From 82622b7c4bb155323521ddea1a4079d5015950e1 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 25 Mar 2021 15:16:24 +0100
Subject: [PATCH] manager: include oidc and saml federation info in user
 details (#28210)

---
 src/authentic2_auth_oidc/apps.py                    |  5 +++++
 .../authentic2_auth_oidc/manager_user_sidebar.html  | 10 ++++++++++
 src/authentic2_auth_saml/apps.py                    |  5 +++++
 .../authentic2_auth_saml/manager_user_sidebar.html  |  6 ++++++
 tests/test_auth_oidc.py                             | 11 +++++++++++
 tests/test_auth_saml.py                             | 13 +++++++++++++
 6 files changed, 50 insertions(+)
 create mode 100644 src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
 create mode 100644 src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html

diff --git a/src/authentic2_auth_oidc/apps.py b/src/authentic2_auth_oidc/apps.py
index fc2de0f3..b23accef 100644
--- a/src/authentic2_auth_oidc/apps.py
+++ b/src/authentic2_auth_oidc/apps.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import django.apps
+from django import template
 
 
 class Plugin(object):
@@ -97,3 +98,7 @@ class AppConfig(django.apps.AppConfig):
                 'issuer': oidc_account.provider.issuer,
                 'sub': oidc_account.sub,
             })
+
+    def a2_hook_manager_user_data(self, view, user):
+        context = {'user': user}
+        return [template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context)]
diff --git a/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
new file mode 100644
index 00000000..37faca94
--- /dev/null
+++ b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
@@ -0,0 +1,10 @@
+{% load i18n %}
+<div class="auth-oidc-user-sidebar">
+{% if user.oidc_account %}
+<p>
+{% blocktrans trimmed with created=user.oidc_account.created name=user.oidc_account.provider.name %}
+Link with OIDC provider "{{ name }}" created on {{ created }}
+{% endblocktrans %}
+</p>
+{% endif %}
+</div>
diff --git a/src/authentic2_auth_saml/apps.py b/src/authentic2_auth_saml/apps.py
index 067329fb..74e30a90 100644
--- a/src/authentic2_auth_saml/apps.py
+++ b/src/authentic2_auth_saml/apps.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import django.apps
+from django import template
 
 
 class AppConfig(django.apps.AppConfig):
@@ -40,3 +41,7 @@ class AppConfig(django.apps.AppConfig):
                 'issuer': saml_account.issuer,
                 'name_id': saml_account.name_id,
             })
+
+    def a2_hook_manager_user_data(self, view, user):
+        context = {'user': user}
+        return [template.loader.get_template('authentic2_auth_saml/manager_user_sidebar.html').render(context)]
diff --git a/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
new file mode 100644
index 00000000..f2db94ea
--- /dev/null
+++ b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
@@ -0,0 +1,6 @@
+{% load i18n %}
+{% for identifier in user.saml_identifiers.all %}
+<div class="auth-saml-user-sidebar">
+<p title="{{ identifier.issuer }}">{% trans "Link with SAML identity provider created on" %} {{ identifier.created }}</p>
+</div>
+{% endfor %}
diff --git a/tests/test_auth_oidc.py b/tests/test_auth_oidc.py
index d48cc71d..113ec690 100644
--- a/tests/test_auth_oidc.py
+++ b/tests/test_auth_oidc.py
@@ -913,3 +913,14 @@ def test_multiple_users_with_same_email(app, caplog, code, oidc_provider_jwkset,
     assert '_auth_user_id' not in app.session
     assert OIDCAccount.objects.count() == 0
     assert 'too many users' in caplog.records[-1].message
+
+
+def test_manager_user_sidebar(app, superuser, simple_user, oidc_provider):
+    utils.login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'OIDC' not in response
+
+    OIDCAccount.objects.create(user=simple_user, provider=oidc_provider, sub='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'OIDC provider "Server"' in response
diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py
index 2e40f80a..4f73e5fc 100644
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@@ -31,6 +31,8 @@ from authentic2.models import Attribute
 from authentic2.custom_user.models import DeletedUser
 from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError
 
+from .utils import login
+
 User = get_user_model()
 
 
@@ -289,3 +291,14 @@ def test_save_account_on_delete_user(db):
             'name_id': '4567',
         }
     ]
+
+
+def test_manager_user_sidebar(app, superuser, simple_user):
+    login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' not in response
+
+    UserSAMLIdentifier.objects.create(user=simple_user, issuer='https://idp1.com/', name_id='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' in response
-- 
2.20.1