mirror of https://github.com/zulip/zulip.git
saml: Change which IdPs are returned to get_external_method_dicts.
If queried without a realm, get_external_method_dicts should only have IdPs that can be used on all realms.
This commit is contained in:
parent
b29ccdf51c
commit
62c0ab3f9d
|
@ -2514,14 +2514,16 @@ class ExternalMethodDictsTests(ZulipTestCase):
|
||||||
):
|
):
|
||||||
# Calling get_external_method_dicts without a realm returns all methods configured on the server:
|
# Calling get_external_method_dicts without a realm returns all methods configured on the server:
|
||||||
external_auth_methods = get_external_method_dicts()
|
external_auth_methods = get_external_method_dicts()
|
||||||
self.assert_length(external_auth_methods, 3) # 2 IdP + a dict for github auth
|
# 1 IdP enabled for all realms + a dict for github auth
|
||||||
self.assertEqual(set([external_auth_methods[0]['name'], external_auth_methods[1]['name']]),
|
self.assert_length(external_auth_methods, 2)
|
||||||
set(['saml:test_idp', 'saml:test_idp2']))
|
self.assertEqual([external_auth_methods[0]['name'], external_auth_methods[1]['name']],
|
||||||
|
['saml:test_idp', 'github'])
|
||||||
|
|
||||||
external_auth_methods = get_external_method_dicts(get_realm("zulip"))
|
external_auth_methods = get_external_method_dicts(get_realm("zulip"))
|
||||||
# Only test_idp enabled for the zulip realm, + github auth.
|
# Only test_idp enabled for the zulip realm, + github auth.
|
||||||
self.assert_length(external_auth_methods, 2)
|
self.assert_length(external_auth_methods, 2)
|
||||||
self.assertEqual(external_auth_methods[0]['name'], 'saml:test_idp')
|
self.assertEqual([external_auth_methods[0]['name'], external_auth_methods[1]['name']],
|
||||||
|
['saml:test_idp', 'github'])
|
||||||
|
|
||||||
external_auth_methods = get_external_method_dicts(get_realm("zephyr"))
|
external_auth_methods = get_external_method_dicts(get_realm("zephyr"))
|
||||||
# Both idps enabled for the zephyr realm, + github auth.
|
# Both idps enabled for the zephyr realm, + github auth.
|
||||||
|
|
|
@ -1558,6 +1558,9 @@ class SAMLAuthBackend(SocialAuthMixin, SAMLAuth):
|
||||||
for idp_name, idp_dict in settings.SOCIAL_AUTH_SAML_ENABLED_IDPS.items():
|
for idp_name, idp_dict in settings.SOCIAL_AUTH_SAML_ENABLED_IDPS.items():
|
||||||
if realm and not cls.validate_idp_for_subdomain(idp_name, realm.subdomain):
|
if realm and not cls.validate_idp_for_subdomain(idp_name, realm.subdomain):
|
||||||
continue
|
continue
|
||||||
|
if realm is None and 'limit_to_subdomains' in idp_dict:
|
||||||
|
# If queried without a realm, only return IdPs that can be used on all realms.
|
||||||
|
continue
|
||||||
|
|
||||||
saml_dict = dict(
|
saml_dict = dict(
|
||||||
name='saml:{}'.format(idp_name),
|
name='saml:{}'.format(idp_name),
|
||||||
|
|
Loading…
Reference in New Issue