From e5e034188d44cc234eb1cab78c16c59d927bcb2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Wed, 29 Jun 2016 10:32:10 +0200
Subject: [PATCH] saml: add verified fields in user profile (#12366)

---
 extra/modules/saml2.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/extra/modules/saml2.py b/extra/modules/saml2.py
index 8978255..330571c 100644
--- a/extra/modules/saml2.py
+++ b/extra/modules/saml2.py
@@ -111,5 +111,25 @@ class Saml2Directory(qommon.saml2.Saml2Directory):
         if login and login.identity:
             user.lasso_dump = login.identity.dump()
 
+        lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
+        assertion = lasso_session.getAssertions(None)[0]
+        for attribute in assertion.attributeStatement[0].attribute:
+            if attribute.name == 'verified_attributes':
+                verified_attributes = [x.any[0].content for x in attribute.attributeValue]
+                if verified_attributes:
+                    # XXX: if there are any verified attributes we consider
+                    # first and last names are also verified.  This is to work
+                    # around the fact that those attributes are handled
+                    # differently in authentic and cannot be marked as
+                    # verified.
+                    verified_attributes.extend(['first_name', 'last_name'])
+                verified_fields = []
+                if user.get_formdef() and user.get_formdef().fields:
+                    for field in user.get_formdef().fields:
+                        if field.varname in verified_attributes:
+                            verified_fields.append(field.id)
+                user.verified_fields = verified_fields
+                break
+
         user.store()
         return user
-- 
2.8.1