From 7a8c733f3fbb379f93602ddfcdd8a1e793995931 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 7 Oct 2022 13:10:16 +0200
Subject: [PATCH 1/3] misc: remove dead code for authorize_service signal
 (#69992)

---
 src/authentic2/idp/saml/saml2_endpoints.py | 28 ----------------------
 src/authentic2/idp/signals.py              |  6 -----
 2 files changed, 34 deletions(-)

diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py
index 0ff5a59c..34d17ac5 100644
--- a/src/authentic2/idp/saml/saml2_endpoints.py
+++ b/src/authentic2/idp/saml/saml2_endpoints.py
@@ -823,34 +823,6 @@ def sso_after_process_request(
     if nid_format == 'transient':
         transient = True
 
-    decisions = idp_signals.authorize_service.send(
-        sender=None, request=request, user=request.user, audience=login.remoteProviderId, attributes={}
-    )
-    logger.debug('signal authorize_service sent')
-
-    # You don't dream. By default, access granted.
-    # We catch denied decisions i.e. dic['authz'] = False
-    access_granted = True
-    for decision in decisions:
-        logger.debug('authorize_service connected to function %s', decision[0].__name__)
-        dic = decision[1]
-        if dic and 'authz' in dic:
-            logger.debug('decision is %s', dic['authz'])
-            if 'message' in dic:
-                logger.debug('with message %s', dic['message'])
-            if not dic['authz']:
-                logger.debug('access denied by an external function')
-                access_granted = False
-        else:
-            logger.debug('no function connected to authorize_service')
-
-    if not access_granted:
-        logger.debug('access denied, return answer to the requester')
-        set_saml2_response_responder_status_code(
-            login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED, msg=str(dic['message'])
-        )
-        return finish_sso(request, login)
-
     provider = load_provider(request, login.remoteProviderId, server=login.server)
     if not provider:
         return error_page(request, _('Provider %s is unknown') % login.remoteProviderId, logger=logger)
diff --git a/src/authentic2/idp/signals.py b/src/authentic2/idp/signals.py
index 78911c6f..63d9fcf4 100644
--- a/src/authentic2/idp/signals.py
+++ b/src/authentic2/idp/signals.py
@@ -16,12 +16,6 @@
 
 from django.dispatch import Signal
 
-# authorize_decision
-# Expect a dictionnaries as return with:
-#  - the authorization decision e.g. dic['authz'] = True or False
-#  - optionnaly a message e.g. dic['message'] = message
-authorize_service = Signal(providing_args=["request", "user", "audience", "attributes"])
-
 # avoid_consent
 # Expect a boolean e.g. dic['avoid_consent'] = True or False
 avoid_consent = Signal(providing_args=["request", "user", "audience"])
-- 
2.37.2