Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate out the condition for skipping login #376

Merged
merged 2 commits into from
May 29, 2023
Merged

Separate out the condition for skipping login #376

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b4aeb03
Separate out the condition for skipping login
CamLamb May 12, 2023
2366a92
Bump package version to 1.5.8
CamLamb May 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 12 additions & 10 deletions djangosaml2/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,21 +174,23 @@ def load_sso_kwargs(self, sso_kwargs):
def add_idp_hinting(self, http_response):
return add_idp_hinting(self.request, http_response) or http_response

def get(self, request, *args, **kwargs):
logger.debug("Login process started")
next_path = self.get_next_path(request)

# if the user is already authenticated that maybe because of two reasons:
def should_prevent_auth(self, request) -> bool:
# If the user is already authenticated that maybe because of two reasons:
# A) He has this URL in two browser windows and in the other one he
# has already initiated the authenticated session.
# B) He comes from a view that (incorrectly) send him here because
# he does not have enough permissions. That view should have shown
# an authorization error in the first place.
# We can only make one thing here and that is configurable with the
# SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting. If that setting
# is True (default value) we will redirect him to the next_path path.
# Otherwise, we will show an (configurable) authorization error.
if request.user.is_authenticated:
return request.user.is_authenticated

def get(self, request, *args, **kwargs):
logger.debug("Login process started")
next_path = self.get_next_path(request)

if self.should_prevent_auth(request):
# If the SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting is True
# (default value), redirect to the next_path. Otherwise, show a
# configurable authorization error.
if get_custom_setting("SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN", True):
return HttpResponseRedirect(next_path)
logger.debug("User is already logged in")
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def read(*rnames):

setup(
name="djangosaml2",
version="1.5.7",
version="1.5.8",
description="pysaml2 integration for Django",
long_description=read("README.md"),
long_description_content_type="text/markdown",
Expand Down