Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Double update of main attribute when SAML_USE_NAME_ID_AS_USERNAME is False

See original GitHub issue

I noticed that when SAML_USE_NAME_ID_AS_USERNAME is False, whatever attribute is determined to be the main attribute here https://github.com/knaperek/djangosaml2/blob/fd6a8237ed7b2b2308de97b11773c1860139b048/djangosaml2/backends.py#L88-L90 gets applied to the user both on creation and on update of the attributes.

This double update does not seem necessary and can cause problems if a cleaning is defined on the main attribute that is separate from the cleaning of the attributes.

Example:

  1. Configure an email attribute to be sent from the IdP and be used as the main attribute / set to be the username within Django

  2. Define a cleaning on this main attribute that converts @ to _ (e.g., user@company within IdP —> user_company Django user)

  3. When a user is created here, the username will be user_company as expected

  4. Once the user is created, the attributes will be updated here and the username will change to the attribute value of user@company, which is not desired.

Any suggestions / feedback on the above? I may be missing a best practice configuration here. Thanks!

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:9 (9 by maintainers)

github_iconTop GitHub Comments

2reactions
peppelinuxcommented, May 27, 2021

@jaap3 I think that you’re the man I’d Be Happy to read you PR related on that with some of your awesome tests

You’re in the flow, please don’t stop the 🧠

1reaction
jaap3commented, May 26, 2021

Would adding if attr == self._user_lookup_attribute(): continue right before https://github.com/IdentityPython/djangosaml2/blob/fd6a8237ed7b2b2308de97b11773c1860139b048/djangosaml2/backends.py#L164 solve this issue?

That way _update_user would never update the field that was just used to create/find the user it’s updating right?

Read more comments on GitHub >

github_iconTop Results From Across the Web

ruby on rails - How to update a single attribute without ...
Try using update_attributes!(:pagehit => pagehit+1) and see if you get any errors. BTW, did you paste the def disable_timestamps twice by mistake here ......
Read more >
Rails 2.1 - Partial Updates May Create Invalid Records
Rails 2.1 will do partial SQL updates. This will improve performance, but it has the potential to create invalid records. Two update queries ......
Read more >
Help for Insight REST API updating an Attribute
However, I'm currently stuck trying to update an Object's attribute. ... objectCount=0; objectSchemaId=8; inherited=False; abstractObjectType=False; ...
Read more >
ActiveRecord::Persistence - Rails API
Wrapper around decrement that writes the update to the database. Only attribute is updated; the record itself is not saved. This means that...
Read more >
Update expressions - Amazon DynamoDB
An update expression specifies how UpdateItem will modify the attributes of an item—for example, setting a scalar value or removing elements from a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Use Assertion IDs to prevent SAML replay attacks

Next page

Azure AD B2C integration failure - 'utf8' is not a supported encoding name