Project

General

Profile

0001-auth_saml-catch-any-exception-in-data-migration-6827.patch

Valentin Deniaud, 22 August 2022 10:43 AM

Download (4.19 KB)

View differences:

Subject: [PATCH] auth_saml: catch any exception in data migration (#68273)

 .../migrations/0006_migrate_jsonfields.py     | 24 +++++++++++-
 tests/test_auth_saml.py                       | 37 +++++++++++++++++++
 2 files changed, 59 insertions(+), 2 deletions(-)
src/authentic2_auth_saml/migrations/0006_migrate_jsonfields.py
1 1
# Generated by Django 2.2.26 on 2022-07-27 15:04
2 2

  
3
import json
4
import logging
5

  
3 6
from django.core.exceptions import MultipleObjectsReturned
4
from django.db import migrations
7
from django.db import migrations, transaction
8

  
9
logger = logging.getLogger('authentic2.auth_saml')
5 10

  
6 11

  
7 12
def get_key(obj, name, max_length=None, default=''):
......
81 86
    Role = apps.get_model('a2_rbac', 'Role')
82 87
    OU = apps.get_model('a2_rbac', 'OrganizationalUnit')
83 88

  
84
    for authenticator in SAMLAuthenticator.objects.all():
89
    def create_related_objects(authenticator):
85 90
        for obj in authenticator.lookup_by_attributes:
86 91
            saml_attribute = get_key(obj, 'saml_attribute', 1024)
87 92
            user_field = get_key(obj, 'user_field', 256)
......
124 129
                        mandatory=get_key(obj, 'mandatory', default=False),
125 130
                    )
126 131

  
132
    for authenticator in SAMLAuthenticator.objects.all():
133
        try:
134
            with transaction.atomic():
135
                create_related_objects(authenticator)
136
        except Exception:
137
            logger.exception('could not create related objects for authenticator %s', authenticator)
138
            logger.warning(
139
                'attribute mapping for %s: %s', authenticator, json.dumps(authenticator.a2_attribute_mapping)
140
            )
141
            logger.warning(
142
                'lookup by attributes for %s: %s',
143
                authenticator,
144
                json.dumps(authenticator.lookup_by_attributes),
145
            )
146

  
127 147

  
128 148
class Migration(migrations.Migration):
129 149

  
tests/test_auth_saml.py
642 642
    assert add_role.role.pk == role.pk
643 643
    assert add_role.condition == "roles == 'A'"
644 644
    assert add_role.mandatory is False
645

  
646

  
647
def test_saml_authenticator_data_migration_json_fields_log_errors(migration, settings, caplog):
648
    migrate_from = [
649
        (
650
            'authentic2_auth_saml',
651
            '0005_addroleaction_renameattributeaction_samlattributelookup_setattributeaction',
652
        ),
653
        ('a2_rbac', '0029_use_unique_constraints'),
654
    ]
655
    migrate_to = [
656
        ('authentic2_auth_saml', '0006_migrate_jsonfields'),
657
        ('a2_rbac', '0029_use_unique_constraints'),
658
    ]
659

  
660
    old_apps = migration.before(migrate_from)
661
    SAMLAuthenticator = old_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator')
662

  
663
    SAMLAuthenticator.objects.create(
664
        metadata='meta1.xml',
665
        slug='idp1',
666
        lookup_by_attributes=[{'saml_attribute': 'email', 'user_field': 'email'}],
667
        a2_attribute_mapping=['bad'],
668
    )
669

  
670
    new_apps = migration.apply(migrate_to)
671
    SAMLAuthenticator = new_apps.get_model('authentic2_auth_saml', 'SAMLAuthenticator')
672

  
673
    authenticator = SAMLAuthenticator.objects.get()
674
    assert not authenticator.attribute_lookups.exists()
675

  
676
    assert caplog.messages == [
677
        'could not create related objects for authenticator SAMLAuthenticator object (%s)' % authenticator.pk,
678
        'attribute mapping for SAMLAuthenticator object (%s): ["bad"]' % authenticator.pk,
679
        'lookup by attributes for SAMLAuthenticator object (%s): [{"user_field": "email", "saml_attribute": "email"}]'
680
        % authenticator.pk,
681
    ]
645
-