shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-02 01:21:21 +03:00
Code Releases Activity

Restore SAML enterprise user auth logic

Browse Source 
Connect #7666 of ansible-tower and follow up original fix tower #455.
The original fix solves the problem of duplicated db keys, but breaks a
rule of enterprise users that 'Enterprise users cannot be
created/authenticated if non-enterprise users with the same name has
already been created in Tower.'. This fix resumes that rule.

Signed-off-by: Aaron Tan <jangsutsr@gmail.com>
This commit is contained in:
Aaron Tan 2017-09-25 15:20:43 -04:00
parent 2ad26008cc
commit 9bae656676
No known key found for this signature in database
GPG Key ID: B0B709D324AE4963
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
awx/sso/backends.py
View File

@ -266,16 +266,12 @@ class SAMLAuth(BaseSAMLAuth):
if not feature_enabled('enterprise_auth'): if not feature_enabled('enterprise_auth'):
logger.error("Unable to authenticate, license does not support SAML authentication") logger.error("Unable to authenticate, license does not support SAML authentication")
return None return None
created = False
try:
user = User.objects.get(username=kwargs.get('username', ''))
if user and not user.is_in_enterprise_category('saml'):
return None
except User.DoesNotExist:
created = True
user = super(SAMLAuth, self).authenticate(*args, **kwargs) user = super(SAMLAuth, self).authenticate(*args, **kwargs)
if user and created: # Comes from https://github.com/omab/python-social-auth/blob/v0.2.21/social/backends/base.py#L91
if getattr(user, 'is_new', False):
_decorate_enterprise_user(user, 'saml') _decorate_enterprise_user(user, 'saml')
elif user and not user.is_in_enterprise_category('saml'):
return None
return user return user
def get_user(self, user_id): def get_user(self, user_id):