Implementation, tests and docs of pull request #104

django_auth_adfs/backend.py

@@ -235,7 +235,10 @@ def update_user_flags(self, user, claims):
 
             for flag, group in settings.GROUP_TO_FLAG_MAPPING.items():
                 if hasattr(user, flag):
-                    if group in access_token_groups:
+                    if not isinstance(group, list):
+                        group = [group]
+
+                    if any(group_list_item in access_token_groups for group_list_item in group):
                         value = True
                     else:
                         value = False

docs/settings_ref.rst

@@ -247,14 +247,14 @@ For example, if a user is a member of the group ``Django Staff``, you can automa
 field of the user to ``True``.
 
 The **key** represents the boolean user model field (e.g. ``is_staff``)
-and the **value** represents the group name (e.g. ``Django Staff``).
+and the **value**, which can either be a single String or an array of Strings, represents the group(s) name (e.g. ``Django Staff``).
 
 example
 
 .. code-block:: python
 
     AUTH_ADFS = {
-        "GROUP_TO_FLAG_MAPPING": {"is_staff": "Django Staff",
+        "GROUP_TO_FLAG_MAPPING": {"is_staff": ["Django Staff", "Other Django Staff"],
                                   "is_superuser": "Django Admins"},
     }
 

tests/test_authentication.py

@@ -218,6 +218,42 @@ def test_group_removal_overlap(self):
         self.assertEqual(user.groups.all()[0].name, "group1")
         self.assertEqual(user.groups.all()[1].name, "group2")
 
+    @mock_adfs("2016")
+    def test_group_to_flag_mapping(self):
+        group_to_flag_mapping = {
+            "is_staff": ["group1", "group4"],
+            "is_superuser": "group2",
+        }
+        with patch("django_auth_adfs.backend.settings.GROUP_TO_FLAG_MAPPING", group_to_flag_mapping):
+            with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", {}):
+                backend = AdfsAuthCodeBackend()
+
+                user = backend.authenticate(self.request, authorization_code="dummycode")
+                self.assertIsInstance(user, User)
+                self.assertEqual(user.first_name, "John")
+                self.assertEqual(user.last_name, "Doe")
+                self.assertEqual(user.email, "john.doe@example.com")
+                self.assertEqual(len(user.groups.all()), 2)
+                self.assertTrue(user.is_staff)
+                self.assertTrue(user.is_superuser)
+
+    @mock_adfs("2016")
+    def test_boolean_claim_mapping(self):
+        boolean_claim_mapping = {
+            "is_superuser": "user_is_superuser",
+        }
+        with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", boolean_claim_mapping):
+            backend = AdfsAuthCodeBackend()
+
+            user = backend.authenticate(self.request, authorization_code="dummycode")
+            self.assertIsInstance(user, User)
+            self.assertEqual(user.first_name, "John")
+            self.assertEqual(user.last_name, "Doe")
+            self.assertEqual(user.email, "john.doe@example.com")
+            self.assertEqual(len(user.groups.all()), 2)
+            self.assertFalse(user.is_staff)
+            self.assertTrue(user.is_superuser)
+
     @mock_adfs("2016")
     def test_authentication(self):
         response = self.client.get("/oauth2/callback", {'code': 'testcode'})