account for itsme maybe returning empty SAML attributes (#45925)

2020-08-17 14:31:25 +02:00 · 2020-08-17 14:31:25 +02:00 · 08412e9e86
parent ab45daab71
commit 08412e9e86
1 changed files with 29 additions and 27 deletions
--- a/src/authentic2_auth_fedict/adapters.py
+++ b/src/authentic2_auth_fedict/adapters.py
@ -167,35 +167,37 @@ class AuthenticAdapter(DefaultAdapter):
            user.is_active = False
            user.save()

-        nrn = saml_attributes['egovNRN'][0]
-        for attr_name in ('niss', 'nrn'):
-            try:
-                Attribute.objects.get(name=attr_name).set_value(user, nrn,
-                        verified=True)
-            except Attribute.DoesNotExist:
-                pass
-        if nrn[:6] == '0000001': # unknown date
-            birthdate = ''
-        else:
-            if check_nrn(nrn):
-                birthdate = '%s/%s/19%s' % (nrn[4:6], nrn[2:4], nrn[:2])
-            elif check_nrn_y2k(nrn):
-                birthdate = '%s/%s/20%s' % (nrn[4:6], nrn[2:4], nrn[:2])
-            else:
+        nrn = None
+        if saml_attributes.get('egovNRN'):
+            nrn = saml_attributes['egovNRN'][0]
+            for attr_name in ('niss', 'nrn'):
+                try:
+                    Attribute.objects.get(name=attr_name).set_value(user, nrn,
+                            verified=True)
+                except Attribute.DoesNotExist:
+                    pass
+            if nrn[:6] == '0000001':  # unknown date
                birthdate = ''
-        try:
-            Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+            else:
+                if check_nrn(nrn):
+                    birthdate = '%s/%s/19%s' % (nrn[4:6], nrn[2:4], nrn[:2])
+                elif check_nrn_y2k(nrn):
+                    birthdate = '%s/%s/20%s' % (nrn[4:6], nrn[2:4], nrn[:2])
+                else:
+                    birthdate = ''
+            try:
+                Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+                        verified=True)
+            except AttributeError:  # native authentic date field
+                birthdate = datetime.datetime.strptime(birthdate, '%d/%m/%Y').date()
+                Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+                        verified=True)
+            if int(nrn[6:9]) % 2:
+                title = 'Monsieur'
+            else:
+                title = 'Madame'
+            Attribute.objects.get(name='title').set_value(user, title,
                    verified=True)
-        except AttributeError:  # native authentic date field
-            birthdate = datetime.datetime.strptime(birthdate, '%d/%m/%Y').date()
-            Attribute.objects.get(name='birthdate').set_value(user, birthdate,
-                    verified=True)
-        if int(nrn[6:9]) % 2:
-            title = 'Monsieur'
-        else:
-            title = 'Madame'
-        Attribute.objects.get(name='title').set_value(user, title,
-                verified=True)

        if saml_attributes.get('givenName'):
            Attribute.objects.get(name='first_name').set_value(user, saml_attributes['givenName'][0], verified=True)