« back to all changes in this revision
Viewing changes to src/ubuntu_sso_saml/processors.py
- Committer: Ubuntu One Auto Copilot
- Date: 2017-10-26 17:47:22 UTC
- mfrom: (1583.1.3 fix-saml-team-snafu)
- Revision ID: otto-copilot@canonical.com-20171026174722-lx78ifbiyljqn6cb
Fix the "'AnonymousUser' object has no attribute 'person_in_any_team'" oops when a non-logged-in user tries to access a SAML remote with group restrictions.
This was fixed at Ricardo's suggestion by moving the group membership test to a _validate_user method (which is actually what django_saml2idp recommends, had I bothered to read the documentation), and it's my understanding in this method one should *never* get a non-logged-in user. But I left the check that protects against a User not having person_in_any_team anyway.
The test I wrote with the user checks in _validate_request reproduced the oops perfectly, even if moving it to _validate_user later changed the behavior (sending the user to the login page).
Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/fix-saml-team-snafu/+merge/332868
This was fixed at Ricardo's suggestion by moving the group membership test to a _validate_user method (which is actually what django_saml2idp recommends, had I bothered to read the documentation), and it's my understanding in this method one should *never* get a non-logged-in user. But I left the check that protects against a User not having person_in_any_team anyway.
The test I wrote with the user checks in _validate_request reproduced the oops perfectly, even if moving it to _validate_user later changed the behavior (sending the user to the login page).
Merged from https://code.launchpad.net/~roadmr/canonical-identity-provider/fix-saml-team-snafu/+merge/332868
added
removed
src/ubuntu_sso_saml/processors.py
