Projet

Général

Profil

0002-adapters-factorize-user-linking-33739.patch

Benjamin Dauvergne, 06 juin 2019 14:24

Télécharger (2,94 ko)

Voir les différences: 

Subject: [PATCH 2/3] adapters: factorize user linking (#33739)


 mellon/adapters.py | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)
mellon/adapters.py
14 14 

  		




  15
  15
  
    
from . import utils, app_settings, models

  		




  16
  16
  
    

  		




  
  17
  
    
User = auth.get_user_model()

  		




  
  18
  
    

  		




  17
  19
  
    

  		




  18
  20
  
    
class UserCreationError(Exception):

  		




  19
  21
  
    
    pass

  		




  ......




  108
  110
  
    
        user.save()

  		




  109
  111
  
    

  		




  110
  112
  
    
    def lookup_user(self, idp, saml_attributes):

  		




  111
  
  
    
        User = auth.get_user_model()

  		




  112
  113
  
    
        transient_federation_attribute = utils.get_setting(idp, 'TRANSIENT_FEDERATION_ATTRIBUTE')

  		




  113
  114
  
    
        if saml_attributes['name_id_format'] == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:

  		




  114
  115
  
    
            if (transient_federation_attribute

  		




  ......




  137
  138
  
    
            return None

  		




  138
  139
  
    

  		




  139
  140
  
    
        user = self.create_user(User)

  		




  140
  
  
    
        saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(

  		




  141
  
  
    
            name_id=name_id, issuer=issuer, defaults={'user': user})

  		




  142
  
  
    
        if created:

  		




  
  141
  
    
        real_user = self._link_user(idp, saml_attributes, issuer, name_id, user)

  		




  
  142
  
    
        if user != real_user:

  		




  
  143
  
    
            self.logger.info('looked up user %s with name_id %s from issuer %s',

  		




  
  144
  
    
                             user, name_id, issuer)

  		




  
  145
  
    
            user.delete()

  		




  
  146
  
    
        else:

  		




  143
  147
  
    
            try:

  		




  144
  148
  
    
                self.finish_create_user(idp, saml_attributes, user)

  		




  145
  149
  
    
            except UserCreationError:

  		




  ......




  147
  151
  
    
                return None

  		




  148
  152
  
    
            self.logger.info('created new user %s with name_id %s from issuer %s',

  		




  149
  153
  
    
                             user, name_id, issuer)

  		




  
  154
  
    
        return real_user

  		




  
  155
  
    

  		




  
  156
  
    
    def _link_user(self, idp, saml_attributes, issuer, name_id, user):

  		




  
  157
  
    
        saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(

  		




  
  158
  
    
            name_id=name_id, issuer=issuer, defaults={'user': user})

  		




  
  159
  
    
        if created:

  		




  
  160
  
    
            return user

  		




  150
  161
  
    
        else:

  		




  151
  
  
    
            user.delete()

  		




  152
  
  
    
            user = saml_id.user

  		




  153
  
  
    
            self.logger.info('looked up user %s with name_id %s from issuer %s',

  		




  154
  
  
    
                             user, name_id, issuer)

  		




  155
  
  
    
        return user

  		




  
  162
  
    
            return saml_id.user

  		




  156
  163
  
    

  		




  157
  164
  
    
    def provision(self, user, idp, saml_attributes):

  		




  158
  165
  
    
        self.provision_attribute(user, idp, saml_attributes)

  		




  ......




  215
  222
  
    
            user.save()

  		




  216
  223
  
    

  		




  217
  224
  
    
    def provision_groups(self, user, idp, saml_attributes):

  		




  218
  
  
    
        User = user.__class__

  		




  219
  225
  
    
        group_attribute = utils.get_setting(idp, 'GROUP_ATTRIBUTE')

  		




  220
  226
  
    
        create_group = utils.get_setting(idp, 'CREATE_GROUP')

  		




  221
  227
  
    
        if group_attribute in saml_attributes:

  		




  222
  
  
    
-