entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 16 Releases Activity

profile: disable identifier attribuate deactivation checkbox (#79137)
gitea/hobo/pipeline/head This commit looks good Details

This commit is contained in:
Paul Marillonnet 2023-08-02 11:22:29 +02:00
parent 21948b656c
commit 1cc7e24506
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hobo/profile/forms.py
View File

@ -17,7 +17,7 @@
from django import forms
from django.utils.translation import gettext_lazy as _
from . import models
from . import models, utils
class EditFullNameTemplateForm(forms.Form):
@ -54,6 +54,25 @@ class AttributeDefinitionCreateForm(forms.ModelForm):
class AttributeDefinitionUpdateForm(AttributeDefinitionCreateForm):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
authn_info = utils.get_authn_information_from_idp()
if self.instance.name == 'email' and authn_info.get('accept_email_authentication', False):
self.fields['disabled'].disabled = True
self.fields['disabled'].help_text = _(
'The email attribute is an identifier on the identity provider hence can\'t be deactivated.'
)
if authn_info.get('accept_phone_authentication', False) and self.instance.name == authn_info.get(
'phone_identifier_field', ''
):
self.fields['disabled'].disabled = True
self.fields['disabled'].help_text = (
_(
'The "%s" phone attribute is an identifier on the identity provider hence can\'t be deactivated.'
)
% self.instance.name
)
class Meta(AttributeDefinitionCreateForm.Meta):
model = models.AttributeDefinition
exclude = ['name', 'kind']

53
tests/test_manager.py
View File

@ -164,6 +164,59 @@ def test_cached_authn_information_from_idp(settings, freezer):
assert authn_info['accept_phone_authentication'] is False
def test_identifier_attributes_deactivation_disabled(settings, freezer, logged_app):
settings.KNOWN_SERVICES = {
'authentic': {'idp': {'url': 'https://idp.example.com/', 'orig': 'example.com'}}
}
with HTTMock(mocked_http):
resp = logged_app.get('/profile/email/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' in resp.form['disabled'].attrs
assert 'The email attribute is an identifier' in resp.form.text
resp = logged_app.get('/profile/phone/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' in resp.form['disabled'].attrs
assert 'The "phone" phone attribute is an identifier' in resp.form.text
settings.KNOWN_SERVICES = {
'authentic': {'idp': {'url': 'https://deactivated.example.com/', 'orig': 'example.com'}}
}
# cached result
with HTTMock(mocked_http):
resp = logged_app.get('/profile/email/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' in resp.form['disabled'].attrs
assert 'The email attribute is an identifier' in resp.form.text
resp = logged_app.get('/profile/phone/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' in resp.form['disabled'].attrs
assert 'The "phone" phone attribute is an identifier' in resp.form.text
freezer.tick(11)
# stale cache
with HTTMock(mocked_http):
resp = logged_app.get('/profile/email/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' not in resp.form['disabled'].attrs
assert 'The email attribute is an identifier' not in resp.form.text
resp.form.set('disabled', True)
resp.form.submit()
assert AttributeDefinition.objects.get(name='email').disabled
resp = logged_app.get('/profile/phone/options', status=200)
assert resp.form['disabled'].checked is False
assert 'disabled' not in resp.form['disabled'].attrs
assert 'The "phone" phone attribute is an identifier' not in resp.form.text
resp.form.set('disabled', True)
resp.form.submit()
assert AttributeDefinition.objects.get(name='phone').disabled
def test_reorder_view(logged_app):
assert AttributeDefinition.objects.filter(name='first_name')[0].order == 2
new_order = '3,2,1,4,5,6,7,8,9,10,11'