idp_oidc: add support for multivalued attribute claims (#86663)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
d50622cb81
commit
47d9680ecf
|
@ -87,8 +87,12 @@ def get_attributes(instance, ctx):
|
|||
serialize = av.attribute.get_kind().get('attributes_ng_serialize', lambda a, b: b)
|
||||
value = av.to_python()
|
||||
serialized = serialize(ctx, value)
|
||||
ctx['django_user_' + str(av.attribute.name)] = serialized
|
||||
ctx['django_user_' + str(av.attribute.name) + ':verified'] = av.verified
|
||||
if not av.attribute.multiple:
|
||||
ctx['django_user_' + str(av.attribute.name)] = serialized
|
||||
ctx['django_user_' + str(av.attribute.name) + ':verified'] = av.verified
|
||||
else:
|
||||
ctx.setdefault('django_user_' + str(av.attribute.name), [])
|
||||
ctx['django_user_' + str(av.attribute.name)].append(serialized)
|
||||
ctx['django_user_groups'] = [group for group in user.groups.all()]
|
||||
ctx['django_user_group_names'] = [str(group) for group in user.groups.all()]
|
||||
if user.username:
|
||||
|
|
|
@ -1267,16 +1267,31 @@ def test_claim_default_value(oidc_settings, normal_oidc_client, simple_user, app
|
|||
oidc_settings.A2_IDP_OIDC_SCOPES = ['openid', 'profile', 'email', 'phone']
|
||||
Attribute.objects.create(
|
||||
name='phone',
|
||||
label='phone',
|
||||
label='Phone',
|
||||
kind='phone_number',
|
||||
asked_on_registration=False,
|
||||
required=False,
|
||||
user_visible=False,
|
||||
user_editable=False,
|
||||
)
|
||||
Attribute.objects.create(
|
||||
name='neighborhoods',
|
||||
label='Neighborhoods',
|
||||
kind='string',
|
||||
asked_on_registration=False,
|
||||
required=False,
|
||||
user_visible=True,
|
||||
user_editable=True,
|
||||
multiple=True, # test str multi-valued attributes' serialization into claims
|
||||
)
|
||||
simple_user.attributes.neighborhoods = ['foo', 'bar', 'baz']
|
||||
simple_user.save()
|
||||
OIDCClaim.objects.create(
|
||||
client=normal_oidc_client, name='phone', value='django_user_phone', scopes='phone'
|
||||
)
|
||||
OIDCClaim.objects.create(
|
||||
client=normal_oidc_client, name='neighborhoods', value='django_user_neighborhoods', scopes='profile'
|
||||
)
|
||||
normal_oidc_client.authorization_flow = normal_oidc_client.FLOW_AUTHORIZATION_CODE
|
||||
normal_oidc_client.authorization_mode = normal_oidc_client.AUTHORIZATION_MODE_NONE
|
||||
normal_oidc_client.save()
|
||||
|
@ -1336,6 +1351,7 @@ def test_claim_default_value(oidc_settings, normal_oidc_client, simple_user, app
|
|||
assert claims['family_name'] == simple_user.last_name
|
||||
assert claims['email'] == simple_user.email
|
||||
assert claims['phone'] == simple_user.phone
|
||||
assert claims['neighborhoods'] == ['foo', 'bar', 'baz']
|
||||
assert claims['email_verified'] is False
|
||||
|
||||
assert user_info['sub'] == make_sub(oidc_client, simple_user)
|
||||
|
@ -1344,6 +1360,7 @@ def test_claim_default_value(oidc_settings, normal_oidc_client, simple_user, app
|
|||
assert user_info['family_name'] == simple_user.last_name
|
||||
assert user_info['email'] == simple_user.email
|
||||
assert user_info['phone'] == simple_user.phone
|
||||
assert user_info['neighborhoods'] == ['foo', 'bar', 'baz']
|
||||
assert user_info['email_verified'] is False
|
||||
|
||||
params['scope'] = 'openid email'
|
||||
|
@ -1354,6 +1371,7 @@ def test_claim_default_value(oidc_settings, normal_oidc_client, simple_user, app
|
|||
assert claims['email'] == simple_user.email
|
||||
assert claims['email_verified'] is False
|
||||
assert 'phone' not in claims
|
||||
assert 'neighborhoods' not in claims
|
||||
assert 'preferred_username' not in claims
|
||||
assert 'given_name' not in claims
|
||||
assert 'family_name' not in claims
|
||||
|
@ -1362,6 +1380,7 @@ def test_claim_default_value(oidc_settings, normal_oidc_client, simple_user, app
|
|||
assert user_info['email'] == simple_user.email
|
||||
assert user_info['email_verified'] is False
|
||||
assert 'phone' not in user_info
|
||||
assert 'neighborhoods' not in user_info
|
||||
assert 'preferred_username' not in user_info
|
||||
assert 'given_name' not in user_info
|
||||
assert 'family_name' not in user_info
|
||||
|
|
Loading…
Reference in New Issue