form['user_field'].select(text='Email address (email)')
|
||||
resp.form['saml_attribute'] = 'mail'
|
||||
resp = resp.form.submit().follow()
|
||||
assert escape('"email" from "mail"') in resp.text
|
||||
assert escape('"Email address (email)" from "mail"') in resp.text
|
||||
|
||||
resp = resp.click('mail')
|
||||
resp.form['mandatory'] = True
|
||||
resp = resp.form.submit().follow()
|
||||
assert escape('"email" from "mail" (mandatory)') in resp.text
|
||||
assert escape('"Email address (email)" from "mail" (mandatory)') in resp.text
|
||||
|
||||
|
||||
def test_authenticators_saml_add_role(app, superuser, role_ou1, role_ou2):
|
||||
|
|
|
|||
Loading…
Reference in New Issue