updates

mhindery · mhindery · commit 2e4f6b8bccbb · 2020-05-01T20:38:49.000+02:00
diff --git a/djangosaml2/backends.py b/djangosaml2/backends.py
@@ -134,7 +134,8 @@ def authenticate(self, request, session_info=None, attribute_mapping=None, creat
 
         user, created = self.get_or_create_user(
             user_lookup_key, user_lookup_value, create_unknown_user,
-            request=request, session_info=session_info, attributes=attributes, attribute_mapping=attribute_mapping
+            idp_entityid=session_info['issuer'], name_id=session_info['name_id'],
+            attributes=attributes, attribute_mapping=attribute_mapping, request=request
         )
 
         # Update user with new attributes from incoming request
@@ -198,12 +199,17 @@ def clean_user_main_attribute(self, main_attribute: Any) -> Any:
         """ Hook to clean the extracted user-identifying value. No-op by default. """
         return main_attribute
 
-    def get_or_create_user(self, user_lookup_key: str, user_lookup_value: Any, create_unknown_user: bool, **kwargs) -> Tuple[Optional[settings.AUTH_USER_MODEL], bool]:
+    def get_or_create_user(self,
+            user_lookup_key: str, user_lookup_value: Any, create_unknown_user: bool,
+            idp_entityid: str, name_id: str, attributes: dict, attribute_mapping: dict, request
+        ) -> Tuple[Optional[settings.AUTH_USER_MODEL], bool]:
         """ Look up the user to authenticate. If he doesn't exist, this method creates him (if so desired).
             The default implementation looks only at the user_identifier. Override this method in order to do more complex behaviour,
-            e.g. customize this per IdP. The kwargs contain these additional params: session_info, attribute_mapping, attributes, request.
-            The identity provider id can be found in kwargs['session_info']['issuer]
+            e.g. customize this per IdP.
         """
+        print(f"idp_entityid: {idp_entityid}")
+        print(f"name_id: {name_id}")
+        print(f"user_lookup_value: {user_lookup_value}")
         UserModel = self._user_model
 
         # Construct query parameters to query the userModel with. An additional lookup modifier could be specified in the settings.
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -336,10 +336,12 @@ def assertion_consumer_service(request,
         create_unknown_user = create_unknown_user()
 
     logger.debug('Trying to authenticate the user. Session info: %s', session_info)
-    user = auth.authenticate(request=request,
-                             session_info=session_info,
-                             attribute_mapping=attribute_mapping,
-                             create_unknown_user=create_unknown_user)
+    user = auth.authenticate(
+        request=request,
+        session_info=session_info,
+        attribute_mapping=attribute_mapping,
+        create_unknown_user=create_unknown_user,
+    )
     if user is None:
         logger.warning("Could not authenticate user received in SAML Assertion. Session info: %s", session_info)
         return fail_acs_response(request, exception=PermissionDenied('No user could be authenticated.'))
diff --git a/tests/testprofiles/tests.py b/tests/testprofiles/tests.py
@@ -181,7 +181,7 @@ def test_invalid_model_attribute_log(self):
         }
 
         with self.assertLogs('djangosaml2', level='DEBUG') as logs:
-            user, _ = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john', True)
+            user, _ = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john', True, None, None, None, None, None)
             self.backend._update_user(user, attributes, attribute_mapping)
 
         self.assertIn(
@@ -200,11 +200,7 @@ def test_create_user_with_required_fields(self):
             'mail_verified': [True],
         }
         # User creation does not fail if several fields are required.
-        user, created = self.backend.get_or_create_user(
-            self.backend._user_lookup_attribute,
-            'john@example.org',
-            True
-        )
+        user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john@example.org', True, None, None, None, None, None)
 
         self.assertEquals(user.email, 'john@example.org')
         self.assertIs(user.email_verified, None)
@@ -238,6 +234,7 @@ def test_get_or_create_user_existing(self):
                 self.backend._user_lookup_attribute,
                 'john',
                 False,
+                None, None, None, None, None
             )
 
         self.assertTrue(isinstance(user, TestUser))
@@ -252,6 +249,7 @@ def test_get_or_create_user_duplicates(self):
                     'age',
                     '',
                     False,
+                    None, None, None, None, None
                 )
 
         self.assertTrue(user is None)
@@ -268,6 +266,7 @@ def test_get_or_create_user_no_create(self):
                     self.backend._user_lookup_attribute,
                     'paul',
                     False,
+                    None, None, None, None, None
                 )
 
         self.assertTrue(user is None)
@@ -284,6 +283,7 @@ def test_get_or_create_user_create(self):
                     self.backend._user_lookup_attribute,
                     'paul',
                     True,
+                    None, None, None, None, None
                 )
 
         self.assertTrue(isinstance(user, TestUser))
@@ -313,9 +313,6 @@ def clean_user_main_attribute(self, main_attribute):
         ''' Replace all spaces an dashes by underscores '''
         return main_attribute.replace('-', '_').replace(' ', '_')
 
-    def get_or_create_user(self, user_lookup_key, user_lookup_value, create_unknown_user, **kwargs):
-        return super().get_or_create_user(user_lookup_key, user_lookup_value, create_unknown_user, **kwargs)
-
 
 class CustomizedSaml2BackendTests(Saml2BackendTests):
     backend_cls = CustomizedBackend
@@ -367,7 +364,7 @@ def test_authenticate(self):
 
         user = self.backend.authenticate(
             None,
-            session_info={'ava': attributes},
+            session_info={'ava': attributes, 'issuer': 'dummy_entity_id', 'name_id': 'john'},
             attribute_mapping=attribute_mapping,
         )
 
@@ -402,7 +399,7 @@ def test_update_user_clean_attributes(self):
         backend = LowerCaseSaml2Backend()
         user = backend.authenticate(
             None,
-            session_info={'ava': attributes},
+            session_info={'ava': attributes, 'issuer': 'dummy_entity_id', 'name_id': 'john'},
             attribute_mapping=attribute_mapping,
         )
         self.assertIsNotNone(user)
