0001-auth_saml-catch-any-exception-in-data-migration-6827.patch
src/authentic2_auth_saml/migrations/0006_migrate_jsonfields.py | ||
---|---|---|
1 | 1 |
# Generated by Django 2.2.26 on 2022-07-27 15:04 |
2 | 2 | |
3 |
import json |
|
4 |
import logging |
|
5 | ||
3 | 6 |
from django.core.exceptions import MultipleObjectsReturned |
4 |
from django.db import migrations |
|
7 |
from django.db import migrations, transaction |
|
8 | ||
9 |
logger = logging.getLogger('authentic2.auth_saml') |
|
5 | 10 | |
6 | 11 | |
7 | 12 |
def get_key(obj, name, max_length=None, default=''): |
... | ... | |
81 | 86 |
Role = apps.get_model('a2_rbac', 'Role') |
82 | 87 |
OU = apps.get_model('a2_rbac', 'OrganizationalUnit') |
83 | 88 | |
84 |
for authenticator in SAMLAuthenticator.objects.all():
|
|
89 |
def create_related_objects(authenticator):
|
|
85 | 90 |
for obj in authenticator.lookup_by_attributes: |
86 | 91 |
saml_attribute = get_key(obj, 'saml_attribute', 1024) |
87 | 92 |
user_field = get_key(obj, 'user_field', 256) |
... | ... | |
124 | 129 |
mandatory=get_key(obj, 'mandatory', default=False), |
125 | 130 |
) |
126 | 131 | |
132 |
for authenticator in SAMLAuthenticator.objects.all(): |
|
133 |
try: |
|
134 |
with transaction.atomic(): |
|
135 |
create_related_objects(authenticator) |
|
136 |
except Exception: |
|
137 |
logger.exception('could not create related objects for authenticator %s', authenticator) |
|
138 |
logger.warning( |
|
139 |
'attribute mapping for %s: %s', authenticator, json.dumps(authenticator.a2_attribute_mapping) |
|
140 |
) |
|
141 |
logger.warning( |
|
142 |
'lookup by attributes for %s: %s', |
|
143 |
authenticator, |
|
144 |
json.dumps(authenticator.lookup_by_attributes), |
|
145 |
) |
|
146 | ||
127 | 147 | |
128 | 148 |
class Migration(migrations.Migration): |
129 | 149 |
tests/test_auth_saml.py | ||
---|---|---|
642 | 642 |
assert add_role.role.pk == role.pk |
643 | 643 |
assert add_role.condition == "roles == 'A'" |
644 | 644 |
assert add_role.mandatory is False |
645 | ||
646 | ||
647 |
def test_saml_authenticator_data_migration_json_fields_log_errors(migration, settings, caplog): |
|
648 |
migrate_from = [ |
|
649 |
( |
|
650 |
'authentic2_auth_saml', |
|
651 |
'0005_addroleaction_renameattributeaction_samlattributelookup_setattributeaction', |
|
652 |
), |
|
653 |
('a2_rbac', '0029_use_unique_constraints'), |
|
654 |
] |
|
655 |
migrate_to = [ |
|
656 |
('authentic2_auth_saml', '0006_migrate_jsonfields'), |
|
657 |
('a2_rbac', '0029_use_unique_constraints'), |
|
658 |
] |
|
659 | ||
660 |
old_apps = migration.before(migrate_from) |
|
661 |
SAMLAuthenticator = old_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator') |
|
662 | ||
663 |
SAMLAuthenticator.objects.create( |
|
664 |
metadata='meta1.xml', |
|
665 |
slug='idp1', |
|
666 |
lookup_by_attributes=[{'saml_attribute': 'email', 'user_field': 'email'}], |
|
667 |
a2_attribute_mapping=['bad'], |
|
668 |
) |
|
669 | ||
670 |
new_apps = migration.apply(migrate_to) |
|
671 |
SAMLAuthenticator = new_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator') |
|
672 | ||
673 |
authenticator = SAMLAuthenticator.objects.get() |
|
674 |
assert not authenticator.attribute_lookups.exists() |
|
675 | ||
676 |
assert caplog.messages == [ |
|
677 |
'could not create related objects for authenticator SAMLAuthenticator object (%s)' % authenticator.pk, |
|
678 |
'attribute mapping for SAMLAuthenticator object (%s): ["bad"]' % authenticator.pk, |
|
679 |
'lookup by attributes for SAMLAuthenticator object (%s): [{"user_field": "email", "saml_attribute": "email"}]' |
|
680 |
% authenticator.pk, |
|
681 |
] |
|
645 |
- |