misc: add migration to remove wrongly created saml authenticator (#67626)

2022-07-21 17:30:04 +02:00 · 2022-07-21 17:30:04 +02:00 · ba22ea30e9
parent 86033d32eb
commit ba22ea30e9
2 changed files with 58 additions and 0 deletions
--- a/src/authentic2_auth_fedict/migrations/0003_auto_20220721_1724.py
+++ b/src/authentic2_auth_fedict/migrations/0003_auto_20220721_1724.py
@ -0,0 +1,29 @@
+# Generated by Django 2.2.26 on 2022-07-21 15:24
+
+from django.db import migrations
+
+
+def cleanup_saml_authenticator(apps, schema_editor):
+    # In module authentic2_auth_saml we automatically created authenticators
+    # from config in migration 0002_auto_20220608_1559, wrongly including Fedict IdP.
+
+    SAMLAuthenticator = apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator')
+    SAMLAuthenticator.objects.filter(
+        enabled=False,
+        metadata_url__in=[
+            'https://iamapps-public.belgium.be/saml/fas-metadata.xml',
+            'https://iamapps-public.int.belgium.be/saml/fas-metadata.xml',
+        ],
+    ).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentic2_auth_fedict', '0002_auto_20220706_1712'),
+        ('authentic2_auth_saml', '0002_auto_20220608_1559'),
+    ]
+
+    operations = [
+        migrations.RunPython(cleanup_saml_authenticator, reverse_code=migrations.RunPython.noop),
+    ]
--- a/tests/test_all.py
+++ b/tests/test_all.py
@ -320,6 +320,35 @@ def test_fedict_authenticator_data_migration(settings):
    assert authenticator.enabled is True


+def test_cleanup_saml_authenticator_data_migration():
+    app = 'authentic2_auth_fedict'
+    migrate_from = [(app, '0002_auto_20220706_1712'), ('authentic2_auth_saml', '0002_auto_20220608_1559')]
+    migrate_to = [(app, '0003_auto_20220721_1724'), ('authentic2_auth_saml', '0002_auto_20220608_1559')]
+
+    executor = MigrationExecutor(connection)
+    old_apps = executor.loader.project_state(migrate_from).apps
+    executor.migrate(migrate_from)
+    SAMLAuthenticator = old_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator')
+
+    SAMLAuthenticator.objects.all().delete()
+    SAMLAuthenticator.objects.create(slug='0', enabled=False)
+    SAMLAuthenticator.objects.create(
+        slug='1', enabled=True, metadata_url='https://iamapps-public.belgium.be/saml/fas-metadata.xml'
+    )
+    SAMLAuthenticator.objects.create(
+        slug='2', enabled=False, metadata_url='https://iamapps-public.belgium.be/saml/fas-metadata.xml'
+    )  # only this one should get deleted
+
+    executor = MigrationExecutor(connection)
+    executor.migrate(migrate_to)
+    executor.loader.build_graph()
+    new_apps = executor.loader.project_state(migrate_to).apps
+    SAMLAuthenticator = new_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator')
+
+    assert SAMLAuthenticator.objects.count() == 2
+    assert not SAMLAuthenticator.objects.filter(slug='2').exists()
+
+
 def test_manager(app, admin):
    resp = login(app, admin, path='/manage/authenticators/', index=0)