From b5ca71b37d11be5cc21ded37be2e700b9108c960 Mon Sep 17 00:00:00 2001
From: martent <marten@thavenius.se>
Date: Mon, 11 Jun 2018 14:18:09 +0200
Subject: [PATCH] User info when SAML respons lacks SNIN or person name

---
 app/controllers/seller_auth_controller.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/seller_auth_controller.rb b/app/controllers/seller_auth_controller.rb
index aff2a6c..8944fce 100644
--- a/app/controllers/seller_auth_controller.rb
+++ b/app/controllers/seller_auth_controller.rb
@@ -22,7 +22,15 @@ def consume
       redirect_to(root_path, alert: 'Inloggning misslyckades') && return
     end
 
-    seller = update_seller(response.attributes['Subject_SerialNumber'], response.attributes['Subject_CommonName'])
+    serial_number      = response.attributes['Subject_SerialNumber']
+    subject_commonname = response.attributes['Subject_CommonName']
+
+    unless serial_number && subject_commonname
+      logger.error '[SAML_AUTH] Response has no Subject_SerialNumber (SNIN) or Subject_CommonName'
+      redirect_to(root_path, alert: 'Inloggningen misslyckades. Personnummer och/eller personnamn saknas i responsen från inloggningstjänsten.') && return
+    end
+
+    seller = update_seller(serial_number, subject_commonname)
 
     unless seller
       logger.warn '[SAML_AUTH] User not registered in the system.'