Merge pull request #85 from francoisfreitag/custom_user_username_field

knaperek · web-flow · commit c11efbede8ff · 2017-10-02T09:46:26.000+02:00
Inspect User model to determine Django user main attribute
diff --git a/README.rst b/README.rst
@@ -315,15 +315,16 @@ authentication. This assertion contains attributes about the user that
 was authenticated. It depends on the IdP configuration what exact
 attributes are sent to each SP it can talk to.
 
-When such assertion is received on the Django side it is used to find
-a Django user and create a session for it. By default djangosaml2 will
-do a query on the User model with the 'username' attribute but you can
-change it to any other attribute of the User model. For example,
-you can do this lookup using the 'email' attribute. In order to do so
-you should set the following setting::
+When such assertion is received on the Django side it is used to find a Django
+user and create a session for it. By default djangosaml2 will do a query on the
+User model with the USERNAME_FIELD_ attribute but you can change it to any
+other attribute of the User model. For example, you can do this lookup using
+the 'email' attribute. In order to do so you should set the following setting::
 
   SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'
 
+.. _USERNAME_FIELD: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#django.contrib.auth.models.CustomUser.USERNAME_FIELD
+
 Please, use an unique attribute when setting this option. Otherwise
 the authentication process may fail because djangosaml2 will not know
 which Django user it should pick.
diff --git a/djangosaml2/backends.py b/djangosaml2/backends.py
@@ -23,8 +23,6 @@
 
 from djangosaml2.signals import pre_user_save
 
-from . import settings as saml_settings
-
 try:
     from django.contrib.auth.models import SiteProfileNotAvailable
 except ImportError:
@@ -85,8 +83,7 @@ def authenticate(self, request, session_info=None, attribute_mapping=None,
         use_name_id_as_username = getattr(
             settings, 'SAML_USE_NAME_ID_AS_USERNAME', False)
 
-        django_user_main_attribute = saml_settings.SAML_DJANGO_USER_MAIN_ATTRIBUTE
-        django_user_main_attribute_lookup = saml_settings.SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP
+        django_user_main_attribute = self.get_django_user_main_attribute()
 
         logger.debug('attributes: %s', attributes)
         saml_user = None
@@ -137,15 +134,19 @@ def clean_user_main_attribute(self, main_attribute):
         """
         return main_attribute
 
-    def get_user_query_args(self, main_attribute):
-        django_user_main_attribute = getattr(
-            settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username')
-        django_user_main_attribute_lookup = getattr(
-            settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')
+    def get_django_user_main_attribute(self):
+        return getattr(
+            settings,
+            'SAML_DJANGO_USER_MAIN_ATTRIBUTE',
+            getattr(get_saml_user_model(), 'USERNAME_FIELD', 'username'))
 
-        return {
-            django_user_main_attribute + django_user_main_attribute_lookup: main_attribute
-        }
+    def get_django_user_main_attribute_lookup(self):
+        return getattr(settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')
+
+    def get_user_query_args(self, main_attribute):
+        lookup = (self.get_django_user_main_attribute() +
+                  self.get_django_user_main_attribute_lookup())
+        return {lookup: main_attribute}
 
     def get_saml2_user(self, create, main_attribute, attributes, attribute_mapping):
         if create:
@@ -156,8 +157,7 @@ def get_saml2_user(self, create, main_attribute, attributes, attribute_mapping):
     def _get_or_create_saml2_user(self, main_attribute, attributes, attribute_mapping):
         logger.debug('Check if the user "%s" exists or create otherwise',
                      main_attribute)
-        django_user_main_attribute = saml_settings.SAML_DJANGO_USER_MAIN_ATTRIBUTE
-        django_user_main_attribute_lookup = saml_settings.SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP
+        django_user_main_attribute = self.get_django_user_main_attribute()
         user_query_args = self.get_user_query_args(main_attribute)
         user_create_defaults = {django_user_main_attribute: main_attribute}
 
@@ -180,7 +180,7 @@ def _get_or_create_saml2_user(self, main_attribute, attributes, attribute_mappin
 
     def _get_saml2_user(self, main_attribute, attributes, attribute_mapping):
         User = get_saml_user_model()
-        django_user_main_attribute = saml_settings.SAML_DJANGO_USER_MAIN_ATTRIBUTE
+        django_user_main_attribute = self.get_django_user_main_attribute()
         user_query_args = self.get_user_query_args(main_attribute)
 
         logger.debug('Retrieving existing user "%s"', main_attribute)
diff --git a/djangosaml2/settings.py b/djangosaml2/settings.py
diff --git a/tests/testprofiles/models.py b/tests/testprofiles/models.py
@@ -15,8 +15,6 @@
 
 import django
 from django.db import models
-from django.contrib.auth.models import User
-from django.conf import settings
 
 if django.VERSION < (1, 7):
     class TestProfile(models.Model):
@@ -29,6 +27,12 @@ def process_first_name(self, first_name):
     from django.contrib.auth.models import AbstractUser
     class TestUser(AbstractUser):
         age = models.CharField(max_length=100, blank=True)
-
         def process_first_name(self, first_name):
             self.first_name = first_name[0]
+
+    class StandaloneUserModel(models.Model):
+        """
+        Does not inherit from Django's base abstract user and does not define a
+        USERNAME_FIELD.
+        """
+        username = models.CharField(max_length=30, unique=True)
diff --git a/tests/testprofiles/tests.py b/tests/testprofiles/tests.py
@@ -23,7 +23,9 @@
 else:
     User = get_user_model()
 
-from django.test import TestCase
+from django.contrib.auth.models import User as DjangoUserModel
+
+from django.test import TestCase, override_settings
 
 from djangosaml2.backends import Saml2Backend
 
@@ -110,4 +112,37 @@ def test_update_user_empty_attribute(self):
         self.assertEquals(user.email, 'john@example.com')
         self.assertEquals(user.first_name, 'John')
         # empty attribute list: no update
-        self.assertEquals(user.last_name, 'Smith') 
+        self.assertEquals(user.last_name, 'Smith')
+
+    def test_django_user_main_attribute(self):
+        backend = Saml2Backend()
+
+        old_username_field = User.USERNAME_FIELD
+        User.USERNAME_FIELD = 'slug'
+        self.assertEquals(backend.get_django_user_main_attribute(), 'slug')
+        User.USERNAME_FIELD = old_username_field
+
+        with override_settings(AUTH_USER_MODEL='auth.User'):
+            self.assertEquals(
+                DjangoUserModel.USERNAME_FIELD,
+                backend.get_django_user_main_attribute())
+
+        with override_settings(
+                AUTH_USER_MODEL='testprofiles.StandaloneUserModel'):
+            self.assertEquals(
+                backend.get_django_user_main_attribute(),
+                'username')
+
+        with override_settings(SAML_DJANGO_USER_MAIN_ATTRIBUTE='foo'):
+            self.assertEquals(backend.get_django_user_main_attribute(), 'foo')
+
+    def test_django_user_main_attribute_lookup(self):
+        backend = Saml2Backend()
+
+        self.assertEquals(backend.get_django_user_main_attribute_lookup(), '')
+
+        with override_settings(
+                SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP='__iexact'):
+            self.assertEquals(
+                backend.get_django_user_main_attribute_lookup(),
+                '__iexact')
