From 8c422d65fdaa114fd8c31badc6b585e1b69be94b Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 28 Jul 2022 15:52:33 +0200
Subject: [PATCH 5/7] auth_saml: lookup by attributes using model (#67025)

---
 src/authentic2_auth_saml/models.py |  9 +++++++++
 tests/test_auth_saml.py            | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/authentic2_auth_saml/models.py b/src/authentic2_auth_saml/models.py
index 48497e98..d5c5b695 100644
--- a/src/authentic2_auth_saml/models.py
+++ b/src/authentic2_auth_saml/models.py
@@ -191,6 +191,8 @@ class SAMLAuthenticator(BaseAuthenticator):
             if not settings[setting]:
                 del settings[setting]
 
+        settings['LOOKUP_BY_ATTRIBUTES'] = [lookup.as_dict() for lookup in self.attribute_lookups.all()]
+
         settings['authenticator'] = self
         return settings
 
@@ -231,6 +233,13 @@ class SAMLAttributeLookup(models.Model):
     class Meta:
         verbose_name = _('Attribute lookup')
 
+    def as_dict(self):
+        return {
+            'user_field': self.user_field,
+            'saml_attribute': self.saml_attribute,
+            'ignore-case': self.ignore_case,
+        }
+
 class RenameAttributeAction(models.Model):
     authenticator = models.ForeignKey(SAMLAuthenticator, on_delete=models.CASCADE)
     from_name = models.CharField(_('From'), max_length=128)
diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py
index c179f397..b89db219 100644
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@@ -31,6 +31,7 @@ from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError
 from authentic2_auth_saml.models import (
     AddRoleAction,
     RenameAttributeAction,
+    SAMLAttributeLookup,
     SAMLAuthenticator,
     SetAttributeAction,
 )
@@ -363,6 +364,15 @@ def test_saml_authenticator_settings(db):
     assert authenticator.settings['AUTHN_CLASSREF'] == []
     assert authenticator.settings['LOGIN_HINTS'] == []
 
+    SAMLAttributeLookup.objects.create(
+        authenticator=authenticator,
+        user_field='email',
+        saml_attribute='mail',
+    )
+    assert authenticator.settings['LOOKUP_BY_ATTRIBUTES'] == [
+        {'saml_attribute': 'mail', 'user_field': 'email', 'ignore-case': False}
+    ]
+
 
 def test_saml_authenticator_data_migration(migration, settings):
     app = 'authentic2_auth_saml'
-- 
2.30.2