Inspect User model to determine Django user main attribute

francoisfreitag · francoisfreitag · commit 59ed742e1448 · 2017-09-30T19:50:20.000-07:00
Instead of defaulting SAML_DJANGO_USER_MAIN_ATTRIBUTE to 'username', inspect the current user model and use USERNAME_FIELD. This value should be provided for any custom User model inheriting from AbstractBaseUser. (https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#django.contrib.auth.models.CustomUser.USERNAME_FIELD)
diff --git a/README.rst b/README.rst
@@ -315,15 +315,16 @@ authentication. This assertion contains attributes about the user that
 was authenticated. It depends on the IdP configuration what exact
 attributes are sent to each SP it can talk to.
 
-When such assertion is received on the Django side it is used to find
-a Django user and create a session for it. By default djangosaml2 will
-do a query on the User model with the 'username' attribute but you can
-change it to any other attribute of the User model. For example,
-you can do this lookup using the 'email' attribute. In order to do so
-you should set the following setting::
+When such assertion is received on the Django side it is used to find a Django
+user and create a session for it. By default djangosaml2 will do a query on the
+User model with the USERNAME_FIELD_ attribute but you can change it to any
+other attribute of the User model. For example, you can do this lookup using
+the 'email' attribute. In order to do so you should set the following setting::
 
   SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'
 
+.. _USERNAME_FIELD: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#django.contrib.auth.models.CustomUser.USERNAME_FIELD
+
 Please, use an unique attribute when setting this option. Otherwise
 the authentication process may fail because djangosaml2 will not know
 which Django user it should pick.
diff --git a/djangosaml2/backends.py b/djangosaml2/backends.py
@@ -136,7 +136,9 @@ def clean_user_main_attribute(self, main_attribute):
 
     def get_django_user_main_attribute(self):
         return getattr(
-            settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username')
+            settings,
+            'SAML_DJANGO_USER_MAIN_ATTRIBUTE',
+            getattr(get_saml_user_model(), 'USERNAME_FIELD', 'username'))
 
     def get_django_user_main_attribute_lookup(self):
         return getattr(settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')
diff --git a/tests/testprofiles/models.py b/tests/testprofiles/models.py
@@ -27,7 +27,6 @@ def process_first_name(self, first_name):
     from django.contrib.auth.models import AbstractUser
     class TestUser(AbstractUser):
         age = models.CharField(max_length=100, blank=True)
-
         def process_first_name(self, first_name):
             self.first_name = first_name[0]
 
diff --git a/tests/testprofiles/tests.py b/tests/testprofiles/tests.py
@@ -117,6 +117,11 @@ def test_update_user_empty_attribute(self):
     def test_django_user_main_attribute(self):
         backend = Saml2Backend()
 
+        old_username_field = User.USERNAME_FIELD
+        User.USERNAME_FIELD = 'slug'
+        self.assertEquals(backend.get_django_user_main_attribute(), 'slug')
+        User.USERNAME_FIELD = old_username_field
+
         with override_settings(AUTH_USER_MODEL='auth.User'):
             self.assertEquals(
                 DjangoUserModel.USERNAME_FIELD,
