From dc7dfc193619fddd11b0919ed2d3c92018577e21 Mon Sep 17 00:00:00 2001 From: FinnStutzenstein Date: Fri, 12 Jun 2020 14:37:43 +0200 Subject: [PATCH] Fix Saml II and saml default groups --- openslides/saml/README.md | 6 ++++++ openslides/saml/settings.py | 16 ++++++++++++++++ openslides/saml/views.py | 3 +++ openslides/utils/autoupdate.py | 9 +++++++-- 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/openslides/saml/README.md b/openslides/saml/README.md index fb160b352..b6fcbb6c3 100644 --- a/openslides/saml/README.md +++ b/openslides/saml/README.md @@ -79,3 +79,9 @@ One can overwrite the data extracted from the request headers of saml-requests. - ``http_host``: The hostname. - ``script_name``: The aquivalent to ``PATH_INFO`` in the meta values. - ``server_port``: The port listen by the server. + +### Default group ids + +If the optional key `default_group_ids` is given, these groups are assigned to +each new created user on each saml login. It must be a list of ids. To disable +this feature, either just do not inlcude this key, or set it to `null`. diff --git a/openslides/saml/settings.py b/openslides/saml/settings.py index f49c8ca3d..00064ecd8 100644 --- a/openslides/saml/settings.py +++ b/openslides/saml/settings.py @@ -94,6 +94,7 @@ class SamlSettings: - request_settings: { : , } + - default_group_ids: [, ...] | null | undefined """ def __init__(self): @@ -121,6 +122,7 @@ class SamlSettings: self.load_general_settings(content) self.load_attribute_mapping(content) self.load_request_settings(content) + self.load_default_group_ids(content) # Load saml settings self.saml_settings = OneLogin_Saml2_Settings( @@ -211,6 +213,20 @@ class SamlSettings: ] not in ("on", "off"): raise SamlException('The https value must be "on" or "off"') + def load_default_group_ids(self, content): + self.default_group_ids = content.pop("default_group_ids", None) + if self.default_group_ids is None: + return + if not isinstance(self.default_group_ids, list): + raise SamlException( + "default_group_ids must be null (or not present) or a list of integers" + ) + for id in self.default_group_ids: + if not isinstance(id, int): + raise SamlException( + "default_group_ids must be null (or not present) or a list of integers" + ) + saml_settings = None diff --git a/openslides/saml/views.py b/openslides/saml/views.py index 9be2408a6..5f591ed30 100644 --- a/openslides/saml/views.py +++ b/openslides/saml/views.py @@ -143,6 +143,9 @@ class SamlView(View): logger.info( f"Created new saml user with id {user.id} and username {user.username}" ) + group_ids = get_saml_settings().default_group_ids + if group_ids: + user.groups.add(group_ids) inform_changed_data(user) # put the new user into the cache else: logger.info( diff --git a/openslides/utils/autoupdate.py b/openslides/utils/autoupdate.py index 0dfc3b46e..fba9626ad 100644 --- a/openslides/utils/autoupdate.py +++ b/openslides/utils/autoupdate.py @@ -277,12 +277,17 @@ class AutoupdateBundleMiddleware: timing() + status_ok = response.status_code >= 200 and response.status_code < 300 + status_redirect = response.status_code >= 300 and response.status_code < 400 + # rewrite the response by adding the autoupdate on any success-case (2xx status) bundle: AutoupdateBundle = autoupdate_bundle.pop(thread_id) - if response.status_code >= 200 and response.status_code < 300: + if status_ok or status_redirect: change_id = bundle.done() - if change_id is not None: + # inject the autoupdate, if there is an autoupdate and the status is + # ok (and not redirect; redirects do not have a useful content) + if change_id is not None and status_ok: user_id = request.user.pk or 0 # Inject the autoupdate in the response. # The complete response body will be overwritten!