Fix Saml II and saml default groups

2020-06-12 14:37:43 +02:00 · 2020-06-12 14:37:43 +02:00 · dc7dfc1936
parent 7d3280707d
commit dc7dfc1936
4 changed files with 32 additions and 2 deletions
--- a/openslides/saml/README.md
+++ b/openslides/saml/README.md
@ -79,3 +79,9 @@ One can overwrite the data extracted from the request headers of saml-requests.
 - ``http_host``: The hostname.
 - ``script_name``: The aquivalent to ``PATH_INFO`` in the meta values.
 - ``server_port``: The port listen by the server.
+
+### Default group ids
+
+If the optional key `default_group_ids` is given, these groups are assigned to
+each new created user on each saml login. It must be a list of ids. To disable
+this feature, either just do not inlcude this key, or set it to `null`.
--- a/openslides/saml/settings.py
+++ b/openslides/saml/settings.py
@ -94,6 +94,7 @@ class SamlSettings:
    - request_settings: {
        <key>: <value>,
      }
+    - default_group_ids: [<id>, ...] | null | undefined
    """

    def __init__(self):
@ -121,6 +122,7 @@ class SamlSettings:
        self.load_general_settings(content)
        self.load_attribute_mapping(content)
        self.load_request_settings(content)
+        self.load_default_group_ids(content)

        # Load saml settings
        self.saml_settings = OneLogin_Saml2_Settings(
@ -211,6 +213,20 @@ class SamlSettings:
            ] not in ("on", "off"):
                raise SamlException('The https value must be "on" or "off"')

+    def load_default_group_ids(self, content):
+        self.default_group_ids = content.pop("default_group_ids", None)
+        if self.default_group_ids is None:
+            return
+        if not isinstance(self.default_group_ids, list):
+            raise SamlException(
+                "default_group_ids must be null (or not present) or a list of integers"
+            )
+        for id in self.default_group_ids:
+            if not isinstance(id, int):
+                raise SamlException(
+                    "default_group_ids must be null (or not present) or a list of integers"
+                )
+

 saml_settings = None

--- a/openslides/saml/views.py
+++ b/openslides/saml/views.py
@ -143,6 +143,9 @@ class SamlView(View):
            logger.info(
                f"Created new saml user with id {user.id} and username {user.username}"
            )
+            group_ids = get_saml_settings().default_group_ids
+            if group_ids:
+                user.groups.add(group_ids)
            inform_changed_data(user)  # put the new user into the cache
        else:
            logger.info(
--- a/openslides/utils/autoupdate.py
+++ b/openslides/utils/autoupdate.py
@ -277,12 +277,17 @@ class AutoupdateBundleMiddleware:

        timing()

+        status_ok = response.status_code >= 200 and response.status_code < 300
+        status_redirect = response.status_code >= 300 and response.status_code < 400
+
        # rewrite the response by adding the autoupdate on any success-case (2xx status)
        bundle: AutoupdateBundle = autoupdate_bundle.pop(thread_id)
-        if response.status_code >= 200 and response.status_code < 300:
+        if status_ok or status_redirect:
            change_id = bundle.done()

-            if change_id is not None:
+            # inject the autoupdate, if there is an autoupdate and the status is
+            # ok (and not redirect; redirects do not have a useful content)
+            if change_id is not None and status_ok:
                user_id = request.user.pk or 0
                # Inject the autoupdate in the response.
                # The complete response body will be overwritten!