From c2efe5d6fd303dd8118221bc726cdb8a943fab43 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 25 Mar 2021 15:16:24 +0100 Subject: [PATCH] manager: include oidc and saml federation info in user details (#28210) --- src/authentic2_auth_oidc/apps.py | 7 +++++++ .../manager_user_sidebar.html | 13 +++++++++++++ src/authentic2_auth_saml/apps.py | 13 +++++++++++++ .../manager_user_sidebar.html | 13 +++++++++++++ tests/test_auth_oidc.py | 12 ++++++++++++ tests/test_auth_saml.py | 15 +++++++++++++++ 6 files changed, 73 insertions(+) create mode 100644 src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html create mode 100644 src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html diff --git a/src/authentic2_auth_oidc/apps.py b/src/authentic2_auth_oidc/apps.py index b6792ef4..34053121 100644 --- a/src/authentic2_auth_oidc/apps.py +++ b/src/authentic2_auth_oidc/apps.py @@ -15,6 +15,7 @@ # along with this program. If not, see . import django.apps +from django import template class Plugin(object): @@ -101,3 +102,9 @@ class AppConfig(django.apps.AppConfig): 'sub': oidc_account.sub, } ) + + def a2_hook_manager_user_data(self, view, user): + context = {'user': user} + return [ + template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context) + ] diff --git a/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html new file mode 100644 index 00000000..80ab54ae --- /dev/null +++ b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html @@ -0,0 +1,13 @@ +{% load i18n %} +{% if user.oidc_account %} +
+{% trans "Link with OIDC provider" %} +
+
    +
  • {% trans "Name:" %} {{ user.oidc_account.provider.name }}
    • +
  • {% trans "Issuer:" %} {{ user.oidc_account.provider.issuer }}
    • +
  • {% trans "Creation date:" %} {{ user.oidc_account.created }}
    • +
+
+{% endif %} +
diff --git a/src/authentic2_auth_saml/apps.py b/src/authentic2_auth_saml/apps.py index 941c5be6..b02cc6ae 100644 --- a/src/authentic2_auth_saml/apps.py +++ b/src/authentic2_auth_saml/apps.py @@ -15,6 +15,8 @@ # along with this program. If not, see . import django.apps +from django import template +from mellon.utils import get_idp class AppConfig(django.apps.AppConfig): @@ -41,3 +43,14 @@ class AppConfig(django.apps.AppConfig): 'name_id': saml_account.name_id, } ) + + def a2_hook_manager_user_data(self, view, user): + user_saml_identifiers = user.saml_identifiers.all() + if not user_saml_identifiers: + return [''] + for user_saml_identifier in user_saml_identifiers: + user_saml_identifier.idp = get_idp(user_saml_identifier.issuer) + context = {'user_saml_identifiers': user_saml_identifiers} + return [ + template.loader.get_template('authentic2_auth_saml/manager_user_sidebar.html').render(context) + ] diff --git a/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html new file mode 100644 index 00000000..81de94e2 --- /dev/null +++ b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html @@ -0,0 +1,13 @@ +{% load i18n %} +
+{% trans "Link with SAML providers" %} +{% for identifier in user_saml_identifiers %} +
+

{% trans "Issuer:" %} {% firstof identifier.idp.DISPLAY_NAME identifier.issuer %}

+
    +
  • {% trans "NameID:" %} {{ identifier.name_id }}
    • +
  • {% trans "Creation date:" %} {{ identifier.created }}
    • +
+
+{% endfor %} +
diff --git a/tests/test_auth_oidc.py b/tests/test_auth_oidc.py index a6c4ef02..3c082c4b 100644 --- a/tests/test_auth_oidc.py +++ b/tests/test_auth_oidc.py @@ -891,3 +891,15 @@ def test_multiple_users_with_same_email(app, caplog, code, oidc_provider_jwkset, assert '_auth_user_id' not in app.session assert OIDCAccount.objects.count() == 0 assert 'too many users' in caplog.records[-1].message + + +def test_manager_user_sidebar(app, superuser, simple_user, oidc_provider): + utils.login(app, superuser, '/manage/') + response = app.get('/manage/users/%s/' % simple_user.id) + assert 'OIDC' not in response + + OIDCAccount.objects.create(user=simple_user, provider=oidc_provider, sub='1234') + + response = app.get('/manage/users/%s/' % simple_user.id) + assert 'Server' in response + assert 'https://server.example.com' in response diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py index 77df3740..b5c3c41b 100644 --- a/tests/test_auth_saml.py +++ b/tests/test_auth_saml.py @@ -26,6 +26,8 @@ from authentic2.custom_user.models import DeletedUser from authentic2.models import Attribute from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError +from .utils import login + User = get_user_model() @@ -269,3 +271,16 @@ def test_save_account_on_delete_user(db): 'name_id': '4567', }, ] + + +def test_manager_user_sidebar(app, superuser, simple_user): + login(app, superuser, '/manage/') + response = app.get('/manage/users/%s/' % simple_user.id) + assert 'SAML' not in response + + UserSAMLIdentifier.objects.create(user=simple_user, issuer='https://idp1.com/', name_id='1234') + + response = app.get('/manage/users/%s/' % simple_user.id) + assert 'SAML' in response + assert 'https://idp1.com/' in response + assert '1234' in response -- 2.20.1