auth_saml: raise error when no saml attribute value received (#47706)
This commit is contained in:
parent
8487d33cff
commit
4fed275ba3
|
@ -158,8 +158,10 @@ class AuthenticAdapter(DefaultAdapter):
|
||||||
|
|
||||||
def set_user_attribute(self, user, attribute, value):
|
def set_user_attribute(self, user, attribute, value):
|
||||||
if isinstance(value, list):
|
if isinstance(value, list):
|
||||||
|
if len(value) == 0:
|
||||||
|
raise MappingError('no value for %s' % attribute, details={'attribute': attribute})
|
||||||
if len(value) > 1:
|
if len(value) > 1:
|
||||||
raise MappingError('too much values')
|
raise MappingError('too many values for %s' % attribute, details={'attribute': attribute})
|
||||||
value = value[0]
|
value = value[0]
|
||||||
if attribute in ('first_name', 'last_name', 'email', 'username'):
|
if attribute in ('first_name', 'last_name', 'email', 'username'):
|
||||||
if getattr(user, attribute) != value:
|
if getattr(user, attribute) != value:
|
||||||
|
|
|
@ -23,6 +23,8 @@ import lasso
|
||||||
|
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
from authentic2.models import Attribute
|
from authentic2.models import Attribute
|
||||||
|
from authentic2_auth_saml.adapters import MappingError
|
||||||
|
|
||||||
|
|
||||||
def test_providers_on_login_page(db, app, settings):
|
def test_providers_on_login_page(db, app, settings):
|
||||||
settings.A2_AUTH_SAML_ENABLE = True
|
settings.A2_AUTH_SAML_ENABLE = True
|
||||||
|
@ -134,6 +136,16 @@ def test_provision_attributes(db, caplog, simple_role):
|
||||||
del saml_attributes['mail']
|
del saml_attributes['mail']
|
||||||
assert adapter.lookup_user(idp, saml_attributes) is None
|
assert adapter.lookup_user(idp, saml_attributes) is None
|
||||||
|
|
||||||
|
# simulate no attribute value
|
||||||
|
saml_attributes['first_name'] = []
|
||||||
|
mapping = {
|
||||||
|
'attribute': 'first_name',
|
||||||
|
'saml_attribute': 'first_name',
|
||||||
|
}
|
||||||
|
with pytest.raises(MappingError, match='no value for first_name'):
|
||||||
|
adapter.action_set_attribute(user, idp, saml_attributes, mapping)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def test_login_with_conditionnal_authenticators(db, app, settings, caplog):
|
def test_login_with_conditionnal_authenticators(db, app, settings, caplog):
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue