mirror of https://github.com/zulip/zulip.git
7e1f468f04
There was a bug here that would trigger an exception inside `sync_user_profile_custom_fields`, causing it to get logged with logging.warning, when an attribute configured for SAML custom profile field sync was missing from a SAMLResponse or had an empty value. `sync_user_profile_custom_fields` expects valid values, and None is not valid. We could consider a slightly different behavior here instead - when an attribute is sent with no value in the SAMLResponse, that means the attr has no value in the IdP's user directory - so perhaps a better behavior would be to also remove the custom profile field value in Zulip. However there are two issues with that: 1. It's not necessarily the best behavior, because an organization might want the "user doesn't have this attribute set at the IdP level" state to just mean that the user should be free to set the value manually in Zulip if they wish. And having that value get reset on every login would then be an issue. The implementation in this commit is consistent with this philosophy. 2. There's some implementation difficulty - upstream `self.get_attr(...)`, which we use for reading the attr value from the SAMLResponse, doesn't distinguish between an attribute being sent with no value and the attribute not being sent at all - in both cases it returns None. So we'd need some extra work here with parsing the SAMLResponse properly, to be able to know when the custom profile field should get cleared. |
||
|---|---|---|
| .. | ||
| actions | ||
| data_import | ||
| integration_fixtures/nagios | ||
| lib | ||
| management | ||
| migrations | ||
| models | ||
| openapi | ||
| tests | ||
| tornado | ||
| transaction_tests | ||
| views | ||
| webhooks | ||
| worker | ||
| __init__.py | ||
| apps.py | ||
| context_processors.py | ||
| decorator.py | ||
| filters.py | ||
| forms.py | ||
| logging_handlers.py | ||
| middleware.py | ||
| signals.py | ||