Commit 35b4bdbd authored by Ryan Goggin's avatar Ryan Goggin

Add option to not auto create accounts

parent c8cab084
......@@ -3,7 +3,7 @@ try:
except ImportError:
from distutils.core import setup
setup(name='uw_saml_tools',
version='0.2',
version='0.3',
description='UW Saml Tools',
author='Ryan Goggin',
author_email='ryan.goggin@uwaterloo.ca',
......
from django.conf import settings
from django.contrib.auth import get_user_model
from django_auth_adfs.config import settings as adfs_config
from django_auth_adfs.backend import AdfsAuthCodeBackend
from django_auth_adfs.config import settings, provider_config
from django_auth_adfs import signals
from uw_saml_tools.utils import sync_user_groups
import logging
logger = logging.getLogger("uw_saml_tools")
class ADFSBackend(AdfsAuthCodeBackend):
def process_access_token(self, access_token, adfs_response=None):
if not access_token:
raise PermissionDenied
logger.debug("Received access token: %s", access_token)
claims = self.validate_access_token(access_token)
if not claims:
raise PermissionDenied
if getattr(settings, 'AUTO_CREATE_USER', True):
user = self.create_user(claims)
else:
usermodel = get_user_model()
try:
user = usermodel.objects.get(**{usermodel.USERNAME_FIELD: claims[adfs_config.USERNAME_CLAIM]})
if not user.password:
user.set_unusable_password()
except usermodel.DoesNotExist:
return None
self.update_user_attributes(user, claims)
self.update_user_groups(user, claims)
self.update_user_flags(user, claims)
signals.post_authenticate.send(
sender=self,
user=user,
claims=claims,
adfs_response=adfs_response
)
user.full_clean()
user.save()
return user
def update_user_groups(self, user, claims):
if settings.GROUPS_CLAIM in claims:
claim_groups = claims[settings.GROUPS_CLAIM]
if adfs_config.GROUPS_CLAIM in claims:
claim_groups = claims[adfs_config.GROUPS_CLAIM]
if not isinstance(claim_groups, list):
claim_groups = [claim_groups,]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment