auth_saml: do not load disabled authenticators (#86075)

2024-01-24 13:23:55 +01:00 · 2024-01-24 13:23:55 +01:00 · 6cd42b17cd
parent 5bb21a7b63
commit 6cd42b17cd
2 changed files with 12 additions and 2 deletions
--- a/src/authentic2_auth_saml/adapters.py
+++ b/src/authentic2_auth_saml/adapters.py
@ -66,8 +66,9 @@ class SamlConditionContextProxy:

 class AuthenticAdapter(DefaultAdapter):
    def get_identity_providers_setting(self):
-        for authenticator in SAMLAuthenticator.objects.all():
-            yield authenticator.settings
+        for authenticator in SAMLAuthenticator.objects.filter(enabled=True):
+            if authenticator.metadata or authenticator.metadata_url:
+                yield authenticator.settings

    def create_user(self, user_class):
        user = user_class()
--- a/tests/auth_saml/test_adapter.py
+++ b/tests/auth_saml/test_adapter.py
@ -27,6 +27,15 @@ from authentic2_auth_saml.adapters import MappingError
 from authentic2_auth_saml.models import AddRoleAction, SAMLAuthenticator, SetAttributeAction


+def test_get_idps(adapter, idp):
+    assert len(list(adapter.get_idps())) == 1
+    other = SAMLAuthenticator.objects.create(slug='idp2', enabled=False)
+    assert len(list(adapter.get_idps())) == 1
+    other.enabled = True
+    other.save()
+    assert len(list(adapter.get_idps())) == 1
+
+
 def test_lookup_user_ok(adapter, idp, saml_attributes, title_attribute):
    assert User.objects.count() == 0