django-cas-server
django-cas-server copied to clipboard
nitmir
fix bug of user attributes
Hi Cloud you please explain which bug your PR intend to fix and a way to reproduce it ? Also could you point your PR to the dev branch ?
Just so you known, Ticket model does have a attributs field, inherited from the JsonAttributes abstract model. Generally, the user attributes from the User model are not available during ticket validation (but only in the context of the user session, i.e. at the ticket creation). During ticket creation, the user attributes are copied and store inside the ticket.
Thank
I use Golang CAS client to request django-cas-server to verify the ticket. After success, I can get the username, but not the attributes. So I modified the code of django-cas-server so that it returns user attributes.
Hi I have been found this library django-cas-server recently. I don't know if I'm doing something wrong here, but I have been debugging beacause my attributes were not being sent correctly and I found that the solution is the same as this pull request is doing. I can explain the bug: When the CAS server makes the login saves the attributs on the user model and when the server validates the service on ValidateService he tries to pick up the attributs on the ticket. They are not in the ticket, they are stored in the user of the ticket.
Image of debug with ticket attributs set to {}
Image of debug with ticket.user attributs set to their values
Hi
I think there a confusion here:
- User.attributes contain all of the user attributes.
- Ticket.attributes contain only the attributes that were selected to be sent to the service then the ticket was created, following the service configuration.
You can see the logic here https://github.com/nitmir/django-cas-server/blob/master/cas_server/models.py#L400 in the User class.
service_attributs = {}
for (key, value) in self.attributs.items():
if key in attributs or '*' in attributs:
if key in replacements:
if isinstance(value, list):
for index, subval in enumerate(value):
value[index] = re.sub(
replacements[key][0],
replacements[key][1],
subval
)
else:
value = re.sub(replacements[key][0], replacements[key][1], value)
service_attributs[attributs.get(key, key)] = value
ticket = ticket_class.objects.create(
user=self,
attributs=service_attributs,
service=service,
renew=renew,
service_pattern=service_pattern,
single_log_out=service_pattern.single_log_out
)
ticket.save()
This also allows to rename some attribute name or to transform the attribute value for a specific service.
By default, no attributes are sent to a service (except the username). This is the default for privacy reasons. As you can see it in the doc there https://github.com/nitmir/django-cas-server#service-patterns, you have to define the list of attributes to send for each service:
Replace attribute names: a list of user attributes to send to the service.
You can use * as an attribute name in the list to send all attributes.
If you have any suggestion to improve the README to make it more obvious, please open another merge request (and I'll try not to take a year to merge it).
When the list of attribute is defined for a service, attributes get sent. So I'll clone this merge request.