Merge pull request #49 from cordmata/develop

dstegelman · dstegelman · commit d4a45fb16b03 · 2015-05-29T08:10:47.000-06:00
Allow user creation on first login to be optional.
diff --git a/README.md b/README.md
@@ -138,10 +138,16 @@ Then, add the ``gateway`` decorator to a view:
 To show a custom forbidden page, set ``CAS_CUSTOM_FORBIDDEN`` to a ``path.to.some_view``.  Otherwise,
 a generic ``HttpResponseForbidden`` will be returned.
 
-## Require SSL login
+## Require SSL Login
 
 To force the service url to always target HTTPS, set ``CAS_FORCE_SSL_SERVICE_URL`` to ``True``.
 
+## Automatically Create Users on First Login
+
+By default, a stub user record will be created on the first successful CAS authentication
+using the username in the response. If this behavior is not desired set
+``CAS_AUTO_CREATE_USER`` to ``Flase``.
+
 ## Proxy Tickets
 
 This fork also includes
diff --git a/cas/__init__.py b/cas/__init__.py
@@ -19,6 +19,7 @@
     'CAS_CUSTOM_FORBIDDEN': None,
     'CAS_PGT_FETCH_WAIT': True,
     'CAS_FORCE_SSL_SERVICE_URL': False,
+    'CAS_AUTO_CREATE_USER': True,
 }
 
 for key, value in _DEFAULTS.items():
diff --git a/cas/backends.py b/cas/backends.py
@@ -237,8 +237,11 @@ def authenticate(self, ticket, service):
             user = User.objects.get(username__iexact=username)
         except User.DoesNotExist:
             # user will have an "unusable" password
-            user = User.objects.create_user(username, '')
-            user.save()
+            if settings.CAS_AUTO_CREATE_USER:
+                user = User.objects.create_user(username, '')
+                user.save()
+            else:
+                user = None
         return user
 
     def get_user(self, user_id):
diff --git a/cas/tests/test_backend.py b/cas/tests/test_backend.py
@@ -13,4 +13,18 @@ def setUp(self):
     def test_get_user(self):
         backend = CASBackend()
 
-        self.assertEqual(backend.get_user(self.user.pk), self.user)
+        self.assertEqual(backend.get_user(self.user.pk), self.user)
+
+    @mock.patch('cas.backends._verify')
+    def test_user_auto_create(self, verify):
+        username = 'faker'
+        verify.return_value = username
+        backend = CASBackend()
+
+        with self.settings(CAS_AUTO_CREATE_USER=False):
+            user = backend.authenticate('fake', 'fake')
+            self.assertIsNone(user)
+
+        with self.settings(CAS_AUTO_CREATE_USER=True):
+            user = backend.authenticate('fake', 'fake')
+            self.assertEquals(user.username, username)

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@`
`19`	`19`	`'CAS_CUSTOM_FORBIDDEN': None,`
`20`	`20`	`'CAS_PGT_FETCH_WAIT': True,`
`21`	`21`	`'CAS_FORCE_SSL_SERVICE_URL': False,`
	`22`	`+ 'CAS_AUTO_CREATE_USER': True,`
`22`	`23`	`}`
`23`	`24`
`24`	`25`	`for key, value in _DEFAULTS.items():`