Merge remote-tracking branch 'upstream/master'

CHANGELOG.rst

@@ -2,6 +2,17 @@
 Changelog
 =========
 
+1.2.0 (2022-12-14)
+==================
+
+* Increased the max length of the Token.Token.redirect_to field to 1023
+
+
+1.1.0 (2021-08-16)
+==================
+
+* Added support to update user-data on login (#61)
+
 
 1.0.0 (2020-09-03)
 ==================

simple_sso/__init__.py

@@ -1 +1 @@
-__version__ = '1.0.5'
+__version__ = '1.2.1'

simple_sso/sso_client/client.py

@@ -1,3 +1,4 @@
+from copy import copy
 from urllib.parse import urlparse, urlunparse, urljoin, urlencode
 
 from django.urls import re_path
@@ -121,8 +122,10 @@ def build_user(self, user_data):
         try:
             user = User.objects.get(username=user_data['username'])
             # Update user data, excluding username changes
-            del user_data['username']
-            for _attr, _val in user_data.items():
+            # Work on copied _tmp dict to keep an untouched user_data
+            user_data_tmp = copy(user_data)
+            del user_data_tmp['username']
+            for _attr, _val in user_data_tmp.items():
                 setattr(user, _attr, _val)
         except User.DoesNotExist:
             user = User(**user_data)

simple_sso/sso_server/migrations/0003_token_redirect_to_max_length.py

@@ -0,0 +1,16 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('sso_server', '0002_consumer_name_max_length'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='token',
+            name='redirect_to',
+            field=models.CharField(max_length=1023),
+        ),
+    ]

simple_sso/sso_server/models.py

@@ -68,7 +68,7 @@ class Token(models.Model):
         default=TokenSecretKeyGenerator('access_token')
     )
     timestamp = models.DateTimeField(default=timezone.now)
-    redirect_to = models.CharField(max_length=255)
+    redirect_to = models.CharField(max_length=1023)
     user = models.ForeignKey(
         getattr(settings, 'AUTH_USER_MODEL', 'auth.User'),
         null=True,

tests/test_core.py

@@ -147,41 +147,6 @@ def test_user_data_updated(self):
             for key in ['username', 'email', 'first_name', 'last_name']:
                 self.assertEqual(getattr(client_user, key), getattr(server_user, key))
 
-    def test_user_groups(self):
-        """ User data update test
-
-        Tests whether sso server user data changes will be forwared to the client on the user's next login.
-
-        """
-        USERNAME = PASSWORD = 'myuser'
-        server_user = User.objects.create_user(
-            USERNAME,
-            'bob@bobster.org',
-            PASSWORD
-        )
-        test_group, created = Group.objects.get_or_create(name='SSO_SUPERADMIN')
-        server_user.groups.add(test_group)
-
-        self._get_consumer()
-
-        with UserLoginContext(self, server_user):
-            # First login
-            # try logging in and auto-follow all 302s
-            self.client.get(reverse('simple-sso-login'), follow=True)
-            # check the user
-            client_user = get_user(self.client)
-            for key in ['username', 'email', 'groups']:
-                self.assertEqual(getattr(client_user, key), getattr(server_user, key))
-
-            # Check the groups
-            client_groups = client_user.groups.all()
-            server_groups = server_user.groups.all()
-
-            # NOTE: This test does/tests anything, as DB is shared across client/server so on .all operation always groups are present without anything special.
-            # If you are reading this and know how to implement a "good" test, please, feel free to PR.
-            for group in server_groups:
-                self.assertTrue(group in client_groups)
-
     def test_custom_keygen(self):
         # WARNING: The following test uses a key generator function that is
         # highly insecure and should never under any circumstances be used in