From 4fed275ba33b131c2155917a78f721475b32113d Mon Sep 17 00:00:00 2001 From: Serghei Mihai Date: Thu, 15 Oct 2020 09:42:34 +0200 Subject: [PATCH] auth_saml: raise error when no saml attribute value received (#47706) --- src/authentic2_auth_saml/adapters.py | 4 +++- tests/test_auth_saml.py | 12 ++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/authentic2_auth_saml/adapters.py b/src/authentic2_auth_saml/adapters.py index 99227eca3..2f0a42a36 100644 --- a/src/authentic2_auth_saml/adapters.py +++ b/src/authentic2_auth_saml/adapters.py @@ -158,8 +158,10 @@ class AuthenticAdapter(DefaultAdapter): def set_user_attribute(self, user, attribute, value): if isinstance(value, list): + if len(value) == 0: + raise MappingError('no value for %s' % attribute, details={'attribute': attribute}) if len(value) > 1: - raise MappingError('too much values') + raise MappingError('too many values for %s' % attribute, details={'attribute': attribute}) value = value[0] if attribute in ('first_name', 'last_name', 'email', 'username'): if getattr(user, attribute) != value: diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py index f5ca36c33..9e3349109 100644 --- a/tests/test_auth_saml.py +++ b/tests/test_auth_saml.py @@ -23,6 +23,8 @@ import lasso from django.contrib.auth import get_user_model from authentic2.models import Attribute +from authentic2_auth_saml.adapters import MappingError + def test_providers_on_login_page(db, app, settings): settings.A2_AUTH_SAML_ENABLE = True @@ -134,6 +136,16 @@ def test_provision_attributes(db, caplog, simple_role): del saml_attributes['mail'] assert adapter.lookup_user(idp, saml_attributes) is None + # simulate no attribute value + saml_attributes['first_name'] = [] + mapping = { + 'attribute': 'first_name', + 'saml_attribute': 'first_name', + } + with pytest.raises(MappingError, match='no value for first_name'): + adapter.action_set_attribute(user, idp, saml_attributes, mapping) + + def test_login_with_conditionnal_authenticators(db, app, settings, caplog):