Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set unusable password for new created users #398

Closed
pandafy opened this issue Feb 15, 2024 · 3 comments · Fixed by #399
Closed

Set unusable password for new created users #398

pandafy opened this issue Feb 15, 2024 · 3 comments · Fixed by #399
Labels
question wontfix

Comments

@pandafy
Copy link
Contributor

pandafy commented Feb 15, 2024

I see the changelog mentions setting unusable password on the user object, but I can't find it in the code.

https://github.com/IdentityPython/djangosaml2/blob/169fc486fc387a0ed57ae01ee67140a424a83a46/CHANGES#L386C1-L388C70

Perhaps, this change was lost while deprecating configure_user method?
@peppelinux
Copy link
Member

Here
https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/backends.py#L256

@pandafy
Copy link
Contributor Author

pandafy commented Feb 15, 2024

If the user is not present on the system (when the user is first created), then this code will be triggered

djangosaml2/djangosaml2/backends.py

Lines 291 to 298 in 169fc48

if create_unknown_user:
user = UserModel(**{user_lookup_key: user_lookup_value})
created = True
logger.debug(f"New user created: {user}", exc_info=True)
else:
logger.exception(
f"The user does not exist, model: {UserModel._meta}, lookup: {user_query_args}"
)

And, this does not set an unusable password.

@pandafy
Copy link
Contributor Author

pandafy commented Feb 15, 2024
edited
Loading

@peppelinux I opened #399 after updating an existing test case to verify that the created user has a usable_password.

Please check the logs of the Ci build https://github.com/IdentityPython/djangosaml2/actions/runs/7913492573/job/21601260980?pr=399#step:5:740

pandafy added a commit to pandafy/djangosaml2 that referenced this issue Feb 15, 2024
@pandafy
Fix: New created users will have unusable password
e036217 
Closes IdentityPython#398
@pandafy pandafy mentioned this issue Feb 15, 2024
Merged
peppelinux pushed a commit that referenced this issue Feb 15, 2024
@pandafy
Fix: New created users will have unusable password (#399)
1be7946 
* Fix: New created users will have unusable password

Closes #398

* Bump version to 1.9.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: New created users will have unusable password pandafy/djangosaml2
2 participants
@peppelinux @pandafy