From bdbc251291b1f006d17ad719e2ebc42ffab222e9 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Mon, 27 Jul 2020 17:45:13 +0200 Subject: [PATCH] views: handle empty session at authentication (#45461) --- mellon/views.py | 2 ++ tests/test_sso_slo.py | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/mellon/views.py b/mellon/views.py index 066e752..39aec16 100644 --- a/mellon/views.py +++ b/mellon/views.py @@ -271,6 +271,8 @@ class LoginView(ProfileMixin, LogMixin, View): utils.login(request, user) session_index = attributes['session_index'] if session_index: + if not request.session.session_key: + request.session.create() models.SessionIndex.objects.get_or_create( saml_identifier=user.saml_identifier, session_key=request.session.session_key, diff --git a/tests/test_sso_slo.py b/tests/test_sso_slo.py index 910c2fb..d7f07b4 100644 --- a/tests/test_sso_slo.py +++ b/tests/test_sso_slo.py @@ -669,3 +669,20 @@ def test_middleware_mixin_first_time(db, app, idp, caplog, settings): assert (urlparse.parse_qs(urlparse.urlparse(response.location).query, keep_blank_values=True) == {'next': ['http://testserver/'], 'passive': ['']}) assert 'MELLON_PASSIVE_TRIED' in app.cookies + + +def test_sso_user_change(db, app, idp, caplog, sp_settings): + response = app.get(reverse('mellon_login') + '?next=/whatever/') + url, body, relay_state = idp.process_authn_request_redirect(response['Location']) + + response = app.get(reverse('mellon_login') + '?next=/whatever/') + other_identity = '_otherE805F46B436F83669FB3F6CEE7' + idp.identity_dump = other_identity + url, other_body, other_relay_state = idp.process_authn_request_redirect(response['Location']) + + response = app.post(reverse('mellon_login'), params={'SAMLResponse': body, 'RelayState': relay_state}) + assert 'created new user' in caplog.text + caplog.clear() + + response = app.post(reverse('mellon_login'), params={'SAMLResponse': other_body, 'RelayState': other_relay_state}) + assert 'created new user' in caplog.text