0001-wip-idp_saml-ensure-users-are-active-when-performing.patch
| src/authentic2/idp/saml/saml2_endpoints.py | ||
|---|---|---|
| 732 | 732 |
liberty_provider__entity_id=login.remoteProviderId).liberty_provider |
| 733 | 733 | |
| 734 | 734 |
if not passive and \ |
| 735 |
(user.is_anonymous or (force_authn and not did_auth)): |
|
| 735 |
(user.is_anonymous or not user.is_active or (force_authn and not did_auth)):
|
|
| 736 | 736 |
logger.debug('login required')
|
| 737 | 737 |
return need_login(request, login, nid_format, service) |
| 738 | 738 | |
| 739 | 739 |
# No user is authenticated and passive is True, deny request |
| 740 |
if passive and user.is_anonymous:
|
|
| 740 |
if passive and (user.is_anonymous or not user.is_active):
|
|
| 741 | 741 |
logger.debug('no user connected and passive request, returning NoPassive')
|
| 742 | 742 |
set_saml2_response_responder_status_code(login.response, lasso.SAML2_STATUS_CODE_NO_PASSIVE) |
| 743 | 743 |
return finish_sso(request, login) |
| 744 |
- |
|