Closed vanderzielj closed 5 months ago
commenting out the full_clean
resulted in a nearly duplicate user being created. Notice the change of case. It seems that the UPN returned is not faithful with respect to character case. That makes sense because I can login using an all lowercase email address without any problems. (Can we re-visit the lowercase email as username issue now? :-)
I apparently missed the fact that the user was not found in the return authentication; hence the creation of the new user. So it would appear that I have a couple choices: either modify the model to always use lowercase (same case) email addresses or modify the lookup to perform a case-insensitive search.
I have resolved this issue by modifying my custom user model to use a custom lower case email field:
class LowercaseEmailField(models.EmailField):
def get_prep_value(self, value):
return str(value).lower()
Thank you for following up with your solution!
First of all - thank you for providing, maintaining and supporting this excellent library. I have tried about 3 libraries and the level of integration of django-auth-adfs and the support of group claims, as well as its reputation is what made me select this one over the others.
I have a few years of Python and about 5 months of Django under my belt (about 6+ years each of C#/.Net and then Java with some Perl and a year or so of front-end JavaScript/Angular work thrown in for good measure) so if I make some unexpected assumptions about Django or Python please ask for clarification.
I have an issue/question getting the django-auth-adfs package to work with my custom usermodel (explained more below).
Notice that I was setting the email field and not the username. I commented out the
"email": "upn",
line in theCLAIM_MAPPING
setting and left the"USERNAME_CLAIM": "upn"
setting that was already in place, restarted and I seemed to be in business: I was able to login and a new user was created. However, as soon as I logout and try to login again - or click on any protected page like Admin - I get a Validation error:Notice that this is a validation error - after the user was authenticated. And from looking at the values I can also say that is after the user was already retrieved. Why is it testing if a user exists after all of this has already taken place?
In trying to determine where in the code the decision is made to retrieve an existing user vs creating a new one and my best guess was that it happens in the
create_user
method:this method is called by the
AdfsBaseBackend.process_access_token
from the same class on the line that readsuser = self.create_user(claims)
and expects in return, a user instance - preexisting or created. What I don't understand is why after the user has been authenticated and the code has an instance of the user class theprocess_access_token
then callsfull_clean
on the user model - which throws the exception. I haven't written any validation code, yet, so perhaps this is the standard way it is done.When I walked through a copy of the back-end code that I placed into my own
backend.py
that I substituted for the project code (same code just different file), I could see that the user was populated and the exception was never thrown - which seems to indicate that the created user was found.I appreciate any and all help that can be provided.
Regards, Justin
Upvote & Fund