Cleanup

Author: mhindery

README.rst

@@ -81,15 +81,9 @@ A typical configuration would look like this::
       'djangosaml2.backends.Saml2Backend',
   )
 
-.. note::
-
-  Before djangosaml2 0.5.0 this authentication backend was
-  automatically added by djangosaml2. This turned out to be
-  a bad idea since some applications want to use their own
-  custom policies for authorization and the authentication
-  backend is a good place to define that. Starting from
-  djangosaml2 0.5.0 it is now possible to define such
-  backends.
+It is possible to subclass the provided Saml2Backend and customize the behaviour
+by overriding some methods. This way you can perform your custom cleaning or authorization
+policy, and modify the way users are looked up and created.
 
 Finally we have to tell Django what the new login url we want to use is::
 

djangosaml2/backends.py

@@ -134,8 +134,7 @@ def authenticate(self, request, session_info=None, attribute_mapping=None, creat
 
         user, created = self.get_or_create_user(
             user_lookup_key, user_lookup_value, create_unknown_user,
-            idp_entityid=session_info['issuer'], name_id=session_info['name_id'],
-            attributes=attributes, attribute_mapping=attribute_mapping, request=request
+            idp_entityid=session_info['issuer'], attributes=attributes, attribute_mapping=attribute_mapping, request=request
         )
 
         # Update user with new attributes from incoming request
@@ -201,15 +200,12 @@ def clean_user_main_attribute(self, main_attribute: Any) -> Any:
 
     def get_or_create_user(self,
             user_lookup_key: str, user_lookup_value: Any, create_unknown_user: bool,
-            idp_entityid: str, name_id: str, attributes: dict, attribute_mapping: dict, request
+            idp_entityid: str, attributes: dict, attribute_mapping: dict, request
         ) -> Tuple[Optional[settings.AUTH_USER_MODEL], bool]:
         """ Look up the user to authenticate. If he doesn't exist, this method creates him (if so desired).
             The default implementation looks only at the user_identifier. Override this method in order to do more complex behaviour,
             e.g. customize this per IdP.
         """
-        print(f"idp_entityid: {idp_entityid}")
-        print(f"name_id: {name_id}")
-        print(f"user_lookup_value: {user_lookup_value}")
         UserModel = self._user_model
 
         # Construct query parameters to query the userModel with. An additional lookup modifier could be specified in the settings.

tests/testprofiles/tests.py

@@ -181,7 +181,7 @@ def test_invalid_model_attribute_log(self):
         }
 
         with self.assertLogs('djangosaml2', level='DEBUG') as logs:
-            user, _ = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john', True, None, None, None, None, None)
+            user, _ = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john', True, None, None, None, None)
             self.backend._update_user(user, attributes, attribute_mapping)
 
         self.assertIn(
@@ -200,7 +200,7 @@ def test_create_user_with_required_fields(self):
             'mail_verified': [True],
         }
         # User creation does not fail if several fields are required.
-        user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, '[email protected]', True, None, None, None, None, None)
+        user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, '[email protected]', True, None, None, None, None)
 
         self.assertEquals(user.email, '[email protected]')
         self.assertIs(user.email_verified, None)
@@ -230,12 +230,7 @@ def test_django_user_main_attribute(self):
 
     def test_get_or_create_user_existing(self):
         with override_settings(SAML_USER_MODEL='testprofiles.TestUser'):
-            user, created = self.backend.get_or_create_user(
-                self.backend._user_lookup_attribute,
-                'john',
-                False,
-                None, None, None, None, None
-            )
+            user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'john', False, None, None, None, None)
 
         self.assertTrue(isinstance(user, TestUser))
         self.assertFalse(created)
@@ -245,12 +240,7 @@ def test_get_or_create_user_duplicates(self):
 
         with self.assertLogs('djangosaml2', level='DEBUG') as logs:
             with override_settings(SAML_USER_MODEL='testprofiles.TestUser'):
-                user, created = self.backend.get_or_create_user(
-                    'age',
-                    '',
-                    False,
-                    None, None, None, None, None
-                )
+                user, created = self.backend.get_or_create_user('age', '', False, None, None, None, None)
 
         self.assertTrue(user is None)
         self.assertFalse(created)
@@ -262,12 +252,7 @@ def test_get_or_create_user_duplicates(self):
     def test_get_or_create_user_no_create(self):
         with self.assertLogs('djangosaml2', level='DEBUG') as logs:
             with override_settings(SAML_USER_MODEL='testprofiles.TestUser'):
-                user, created = self.backend.get_or_create_user(
-                    self.backend._user_lookup_attribute,
-                    'paul',
-                    False,
-                    None, None, None, None, None
-                )
+                user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'paul', False, None, None, None, None)
 
         self.assertTrue(user is None)
         self.assertFalse(created)
@@ -279,12 +264,7 @@ def test_get_or_create_user_no_create(self):
     def test_get_or_create_user_create(self):
         with self.assertLogs('djangosaml2', level='DEBUG') as logs:
             with override_settings(SAML_USER_MODEL='testprofiles.TestUser'):
-                user, created = self.backend.get_or_create_user(
-                    self.backend._user_lookup_attribute,
-                    'paul',
-                    True,
-                    None, None, None, None, None
-                )
+                user, created = self.backend.get_or_create_user(self.backend._user_lookup_attribute, 'paul', True, None, None, None, None)
 
         self.assertTrue(isinstance(user, TestUser))
         self.assertTrue(created)
@@ -364,7 +344,7 @@ def test_authenticate(self):
 
         user = self.backend.authenticate(
             None,
-            session_info={'ava': attributes, 'issuer': 'dummy_entity_id', 'name_id': 'john'},
+            session_info={'ava': attributes, 'issuer': 'dummy_entity_id'},
             attribute_mapping=attribute_mapping,
         )
 
@@ -373,33 +353,3 @@ def test_authenticate(self):
         self.user.refresh_from_db()
         self.assertEqual(self.user.age, '28')
         self.assertEqual(self.user.is_staff, True)
-
-
-class LowerCaseSaml2Backend(Saml2Backend):
-    def clean_attributes(self, attributes):
-        return dict([k.lower(), v] for k, v in attributes.items())
-
-
-class LowerCaseSaml2BackendTest(TestCase):
-    def test_update_user_clean_attributes(self):
-        user = User.objects.create(username='john')
-        attribute_mapping = {
-            'uid': ('username', ),
-            'mail': ('email', ),
-            'cn': ('first_name', ),
-            'sn': ('last_name', ),
-            }
-        attributes = {
-            'UID': ['john'],
-            'MAIL': ['[email protected]'],
-            'CN': ['John'],
-            'SN': [],
-        }
-
-        backend = LowerCaseSaml2Backend()
-        user = backend.authenticate(
-            None,
-            session_info={'ava': attributes, 'issuer': 'dummy_entity_id', 'name_id': 'john'},
-            attribute_mapping=attribute_mapping,
-        )
-        self.assertIsNotNone(user)