Commit 5602d6be authored by Lukas Burgey's avatar Lukas Burgey

Parse strange userinfos correctly

parent 56a9959c
......@@ -270,11 +270,20 @@ class User(AbstractUser):
# return True if the userinfo contains entitlements (we ignore groups then)
def update_userinfo_entitlements(self, userinfo):
local_entitlements = self.vos.instance_of(Entitlement)
remote_entitlements = [
Entitlement.extract_name(name)
for name in
userinfo.get(self.idp.userinfo_field_entitlements, [])
]
remote_entitlements = []
# determine upstream entitlements
if self.idp.userinfo_field_entitlements in userinfo:
field = userinfo[self.idp.userinfo_field_entitlements]
if isinstance(field, list):
remote_entitlements = [
Entitlement.extract_name(name)
for name in field
]
elif isinstance(field, str):
remote_entitlements = [Entitlement.extract_name(field)]
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)
# check if local_entitlements were removed
for loc_ent in local_entitlements:
......@@ -284,7 +293,7 @@ class User(AbstractUser):
for rem_ent_name in remote_entitlements:
ent = Entitlement.get_entitlement(name=rem_ent_name, idp=self.idp)
# check if user needs to be in this entitlement
# check if the user needs to be in this entitlement
if not self.vos.filter(name=rem_ent_name, idp=self.idp).exists():
self._add_vo(ent)
......@@ -294,8 +303,14 @@ class User(AbstractUser):
local_groups = self.vos.instance_of(Group)
remote_groups = []
if not ignore_groups:
remote_groups = userinfo.get(self.idp.userinfo_field_groups, [])
if not ignore_groups and self.idp.userinfo_field_groups in userinfo:
field = userinfo[self.idp.userinfo_field_entitlements]
if isinstance(field, list):
remote_groups = field
elif isinstance(field, str):
remote_groups = [field]
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)
# check if groups were removed
for group in local_groups:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment