saml: add support for provisionning date fields (#22445)

2018-03-11 10:45:09 +01:00 · 2018-03-11 10:45:09 +01:00 · dbfd4179f4
parent 8ef533d0e3
commit dbfd4179f4
2 changed files with 21 additions and 3 deletions
--- a/tests/test_saml_auth.py
+++ b/tests/test_saml_auth.py
@ -139,6 +139,9 @@ def get_authn_response_msg(pub, ni_format=lasso.SAML2_NAME_IDENTIFIER_FORMAT_PER
    value = lasso.MiscTextNode.newWithString('john.doe@example.com')
    value.textChild = True
    login.assertion.addAttributeWithNode('email', lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC, value)
+    value = lasso.MiscTextNode.newWithString('2000-01-01')
+    value.textChild = True
+    login.assertion.addAttributeWithNode('birthdate', lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC, value)
    for a_name in ['first_name', 'last_name', 'email']:
        value = lasso.MiscTextNode.newWithString(a_name)
        value.textChild = True
@ -212,6 +215,7 @@ def test_assertion_consumer_existing_federation(pub):
    user = pub.user_class.select()[0]
    assert user.verified_fields
    assert len(user.verified_fields) == 3
+    assert user.form_data['_birthdate'].tm_year == 2000

    req = HTTPRequest(None, {
        'SERVER_NAME': 'example.net',
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -478,12 +478,26 @@ class Saml2Directory(Directory):
                    logger.info('taking user %s the admin rights', user.id)
                save = True
        attribute_mapping = idp.get('attribute-mapping') or {}
+
+        from wcs.admin.settings import UserFieldsFormDef
+        formdef = UserFieldsFormDef(publisher=get_publisher())
+        if formdef:
+            dict_fields = {x.id: x for x in formdef.fields}
+        else:
+            dict_fields = {}
+
        if user.form_data is None:
            user.form_data = {}
        for key, field_id in attribute_mapping.iteritems():
-            if key in d and user.form_data.get(field_id) != d[key]:
-                user.form_data[field_id] = d[key]
-                logger.info('setting field %s of user %s to value %r', field_id, user.id, d[key])
+            if not key in d:
+                continue
+            field_value = d[key]
+            field = dict_fields.get(field_id)
+            if field and field_value and field.convert_value_from_anything:
+                field_value = field.convert_value_from_anything(field_value)
+            if user.form_data.get(field_id) != field_value:
+                user.form_data[field_id] = field_value
+                logger.info('setting field %s of user %s to value %r', field_id, user.id, field_value)
                save = True

        # update user roles from role-slug