idp_cas: fix retrieval of LDAP user attributes (#86089)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
3ab951f818
commit
d50622cb81
|
@ -31,6 +31,7 @@ from authentic2.utils import hooks
|
|||
from authentic2.utils.misc import (
|
||||
attribute_values_to_identifier,
|
||||
find_authentication_event,
|
||||
get_user_from_session_key,
|
||||
login_require,
|
||||
make_url,
|
||||
normalize_attribute_values,
|
||||
|
@ -281,15 +282,21 @@ class ValidateBaseView(CasMixin, View):
|
|||
'''Retrieve attribute for users of the session linked to the ticket'''
|
||||
if not hasattr(st, 'attributes'):
|
||||
wanted_attributes = st.service.get_wanted_attributes()
|
||||
st.attributes = get_attributes(
|
||||
# use from session can be an LDAPUser with special attributes
|
||||
user = get_user_from_session_key(st.session_key)
|
||||
if not user.pk: # anonymous user, fail
|
||||
return None
|
||||
if user.pk != st.user_id:
|
||||
return None # user has changed, fail
|
||||
attributes = get_attributes(
|
||||
{
|
||||
'request': request,
|
||||
'user': st.user,
|
||||
'user': user,
|
||||
'service': st.service,
|
||||
'__wanted_attributes': wanted_attributes,
|
||||
}
|
||||
)
|
||||
return st.attributes
|
||||
return attributes
|
||||
|
||||
def validation_failure(self, request, service, code):
|
||||
self.logger.warning('validation failed service: %r code: %s', service, code)
|
||||
|
|
Loading…
Reference in New Issue