From 3e876668a0bbfa295ec6f8d4588b2bf60c423a5a Mon Sep 17 00:00:00 2001
From: Emmanuel Cazenave <ecazenave@entrouvert.com>
Date: Tue, 21 Sep 2021 15:32:39 +0200
Subject: [PATCH] mellon: handle new Issuer model (#57136)

See https://dev.entrouvert.org/issues/56819.
---
 docbow_project/docbow/profile_views.py | 9 ++++++++-
 tests/sso/test_profile.py              | 7 +++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/docbow_project/docbow/profile_views.py b/docbow_project/docbow/profile_views.py
index 150f39b..c5c0f0d 100644
--- a/docbow_project/docbow/profile_views.py
+++ b/docbow_project/docbow/profile_views.py
@@ -5,6 +5,7 @@ from django.views.generic.edit import UpdateView, FormView
 from django.views.generic.base import TemplateResponseMixin, View
 from django.contrib import messages
 from django.contrib.auth.models import User
+from django.core.exceptions import ImproperlyConfigured
 from django.utils.translation import ugettext as _
 from django.http import HttpResponseRedirect
 from django.db.transaction import atomic
@@ -176,9 +177,15 @@ class DelegateView(cbv.FormWithPostTarget, FormView):
                 import mellon
 
                 ctx['sso'] = True
+                issuer = mellon.models.Issuer.objects.filter(
+                    entity_id__startswith=app_settings.settings.AUTHENTIC_URL
+                ).first()
+                if not issuer:
+                    raise ImproperlyConfigured('Mellon issuer not found')
+
                 mellon.models.UserSAMLIdentifier.objects.create(
                     name_id=form.cleaned_data['name_id'],
-                    issuer=urllib.parse.urljoin(app_settings.settings.AUTHENTIC_URL, 'idp/saml2/metadata'),
+                    issuer=issuer,
                     user=delegate_user,
                 )
 
diff --git a/tests/sso/test_profile.py b/tests/sso/test_profile.py
index a598116..b526a22 100644
--- a/tests/sso/test_profile.py
+++ b/tests/sso/test_profile.py
@@ -46,6 +46,9 @@ class MockResp(object):
 def test_create_delegate_sso(a2settings, app, monkeypatch, users):
     a2settings.AUTHENTIC_ROLE = 'roleuuid'
     import docbow_project.docbow.utils
+    import mellon
+
+    mellon.models.Issuer.objects.create(entity_id=a2settings.AUTHENTIC_URL + 'idp/saml2/metadata')
 
     mock_resp1 = MockResp(json={'uuid': '1234'})
     mock_resp2 = MockResp()
@@ -69,7 +72,7 @@ def test_create_delegate_sso(a2settings, app, monkeypatch, users):
 
     assert delegate.saml_identifiers.count() == 1
     saml_id = delegate.saml_identifiers.first()
-    assert saml_id.issuer == a2settings.AUTHENTIC_URL + 'idp/saml2/metadata'
+    assert saml_id.issuer.entity_id == a2settings.AUTHENTIC_URL + 'idp/saml2/metadata'
     assert saml_id.user == delegate
     assert saml_id.name_id == '1234'
 
@@ -121,7 +124,7 @@ def test_delete_delegate_sso(a2settings, client, monkeypatch, user):
     DocbowProfile.objects.create(user=delegate, is_guest=True)
     Delegation.objects.get_or_create(by=user, to=delegate)
 
-    issuer = a2settings.AUTHENTIC_URL + 'idp/saml2/metadata'
+    issuer = mellon.models.Issuer.objects.create(entity_id=a2settings.AUTHENTIC_URL + 'idp/saml2/metadata')
     mellon.models.UserSAMLIdentifier.objects.create(name_id='1234', issuer=issuer, user=delegate)
 
     client.login(username='user', password='password')