Restore SAML enterprise user auth logic

Connect #7666 of ansible-tower and follow up original fix tower #455. The original fix solves the problem of duplicated db keys, but breaks a rule of enterprise users that 'Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in Tower.'. This fix resumes that rule. Signed-off-by: Aaron Tan <jangsutsr@gmail.com>
2024-11-02 01:21:21 +03:00 · 2017-09-25 15:20:43 -04:00 · 2017-09-25 15:20:43 -04:00 · 9bae656676
commit 9bae656676
parent 2ad26008cc
1 changed files with 4 additions and 8 deletions
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@ -266,16 +266,12 @@ class SAMLAuth(BaseSAMLAuth):
        if not feature_enabled('enterprise_auth'):
            logger.error("Unable to authenticate, license does not support SAML authentication")
            return None
-        created = False
-        try:
-            user = User.objects.get(username=kwargs.get('username', ''))
-            if user and not user.is_in_enterprise_category('saml'):
-                return None
-        except User.DoesNotExist:
-            created = True
        user = super(SAMLAuth, self).authenticate(*args, **kwargs)
-        if user and created:
+        # Comes from https://github.com/omab/python-social-auth/blob/v0.2.21/social/backends/base.py#L91
+        if getattr(user, 'is_new', False):
            _decorate_enterprise_user(user, 'saml')
+        elif user and not user.is_in_enterprise_category('saml'):
+            return None
        return user

    def get_user(self, user_id):