From c1b5ff6b2253cf8206e48676398a3771898e44fd Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 25 Mar 2021 15:16:24 +0100
Subject: [PATCH] manager: include oidc and saml federation info in user
 details (#28210)

---
 .../templates/authentic2/manager/user_detail.html |  5 +++++
 .../authentic2_auth_fc/manager_user_sidebar.html  |  2 +-
 src/authentic2_auth_oidc/apps.py                  |  7 +++++++
 .../manager_user_sidebar.html                     |  9 +++++++++
 src/authentic2_auth_saml/apps.py                  | 13 +++++++++++++
 .../manager_user_sidebar.html                     |  9 +++++++++
 tests/test_auth_oidc.py                           | 12 ++++++++++++
 tests/test_auth_saml.py                           | 15 +++++++++++++++
 8 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
 create mode 100644 src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html

diff --git a/src/authentic2/manager/templates/authentic2/manager/user_detail.html b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
index c56cfb01..2805c59d 100644
--- a/src/authentic2/manager/templates/authentic2/manager/user_detail.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_detail.html
@@ -74,9 +74,14 @@
   </p>
   {% endif %}
 
+  <fieldset class="gadjo-foldable gadjo-folded" id="federations">
+  <legend class="gadjo-foldable-widget">{% trans "External links" %}</legend>
   {% for data in user_data %}
+    <div class="gadjo-folding">
     {{ data }}
+    </div>
   {% endfor %}
+  </fieldset>
 
   {% block other_actions %}{{ block.super }}{% endblock %}
 
diff --git a/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html b/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html
index 98665d36..dcd8f0ff 100644
--- a/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html
+++ b/src/authentic2_auth_fc/templates/authentic2_auth_fc/manager_user_sidebar.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 {% for account in user.fc_accounts.all %}
 <div class="auth-fc-user-sidebar">
-<p>{% trans "Link with FranceConnect created on" %} {{ account.created }}</p>
+<p>{% trans "Link with FranceConnect created on" %} {{ account.created }}.</p>
 </div>
 {% endfor %}
diff --git a/src/authentic2_auth_oidc/apps.py b/src/authentic2_auth_oidc/apps.py
index b6792ef4..34053121 100644
--- a/src/authentic2_auth_oidc/apps.py
+++ b/src/authentic2_auth_oidc/apps.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import django.apps
+from django import template
 
 
 class Plugin(object):
@@ -101,3 +102,9 @@ class AppConfig(django.apps.AppConfig):
                     'sub': oidc_account.sub,
                 }
             )
+
+    def a2_hook_manager_user_data(self, view, user):
+        context = {'user': user}
+        return [
+            template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context)
+        ]
diff --git a/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
new file mode 100644
index 00000000..f73aabba
--- /dev/null
+++ b/src/authentic2_auth_oidc/templates/authentic2_auth_oidc/manager_user_sidebar.html
@@ -0,0 +1,9 @@
+{% load i18n %}
+{% if user.oidc_account %}
+<p>
+{% blocktrans trimmed with created=user.oidc_account.created name=user.oidc_account.provider.name %}
+Link with OIDC provider "{{ name }}" created on {{ created }}.
+{% endblocktrans %}
+</p>
+{% endif %}
+</fieldset>
diff --git a/src/authentic2_auth_saml/apps.py b/src/authentic2_auth_saml/apps.py
index 941c5be6..b02cc6ae 100644
--- a/src/authentic2_auth_saml/apps.py
+++ b/src/authentic2_auth_saml/apps.py
@@ -15,6 +15,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import django.apps
+from django import template
+from mellon.utils import get_idp
 
 
 class AppConfig(django.apps.AppConfig):
@@ -41,3 +43,14 @@ class AppConfig(django.apps.AppConfig):
                     'name_id': saml_account.name_id,
                 }
             )
+
+    def a2_hook_manager_user_data(self, view, user):
+        user_saml_identifiers = user.saml_identifiers.all()
+        if not user_saml_identifiers:
+            return ['']
+        for user_saml_identifier in user_saml_identifiers:
+            user_saml_identifier.idp = get_idp(user_saml_identifier.issuer)
+        context = {'user_saml_identifiers': user_saml_identifiers}
+        return [
+            template.loader.get_template('authentic2_auth_saml/manager_user_sidebar.html').render(context)
+        ]
diff --git a/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
new file mode 100644
index 00000000..4bfc741b
--- /dev/null
+++ b/src/authentic2_auth_saml/templates/authentic2_auth_saml/manager_user_sidebar.html
@@ -0,0 +1,9 @@
+{% load i18n %}
+{% for identifier in user_saml_identifiers %}
+{% firstof identifier.idp.DISPLAY_NAME identifier.issuer as provider %}
+<p>
+{% blocktrans trimmed with created=identifier.created name_id=identifier.name_id %}
+Link with SAML provider {{ provider }} created on {{ created }} (NameID "{{ name_id }}").
+{% endblocktrans %}
+</p>
+{% endfor %}
diff --git a/tests/test_auth_oidc.py b/tests/test_auth_oidc.py
index a6c4ef02..3c082c4b 100644
--- a/tests/test_auth_oidc.py
+++ b/tests/test_auth_oidc.py
@@ -891,3 +891,15 @@ def test_multiple_users_with_same_email(app, caplog, code, oidc_provider_jwkset,
     assert '_auth_user_id' not in app.session
     assert OIDCAccount.objects.count() == 0
     assert 'too many users' in caplog.records[-1].message
+
+
+def test_manager_user_sidebar(app, superuser, simple_user, oidc_provider):
+    utils.login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'OIDC' not in response
+
+    OIDCAccount.objects.create(user=simple_user, provider=oidc_provider, sub='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'Server' in response
+    assert 'https://server.example.com' in response
diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py
index 77df3740..b5c3c41b 100644
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@@ -26,6 +26,8 @@ from authentic2.custom_user.models import DeletedUser
 from authentic2.models import Attribute
 from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError
 
+from .utils import login
+
 User = get_user_model()
 
 
@@ -269,3 +271,16 @@ def test_save_account_on_delete_user(db):
             'name_id': '4567',
         },
     ]
+
+
+def test_manager_user_sidebar(app, superuser, simple_user):
+    login(app, superuser, '/manage/')
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' not in response
+
+    UserSAMLIdentifier.objects.create(user=simple_user, issuer='https://idp1.com/', name_id='1234')
+
+    response = app.get('/manage/users/%s/' % simple_user.id)
+    assert 'SAML' in response
+    assert 'https://idp1.com/' in response
+    assert '1234' in response
-- 
2.20.1