0001-auth-saml-put-newly-created-user-in-default-OU-46484.patch
| src/authentic2_auth_saml/adapters.py | ||
|---|---|---|
| 28 | 28 |
from authentic2 import utils |
| 29 | 29 |
from authentic2.utils.evaluate import evaluate_condition |
| 30 | 30 |
from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU |
| 31 |
from authentic2.a2_rbac.utils import get_default_ou |
|
| 32 | ||
| 31 | 33 | |
| 32 | 34 |
logger = logging.getLogger('authentic2.auth_saml')
|
| 33 | 35 | |
| ... | ... | |
| 71 | 73 |
self.provision_a2_attributes(user, idp, saml_attributes) |
| 72 | 74 |
except MappingError as e: |
| 73 | 75 |
raise UserCreationError('user creation failed on a mandatory mapping action: %s' % e)
|
| 76 |
if not user.ou: |
|
| 77 |
user.ou = get_default_ou() |
|
| 78 |
user.save() |
|
| 74 | 79 | |
| 75 | 80 |
def provision(self, user, idp, saml_attributes): |
| 76 | 81 |
super(AuthenticAdapter, self).provision(user, idp, saml_attributes) |
| tests/test_auth_saml.py | ||
|---|---|---|
| 142 | 142 |
user = adapter.lookup_user(idp, saml_attributes) |
| 143 | 143 |
user.refresh_from_db() |
| 144 | 144 |
assert simple_role not in user.roles.all() |
| 145 |
assert user.ou.default is True |
|
| 145 | 146 |
user.delete() |
| 146 | 147 | |
| 147 | 148 |
# if a toggle-role is mandatory, failure to evaluate condition block user creation |
| 148 |
- |
|