Parse strange userinfos correctly

5602d6be · Lukas Burgey · 56a9959c · 5602d6be
Commit 5602d6be authored Dec 07, 2018 by Lukas Burgey
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 8 deletions

feudal/backend/models/users.py feudal/backend/models/users.py +23 -8

No files found.
--- a/feudal/backend/models/users.py
+++ b/feudal/backend/models/users.py
@@ -270,11 +270,20 @@ class User(AbstractUser):
    # return True if the userinfo contains entitlements (we ignore groups then)
    def update_userinfo_entitlements(self, userinfo):
        local_entitlements = self.vos.instance_of(Entitlement)
-        remote_entitlements = [
-            Entitlement.extract_name(name)
-            for name in
-            userinfo.get(self.idp.userinfo_field_entitlements, [])
-        ]
+        remote_entitlements = []
+
+        # determine upstream entitlements
+        if self.idp.userinfo_field_entitlements in userinfo:
+            field = userinfo[self.idp.userinfo_field_entitlements]
+            if isinstance(field, list):
+                remote_entitlements = [
+                    Entitlement.extract_name(name)
+                    for name in field
+                ]
+            elif isinstance(field, str):
+                remote_entitlements = [Entitlement.extract_name(field)]
+            else:
+                LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)

        # check if local_entitlements were removed
        for loc_ent in local_entitlements:
@@ -284,7 +293,7 @@ class User(AbstractUser):
        for rem_ent_name in remote_entitlements:
            ent = Entitlement.get_entitlement(name=rem_ent_name, idp=self.idp)

-            # check if user needs to be in this entitlement
+            # check if the user needs to be in this entitlement
            if not self.vos.filter(name=rem_ent_name, idp=self.idp).exists():
                self._add_vo(ent)

@@ -294,8 +303,14 @@ class User(AbstractUser):
        local_groups = self.vos.instance_of(Group)
        remote_groups = []

-        if not ignore_groups:
-            remote_groups = userinfo.get(self.idp.userinfo_field_groups, [])
+        if not ignore_groups and self.idp.userinfo_field_groups in userinfo:
+            field = userinfo[self.idp.userinfo_field_entitlements]
+            if isinstance(field, list):
+                remote_groups = field
+            elif isinstance(field, str):
+                remote_groups = [field]
+            else:
+                LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)

        # check if groups were removed
        for group in local_groups: