Log missing fields in SAML response

When a field was not present in the SAML response, it was silently
ignored during the User model update. Logging helps debugging.

Author: francoisfreitag

CHANGES

@@ -3,6 +3,7 @@ Changes
 
 UNRELEASED
 ----------
+- Log when fields are missing in a SAML response.
 - Log when attribute_mapping maps to nonexistent User fields.
 - Dropped compatibility for Python < 2.7 and Django < 1.8.
 

djangosaml2/backends.py

@@ -215,6 +215,9 @@ def update_user(self, user, attributes, attribute_mapping,
         for saml_attr, django_attrs in attribute_mapping.items():
             attr_value_list = attributes.get(saml_attr)
             if not attr_value_list:
+                logger.debug(
+                    'Could not find value for "%s", not updating fields "%s"',
+                    saml_attr, django_attrs)
                 continue
 
             for attr in django_attrs:

tests/testprofiles/tests.py

@@ -102,11 +102,17 @@ def test_update_user_empty_attribute(self):
             'cn': ('John', ),
             'sn': (),
             }
-        backend.update_user(user, attributes, attribute_mapping)
+        with self.assertLogs('djangosaml2', level='DEBUG') as logs:
+            backend.update_user(user, attributes, attribute_mapping)
         self.assertEqual(user.email, 'john@example.com')
         self.assertEqual(user.first_name, 'John')
         # empty attribute list: no update
         self.assertEqual(user.last_name, 'Smith')
+        self.assertIn(
+            'DEBUG:djangosaml2:Could not find value for "sn", not '
+            'updating fields "(\'last_name\',)"',
+            logs.output,
+        )
 
     def test_invalid_model_attribute_log(self):
         backend = Saml2Backend()