From 27dc0ac28d54c7e65a2ce2eaff69cdc36871cb5b Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 28 Jul 2022 15:52:33 +0200
Subject: [PATCH 5/8] auth_saml: lookup by attributes using model (#67025)

---
 src/authentic2_auth_saml/models.py |  9 +++++++++
 tests/test_auth_saml.py            | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/authentic2_auth_saml/models.py b/src/authentic2_auth_saml/models.py
index 1d9f4e01..3f871803 100644
--- a/src/authentic2_auth_saml/models.py
+++ b/src/authentic2_auth_saml/models.py
@@ -191,6 +191,8 @@ class SAMLAuthenticator(BaseAuthenticator):
             if not settings[setting]:
                 del settings[setting]
 
+        settings['LOOKUP_BY_ATTRIBUTES'] = [lookup.as_dict() for lookup in self.attribute_lookups.all()]
+
         settings['authenticator'] = self
         return settings
 
@@ -248,6 +250,13 @@ class SAMLAttributeLookup(SAMLRelatedObjectBase):
         default_related_name = 'attribute_lookups'
         verbose_name = _('Attribute lookup')
 
+    def as_dict(self):
+        return {
+            'user_field': self.user_field,
+            'saml_attribute': self.saml_attribute,
+            'ignore-case': self.ignore_case,
+        }
+
 
 class SetAttributeAction(SAMLRelatedObjectBase):
     attribute = models.CharField(_('User attribute name'), max_length=256)
diff --git a/tests/test_auth_saml.py b/tests/test_auth_saml.py
index effa33c5..b6aba734 100644
--- a/tests/test_auth_saml.py
+++ b/tests/test_auth_saml.py
@@ -31,6 +31,7 @@ from authentic2_auth_saml.adapters import AuthenticAdapter, MappingError
 from authentic2_auth_saml.models import (
     AddRoleAction,
     RenameAttributeAction,
+    SAMLAttributeLookup,
     SAMLAuthenticator,
     SetAttributeAction,
 )
@@ -330,6 +331,15 @@ def test_saml_authenticator_settings(db):
     assert authenticator.settings['AUTHN_CLASSREF'] == []
     assert authenticator.settings['LOGIN_HINTS'] == []
 
+    SAMLAttributeLookup.objects.create(
+        authenticator=authenticator,
+        user_field='email',
+        saml_attribute='mail',
+    )
+    assert authenticator.settings['LOOKUP_BY_ATTRIBUTES'] == [
+        {'saml_attribute': 'mail', 'user_field': 'email', 'ignore-case': False}
+    ]
+
 
 def test_saml_authenticator_data_migration(migration, settings):
     app = 'authentic2_auth_saml'
-- 
2.30.2