0004-misc-keep-nameid-attributes-to-rebuild-it-69740.patch
mellon/adapters.py | ||
---|---|---|
350 | 350 |
created = True |
351 | 351 |
user = self.create_user(User) |
352 | 352 | |
353 |
nameid_user = self._link_user(idp, saml_attributes, entity_id, name_id, user)
|
|
353 |
nameid_user = self._link_user(idp, saml_attributes, user) |
|
354 | 354 |
if user != nameid_user: |
355 | 355 |
logger.info( |
356 | 356 |
'mellon: looked up user %s with name_id %s from issuer %s', nameid_user, name_id, entity_id |
... | ... | |
458 | 458 |
) |
459 | 459 |
return None |
460 | 460 | |
461 |
def _link_user(self, idp, saml_attributes, entity_id, name_id, user):
|
|
461 |
def _link_user(self, idp, saml_attributes, user): |
|
462 | 462 |
saml_id, created = models.UserSAMLIdentifier.objects.get_or_create( |
463 |
name_id=name_id, issuer=models_utils.get_issuer(entity_id), defaults={'user': user} |
|
463 |
name_id=saml_attributes['name_id_content'], |
|
464 |
issuer=models_utils.get_issuer(saml_attributes['issuer']), |
|
465 |
defaults={ |
|
466 |
'user': user, |
|
467 |
'nid_format': saml_attributes['name_id_format'], |
|
468 |
'nid_name_qualifier': saml_attributes.get('name_id_name_qualifier'), |
|
469 |
'nid_sp_name_qualifier': saml_attributes.get('name_id_sp_name_qualifier'), |
|
470 |
'nid_sp_provided_id': saml_attributes.get('name_id_sp_provided_id'), |
|
471 |
}, |
|
464 | 472 |
) |
465 | 473 |
if created: |
466 | 474 |
user.saml_identifier = saml_id |
mellon/migrations/0006_nameid_attributes.py | ||
---|---|---|
1 |
# Generated by Django 2.2.26 on 2022-10-03 10:09 |
|
2 | ||
3 |
from django.db import migrations, models |
|
4 | ||
5 | ||
6 |
class Migration(migrations.Migration): |
|
7 | ||
8 |
dependencies = [ |
|
9 |
('mellon', '0005_drop_rename_issuer'), |
|
10 |
] |
|
11 | ||
12 |
operations = [ |
|
13 |
migrations.AddField( |
|
14 |
model_name='usersamlidentifier', |
|
15 |
name='nid_format', |
|
16 |
field=models.TextField(null=True, verbose_name='NameID Format'), |
|
17 |
), |
|
18 |
migrations.AddField( |
|
19 |
model_name='usersamlidentifier', |
|
20 |
name='nid_name_qualifier', |
|
21 |
field=models.TextField(null=True, verbose_name='NameID NameQualifier'), |
|
22 |
), |
|
23 |
migrations.AddField( |
|
24 |
model_name='usersamlidentifier', |
|
25 |
name='nid_sp_name_qualifier', |
|
26 |
field=models.TextField(null=True, verbose_name='NameID SPNameQualifier'), |
|
27 |
), |
|
28 |
migrations.AddField( |
|
29 |
model_name='usersamlidentifier', |
|
30 |
name='nid_sp_provided_id', |
|
31 |
field=models.TextField(null=True, verbose_name='SAML NameID SPPRovidedID'), |
|
32 |
), |
|
33 |
] |
mellon/models.py | ||
---|---|---|
32 | 32 |
created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True) |
33 | 33 |
issuer = models.ForeignKey('mellon.Issuer', verbose_name=_('Issuer'), null=True, on_delete=models.CASCADE) |
34 | 34 | |
35 |
nid_format = models.TextField(verbose_name=_('NameID Format'), null=True) |
|
36 |
nid_name_qualifier = models.TextField(verbose_name=_('NameID NameQualifier'), null=True) |
|
37 |
nid_sp_name_qualifier = models.TextField(verbose_name=_('NameID SPNameQualifier'), null=True) |
|
38 |
nid_sp_provided_id = models.TextField(verbose_name=('SAML NameID SPPRovidedID'), null=True) |
|
39 | ||
35 | 40 |
class Meta: |
36 | 41 |
verbose_name = _('user SAML identifier') |
37 | 42 |
verbose_name_plural = _('users SAML identifiers') |
mellon/views.py | ||
---|---|---|
268 | 268 |
name_id = login.nameIdentifier |
269 | 269 |
name_id_format = force_str(name_id.format or lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED) |
270 | 270 |
attributes.update( |
271 |
{'name_id_content': lasso_decode(name_id.content), 'name_id_format': name_id_format} |
|
271 |
{ |
|
272 |
'name_id_content': lasso_decode(name_id.content), |
|
273 |
'name_id_format': name_id_format, |
|
274 |
} |
|
272 | 275 |
) |
273 | 276 |
if name_id.nameQualifier: |
274 | 277 |
attributes['name_id_name_qualifier'] = force_str(name_id.nameQualifier) |
275 | 278 |
if name_id.spNameQualifier: |
276 | 279 |
attributes['name_id_sp_name_qualifier'] = force_str(name_id.spNameQualifier) |
280 |
if name_id.spProvidedId: |
|
281 |
attributes['name_id_provided_id'] = force_str(name_id.spProvidedId) |
|
277 | 282 |
authn_statement = login.assertion.authnStatement[0] |
278 | 283 |
if authn_statement.authnInstant: |
279 | 284 |
attributes['authn_instant'] = utils.iso8601_to_datetime(authn_statement.authnInstant) |
280 |
- |