Fix Saml II and saml default groups

openslides/saml/README.md

@@ -79,3 +79,9 @@ One can overwrite the data extracted from the request headers of saml-requests.
 - ``http_host``: The hostname.
 - ``script_name``: The aquivalent to ``PATH_INFO`` in the meta values.
 - ``server_port``: The port listen by the server.
+
+### Default group ids
+
+If the optional key `default_group_ids` is given, these groups are assigned to
+each new created user on each saml login. It must be a list of ids. To disable
+this feature, either just do not inlcude this key, or set it to `null`.

openslides/saml/settings.py

@@ -94,6 +94,7 @@ class SamlSettings:
     - request_settings: {
         <key>: <value>,
       }
+    - default_group_ids: [<id>, ...] | null | undefined
     """
 
     def __init__(self):
@@ -121,6 +122,7 @@ class SamlSettings:
         self.load_general_settings(content)
         self.load_attribute_mapping(content)
         self.load_request_settings(content)
+        self.load_default_group_ids(content)
 
         # Load saml settings
         self.saml_settings = OneLogin_Saml2_Settings(
@@ -211,6 +213,20 @@ class SamlSettings:
             ] not in ("on", "off"):
                 raise SamlException('The https value must be "on" or "off"')
 
+    def load_default_group_ids(self, content):
+        self.default_group_ids = content.pop("default_group_ids", None)
+        if self.default_group_ids is None:
+            return
+        if not isinstance(self.default_group_ids, list):
+            raise SamlException(
+                "default_group_ids must be null (or not present) or a list of integers"
+            )
+        for id in self.default_group_ids:
+            if not isinstance(id, int):
+                raise SamlException(
+                    "default_group_ids must be null (or not present) or a list of integers"
+                )
+
 
 saml_settings = None
 

openslides/saml/views.py

@@ -143,6 +143,9 @@ class SamlView(View):
             logger.info(
                 f"Created new saml user with id {user.id} and username {user.username}"
             )
+            group_ids = get_saml_settings().default_group_ids
+            if group_ids:
+                user.groups.add(group_ids)
             inform_changed_data(user)  # put the new user into the cache
         else:
             logger.info(

openslides/utils/autoupdate.py

@@ -277,12 +277,17 @@ class AutoupdateBundleMiddleware:
 
         timing()
 
+        status_ok = response.status_code >= 200 and response.status_code < 300
+        status_redirect = response.status_code >= 300 and response.status_code < 400
+
         # rewrite the response by adding the autoupdate on any success-case (2xx status)
         bundle: AutoupdateBundle = autoupdate_bundle.pop(thread_id)
-        if response.status_code >= 200 and response.status_code < 300:
+        if status_ok or status_redirect:
             change_id = bundle.done()
 
-            if change_id is not None:
+            # inject the autoupdate, if there is an autoupdate and the status is
+            # ok (and not redirect; redirects do not have a useful content)
+            if change_id is not None and status_ok:
                 user_id = request.user.pk or 0
                 # Inject the autoupdate in the response.
                 # The complete response body will be overwritten!