14 |
14 |
|
15 |
15 |
from . import utils, app_settings, models
|
16 |
16 |
|
|
17 |
User = auth.get_user_model()
|
|
18 |
|
17 |
19 |
|
18 |
20 |
class UserCreationError(Exception):
|
19 |
21 |
pass
|
... | ... | |
108 |
110 |
user.save()
|
109 |
111 |
|
110 |
112 |
def lookup_user(self, idp, saml_attributes):
|
111 |
|
User = auth.get_user_model()
|
112 |
113 |
transient_federation_attribute = utils.get_setting(idp, 'TRANSIENT_FEDERATION_ATTRIBUTE')
|
113 |
114 |
if saml_attributes['name_id_format'] == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
|
114 |
115 |
if (transient_federation_attribute
|
... | ... | |
137 |
138 |
return None
|
138 |
139 |
|
139 |
140 |
user = self.create_user(User)
|
140 |
|
saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(
|
141 |
|
name_id=name_id, issuer=issuer, defaults={'user': user})
|
142 |
|
if created:
|
|
141 |
real_user = self._link_user(idp, saml_attributes, issuer, name_id, user)
|
|
142 |
if user != real_user:
|
|
143 |
self.logger.info('looked up user %s with name_id %s from issuer %s',
|
|
144 |
user, name_id, issuer)
|
|
145 |
user.delete()
|
|
146 |
else:
|
143 |
147 |
try:
|
144 |
148 |
self.finish_create_user(idp, saml_attributes, user)
|
145 |
149 |
except UserCreationError:
|
... | ... | |
147 |
151 |
return None
|
148 |
152 |
self.logger.info('created new user %s with name_id %s from issuer %s',
|
149 |
153 |
user, name_id, issuer)
|
|
154 |
return real_user
|
|
155 |
|
|
156 |
def _link_user(self, idp, saml_attributes, issuer, name_id, user):
|
|
157 |
saml_id, created = models.UserSAMLIdentifier.objects.get_or_create(
|
|
158 |
name_id=name_id, issuer=issuer, defaults={'user': user})
|
|
159 |
if created:
|
|
160 |
return user
|
150 |
161 |
else:
|
151 |
|
user.delete()
|
152 |
|
user = saml_id.user
|
153 |
|
self.logger.info('looked up user %s with name_id %s from issuer %s',
|
154 |
|
user, name_id, issuer)
|
155 |
|
return user
|
|
162 |
return saml_id.user
|
156 |
163 |
|
157 |
164 |
def provision(self, user, idp, saml_attributes):
|
158 |
165 |
self.provision_attribute(user, idp, saml_attributes)
|
... | ... | |
215 |
222 |
user.save()
|
216 |
223 |
|
217 |
224 |
def provision_groups(self, user, idp, saml_attributes):
|
218 |
|
User = user.__class__
|
219 |
225 |
group_attribute = utils.get_setting(idp, 'GROUP_ATTRIBUTE')
|
220 |
226 |
create_group = utils.get_setting(idp, 'CREATE_GROUP')
|
221 |
227 |
if group_attribute in saml_attributes:
|
222 |
|
-
|