From 08412e9e86c8d8a64f9461718ce3a0ea2c3bf323 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Mon, 17 Aug 2020 14:31:25 +0200
Subject: [PATCH] account for itsme maybe returning empty SAML attributes
 (#45925)

---
 src/authentic2_auth_fedict/adapters.py | 56 +++++++++++++-------------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/src/authentic2_auth_fedict/adapters.py b/src/authentic2_auth_fedict/adapters.py
index ae556e8..d246319 100644
--- a/src/authentic2_auth_fedict/adapters.py
+++ b/src/authentic2_auth_fedict/adapters.py
@@ -167,35 +167,37 @@ class AuthenticAdapter(DefaultAdapter):
             user.is_active = False
             user.save()
 
-        nrn = saml_attributes['egovNRN'][0]
-        for attr_name in ('niss', 'nrn'):
-            try:
-                Attribute.objects.get(name=attr_name).set_value(user, nrn,
-                        verified=True)
-            except Attribute.DoesNotExist:
-                pass
-        if nrn[:6] == '0000001': # unknown date
-            birthdate = ''
-        else:
-            if check_nrn(nrn):
-                birthdate = '%s/%s/19%s' % (nrn[4:6], nrn[2:4], nrn[:2])
-            elif check_nrn_y2k(nrn):
-                birthdate = '%s/%s/20%s' % (nrn[4:6], nrn[2:4], nrn[:2])
-            else:
+        nrn = None
+        if saml_attributes.get('egovNRN'):
+            nrn = saml_attributes['egovNRN'][0]
+            for attr_name in ('niss', 'nrn'):
+                try:
+                    Attribute.objects.get(name=attr_name).set_value(user, nrn,
+                            verified=True)
+                except Attribute.DoesNotExist:
+                    pass
+            if nrn[:6] == '0000001':  # unknown date
                 birthdate = ''
-        try:
-            Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+            else:
+                if check_nrn(nrn):
+                    birthdate = '%s/%s/19%s' % (nrn[4:6], nrn[2:4], nrn[:2])
+                elif check_nrn_y2k(nrn):
+                    birthdate = '%s/%s/20%s' % (nrn[4:6], nrn[2:4], nrn[:2])
+                else:
+                    birthdate = ''
+            try:
+                Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+                        verified=True)
+            except AttributeError:  # native authentic date field
+                birthdate = datetime.datetime.strptime(birthdate, '%d/%m/%Y').date()
+                Attribute.objects.get(name='birthdate').set_value(user, birthdate,
+                        verified=True)
+            if int(nrn[6:9]) % 2:
+                title = 'Monsieur'
+            else:
+                title = 'Madame'
+            Attribute.objects.get(name='title').set_value(user, title,
                     verified=True)
-        except AttributeError:  # native authentic date field
-            birthdate = datetime.datetime.strptime(birthdate, '%d/%m/%Y').date()
-            Attribute.objects.get(name='birthdate').set_value(user, birthdate,
-                    verified=True)
-        if int(nrn[6:9]) % 2:
-            title = 'Monsieur'
-        else:
-            title = 'Madame'
-        Attribute.objects.get(name='title').set_value(user, title,
-                verified=True)
 
         if saml_attributes.get('givenName'):
             Attribute.objects.get(name='first_name').set_value(user, saml_attributes['givenName'][0], verified=True)