Merge pull request #98 from francoisfreitag/custom_session_clean

knaperek · web-flow · commit d7fb45549190 · 2017-10-16T12:50:51.000+02:00
Add hook to clean attributes extracted from SAML response
diff --git a/CHANGES b/CHANGES
@@ -3,6 +3,7 @@ Changes
 
 UNRELEASED
 ----------
+- Added a clean_attributes hook allowing backends to restructure attributes extracted from SAML response.
 - Log when fields are missing in a SAML response.
 - Log when attribute_mapping maps to nonexistent User fields.
 - Dropped compatibility for Python < 2.7 and Django < 1.8.
diff --git a/djangosaml2/backends.py b/djangosaml2/backends.py
@@ -71,7 +71,7 @@ def authenticate(self, request, session_info=None, attribute_mapping=None,
             logger.error('"ava" key not found in session_info')
             return None
 
-        attributes = session_info['ava']
+        attributes = self.clean_attributes(session_info['ava'])
         if not attributes:
             logger.error('The attributes dictionary is empty')
 
@@ -120,6 +120,10 @@ def is_authorized(self, attributes, attribute_mapping):
         """
         return True
 
+    def clean_attributes(self, attributes):
+        """Hook to clean attributes from the SAML response."""
+        return attributes
+
     def clean_user_main_attribute(self, main_attribute):
         """Performs any cleaning on the user main attribute (which
         usually is "username") prior to using it to get or
diff --git a/tests/testprofiles/tests.py b/tests/testprofiles/tests.py
@@ -166,3 +166,33 @@ def test_django_user_main_attribute_lookup(self):
             self.assertEqual(
                 backend.get_django_user_main_attribute_lookup(),
                 '__iexact')
+
+
+class LowerCaseSaml2Backend(Saml2Backend):
+    def clean_attributes(self, attributes):
+        return dict([k.lower(), v] for k, v in attributes.items())
+
+
+class LowerCaseSaml2BackendTest(TestCase):
+    def test_update_user_clean_attributes(self):
+        user = User.objects.create(username='john')
+        attribute_mapping = {
+            'uid': ('username', ),
+            'mail': ('email', ),
+            'cn': ('first_name', ),
+            'sn': ('last_name', ),
+            }
+        attributes = {
+            'UID': ['john'],
+            'MAIL': ['john@example.com'],
+            'CN': ['John'],
+            'SN': [],
+        }
+
+        backend = LowerCaseSaml2Backend()
+        user = backend.authenticate(
+            None,
+            session_info={'ava': attributes},
+            attribute_mapping=attribute_mapping,
+        )
+        self.assertIsNotNone(user)
