From 5df42c192ed61747c7d7d160f2927b56cba5a41d Mon Sep 17 00:00:00 2001 From: Alex Azevedo Date: Mon, 25 Mar 2019 18:41:17 -0300 Subject: [PATCH] Added a new "AFTER_LOGIN" hook that is called after the user is logged in and after user attributes are returned from the SAML provider --- AUTHORS.rst | 1 + README.rst | 5 +++++ django_saml2_auth/views.py | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/AUTHORS.rst b/AUTHORS.rst index a8732e6..5c8390c 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -30,3 +30,4 @@ Contributors - `Ryan Mahaffey `_ - `ayr-ton `_ _ `kevPo `_ +_ `Alex Azevedo `_ diff --git a/README.rst b/README.rst index cb0f544..d18ad76 100644 --- a/README.rst +++ b/README.rst @@ -157,6 +157,7 @@ How to use? 'TRIGGER': { 'CREATE_USER': 'path.to.your.new.user.hook.method', 'BEFORE_LOGIN': 'path.to.your.login.hook.method', + 'AFTER_LOGIN': 'path.to.your.after.login.hook.method', }, 'ASSERTION_URL': 'https://mysite.com', # Custom URL to validate incoming SAML requests against 'ENTITY_ID': 'https://mysite.com/saml2_auth/acs/', # Populates the Issuer element in authn request @@ -196,6 +197,10 @@ record is created. This method should accept ONE parameter of user dict. This method will be called before the user is logged in and after user attributes are returned by the SAML2 identity provider. This method should accept ONE parameter of user dict. +**TRIGGER.AFTER_LOGIN** A method to be called when an existing user logs in. +This method will be called after the user is logged in and after user +attributes are returned by the SAML2 identity provider. This method should accept ONE parameter of user dict. + **ASSERTION_URL** A URL to validate incoming SAML responses against. By default, django-saml2-auth will validate the SAML response's Service Provider address against the actual HTTP request's host and scheme. If this value is set, it diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py index 865c112..406369e 100644 --- a/django_saml2_auth/views.py +++ b/django_saml2_auth/views.py @@ -198,6 +198,10 @@ def acs(r): if target_user.is_active: target_user.backend = 'django.contrib.auth.backends.ModelBackend' login(r, target_user) + + if settings.SAML2_AUTH.get('TRIGGER', {}).get('AFTER_LOGIN', None): + import_string(settings.SAML2_AUTH['TRIGGER']['AFTER_LOGIN'])(user_identity) + else: return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))