auth_oidc: exclude disabled attributes in claim mapping form (#75474)

Conversation 0 Commits 2 Files Changed 3

pmarillonnet commented

Owner

There is no content yet.

pmarillonnet added 1 commit

gitea/authentic/pipeline/head This commit looks good Details

192ac7c471 auth_oidc: exclude disabled attributes in claim mapping form (#75474 )

pmarillonnet added 1 commit

gitea/authentic/pipeline/head This commit looks good Details

b4d0bd5959 [WIP] auth_oidc: filter out disabled attributes (#75474 )

pmarillonnet force-pushed wip/75474-auth-oidc-active-attributes-mapping from b4d0bd5959 to f079937e52

bdauvergne requested changes

src/authentic2_auth_oidc/backends.py

													
				@ -378,1 +378,4 @@

				                continue

				            # filter out inexistent or disabled attributes

				            if not Attribute.objects.filter(name=attribute):

				                continue

bdauvergne commented

Owner

J'aurai plutôt vu ça à la source :

diff --git a/src/authentic2_auth_oidc/utils.py b/src/authentic2_auth_oidc/utils.py
index 45561f35..47acdef4 100644
--- a/src/authentic2_auth_oidc/utils.py
+++ b/src/authentic2_auth_oidc/utils.py
@@ -78,7 +78,11 @@ def parse_id_token(encoded, provider):
 
 def resolve_claim_mappings(provider, context, id_token=None, user_info=None):
     mappings = []
+    disabled = set(Attribute.all_objects.filter(disabled=True).values_list('name', flat=True))
     for claim_mapping in provider.claim_mappings.all():
+        attribute = claim_mapping.attribute
+        if attribute in disabled:
+            continue
         claim = claim_mapping.claim
         if id_token is None and user_info is None:
             source = context
@@ -89,7 +93,6 @@ def resolve_claim_mappings(provider, context, id_token=None, user_info=None):
         if not source or claim not in source and not ('{{' in claim or '{%' in claim):
             continue
         verified = False
-        attribute = claim_mapping.attribute
         if '{{' in claim or '{%' in claim:
             template = Template(claim)
             value = template.render(context=context)

J'aurai plutôt vu ça à la source : ``` diff --git a/src/authentic2_auth_oidc/utils.py b/src/authentic2_auth_oidc/utils.py index 45561f35..47acdef4 100644 --- a/src/authentic2_auth_oidc/utils.py +++ b/src/authentic2_auth_oidc/utils.py @@ -78,7 +78,11 @@ def parse_id_token(encoded, provider): def resolve_claim_mappings(provider, context, id_token=None, user_info=None): mappings = [] + disabled = set(Attribute.all_objects.filter(disabled=True).values_list('name', flat=True)) for claim_mapping in provider.claim_mappings.all(): + attribute = claim_mapping.attribute + if attribute in disabled: + continue claim = claim_mapping.claim if id_token is None and user_info is None: source = context @@ -89,7 +93,6 @@ def resolve_claim_mappings(provider, context, id_token=None, user_info=None): if not source or claim not in source and not ('{{' in claim or '{%' in claim): continue verified = False - attribute = claim_mapping.attribute if '{{' in claim or '{%' in claim: template = Template(claim) value = template.render(context=context) ```

Reviewers

bdauvergne requested changes

gitea/authentic/pipeline/head This commit looks good

Details

This pull request has changes conflicting with the target branch.

tests/test_auth_oidc.py

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b wip/75474-auth-oidc-active-attributes-mapping main

git pull origin wip/75474-auth-oidc-active-attributes-mapping

Step 2:

Merge the changes and update on Gitea.

git checkout main

git merge --no-ff wip/75474-auth-oidc-active-attributes-mapping

git push origin main

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No Assignees

2 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Loading…

There is no content yet.

Labels Milestones

auth_oidc: exclude disabled attributes in claim mapping form (#75474) #24

Reviewers

Step 1:

Step 2: