Commit f7d16cfa authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Only authenticate against enabled idps

parent 592cd99f
......@@ -33,12 +33,19 @@ class OIDCTokenAuthBackend:
def get_idp(self, request):
# OPTION 1: issuer set in the 'X-Issuer' header
if 'HTTP_X_ISSUER' in request.META:
return OIDCConfig.objects.get(issuer_uri=request.META['HTTP_X_ISSUER'])
return OIDCConfig.objects.get(
issuer_uri=request.META['HTTP_X_ISSUER'],
enabled=True,
)
# OPTION 2: issuer set in users session (before redirecting to IdP)
idp_id = utils.get_session(request, 'idp_id', None)
if idp_id is not None:
return OIDCConfig.objects.get(id=idp_id)
return OIDCConfig.objects.get(
id=idp_id,
enabled=True,
)
raise OIDCConfig.DoesNotExist('Unable to determine IdP')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment