From 9dd29f936deae8303fe02ee065aaa611c35223be Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 7 Jun 2019 10:22:10 +0200
Subject: [PATCH] do not crash if no idp is found (#19260)

Also improve logging of no idp situation in default backend.
---
 mellon/backends.py | 10 +++++++++-
 mellon/views.py    |  8 +++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/mellon/backends.py b/mellon/backends.py
index f43c462..fa9640d 100644
--- a/mellon/backends.py
+++ b/mellon/backends.py
@@ -13,17 +13,25 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import logging
+
 from django.contrib.auth.backends import ModelBackend
 
 from . import utils
 
+logger = logging.getLogger(__name__)
+
 
 class SAMLBackend(ModelBackend):
     def authenticate(self, saml_attributes, request=None):
         # without an issuer we can do nothing
         if 'issuer' not in saml_attributes:
-            return
+            logger.debug('no idp in saml_attributes')
+            return None
         idp = utils.get_idp(saml_attributes['issuer'])
+        if not idp:
+            logger.debug('unknown idp %s', saml_attributes['issuer'])
+            return None
         adapters = utils.get_adapters(idp)
         for adapter in adapters:
             if not hasattr(adapter, 'authorize'):
diff --git a/mellon/views.py b/mellon/views.py
index 5a39adf..2ee2cf9 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -113,7 +113,7 @@ class LoginView(ProfileMixin, LogMixin, View):
             for idp in utils.get_idps():
                 return idp
             else:
-                return None
+                return {}
         else:
             return utils.get_idp(entity_id)
 
@@ -154,6 +154,9 @@ class LoginView(ProfileMixin, LogMixin, View):
         '''show error message to user after a login failure'''
         login = self.profile
         idp = utils.get_idp(login.remoteProviderId)
+        if not idp:
+            return HttpResponseBadRequest(
+                'entity id %r is unknown' % login.remoteProviderId)
         error_url = utils.get_setting(idp, 'ERROR_URL')
         error_redirect_after_timeout = utils.get_setting(idp, 'ERROR_REDIRECT_AFTER_TIMEOUT')
         if error_url:
@@ -284,7 +287,6 @@ class LoginView(ProfileMixin, LogMixin, View):
                 'no entity id found for this artifact %r' % artifact)
         idp = utils.get_idp(login.remoteProviderId)
         if not idp:
-            self.log.warning('entity id %r is unknown', login.remoteProviderId)
             return HttpResponseBadRequest(
                 'entity id %r is unknown' % login.remoteProviderId)
         verify_ssl_certificate = utils.get_setting(
@@ -376,7 +378,7 @@ class LoginView(ProfileMixin, LogMixin, View):
 
         next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
         idp = self.get_idp(request)
-        if idp is None:
+        if not idp:
             return HttpResponseBadRequest('no idp found')
         self.profile = login = utils.create_login(request)
         self.log.debug('authenticating to %r', idp['ENTITY_ID'])
-- 
2.20.1