auth_oidc: exclude disabled attributes in claim mapping form (#75474) #24

pmarillonnet · 2023-03-16T11:28:21+01:00

pmarillonnet commented

2023-03-16 11:28:21 +01:00

No description provided.

pmarillonnet force-pushed wip/75474-auth-oidc-active-attributes-mapping from b4d0bd5959 to f079937e52

2023-03-16 15:38:39 +01:00

Compare

bdauvergne requested changes 2023-04-15 11:24:12 +02:00

src/authentic2_auth_oidc/backends.py Outdated

						
				@ -378,1 +378,4 @@

				                continue

				            # filter out inexistent or disabled attributes

				            if not Attribute.objects.filter(name=attribute):

				                continue

bdauvergne commented

2023-04-15 11:24:06 +02:00

J'aurai plutôt vu ça à la source :

diff --git a/src/authentic2_auth_oidc/utils.py b/src/authentic2_auth_oidc/utils.py
index 45561f35..47acdef4 100644
--- a/src/authentic2_auth_oidc/utils.py
+++ b/src/authentic2_auth_oidc/utils.py
@@ -78,7 +78,11 @@ def parse_id_token(encoded, provider):
 
 def resolve_claim_mappings(provider, context, id_token=None, user_info=None):
     mappings = []
+    disabled = set(Attribute.all_objects.filter(disabled=True).values_list('name', flat=True))
     for claim_mapping in provider.claim_mappings.all():
+        attribute = claim_mapping.attribute
+        if attribute in disabled:
+            continue
         claim = claim_mapping.claim
         if id_token is None and user_info is None:
             source = context
@@ -89,7 +93,6 @@ def resolve_claim_mappings(provider, context, id_token=None, user_info=None):
         if not source or claim not in source and not ('{{' in claim or '{%' in claim):
             continue
         verified = False
-        attribute = claim_mapping.attribute
         if '{{' in claim or '{%' in claim:
             template = Template(claim)
             value = template.render(context=context)

J'aurai plutôt vu ça à la source : ```diff diff --git a/src/authentic2_auth_oidc/utils.py b/src/authentic2_auth_oidc/utils.py index 45561f35..47acdef4 100644 --- a/src/authentic2_auth_oidc/utils.py +++ b/src/authentic2_auth_oidc/utils.py @@ -78,7 +78,11 @@ def parse_id_token(encoded, provider): def resolve_claim_mappings(provider, context, id_token=None, user_info=None): mappings = [] + disabled = set(Attribute.all_objects.filter(disabled=True).values_list('name', flat=True)) for claim_mapping in provider.claim_mappings.all(): + attribute = claim_mapping.attribute + if attribute in disabled: + continue claim = claim_mapping.claim if id_token is None and user_info is None: source = context @@ -89,7 +93,6 @@ def resolve_claim_mappings(provider, context, id_token=None, user_info=None): if not source or claim not in source and not ('{{' in claim or '{%' in claim): continue verified = False - attribute = claim_mapping.attribute if '{{' in claim or '{%' in claim: template = Template(claim) value = template.render(context=context) ```

pmarillonnet commented

2023-07-17 15:42:41 +02:00

Je peux ajouter cela aussi, mais c’est autre chose encore. Le ticket initial concernait la sélection des attributs cibles dans le BO, sur la configuration du moyen d’authentification.

pmarillonnet commented

2023-07-17 15:47:58 +02:00

(Et non pardon, oubli de ma part quant à ce que le ticket est censé corriger. Ta modification est incluse dans la nouvelle version du commit.)

pmarillonnet force-pushed wip/75474-auth-oidc-active-attributes-mapping from f079937e52 to 24d7ed1890

2023-07-17 15:47:22 +02:00

Compare

pmarillonnet requested review from bdauvergne 2023-07-17 15:48:54 +02:00

smihai approved these changes 2023-07-17 16:40:27 +02:00

pmarillonnet merged commit 24d7ed1890 into main

2023-07-17 16:49:47 +02:00

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No Assignees

3 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: entrouvert/authentic#24