Merge branch 'master' into local-metadata-file

Wombatpm · Oct 9, 2018 · 86fa5ee · 86fa5ee
2 parents df1ab60 + 8fe1bab
commit 86fa5ee
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/AUTHORS.rst b/AUTHORS.rst
@@ -27,4 +27,5 @@ Contributors
 - `Tonymke <https://github.com/tonymke/>`_
 - `pintor <https://github.com/pintor>`_
 - `BaconAndEggs <https://github.com/BaconAndEggs>`_
-- `kevPo <https://github.com/kevPo>`_
+- `ayr-ton <https://github.com/ayr-ton>`_
+_ `kevPo <https://github.com/kevPo>`_
diff --git a/README.rst b/README.rst
@@ -129,6 +129,7 @@ How to use?
 
             # Optional settings below
             'DEFAULT_NEXT_URL': '/admin',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
+            'CREATE_USER': 'TRUE', # Create a new Django user when a new user logs in. Defaults to True.
             'NEW_USER_PROFILE': {
                 'USER_GROUPS': [],  # The default group name when a new user logs in
                 'ACTIVE_STATUS': True,  # The default active status for new users
@@ -161,6 +162,8 @@ Explanation
 
 **METADATA_LOCAL_FILE_PATH** SAML2 metadata configuration file path
 
+**CREATE_USER** Determines if a new Django user should be created for new users.
+
 **NEW_USER_PROFILE** Default settings for newly created users
 
 **ATTRIBUTES_MAP** Mapping of Django user attributes to SAML2 user attributes

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
@@ -171,10 +171,14 @@ def acs(r):
         if settings.SAML2_AUTH.get('TRIGGER', {}).get('BEFORE_LOGIN', None):
             import_string(settings.SAML2_AUTH['TRIGGER']['BEFORE_LOGIN'])(user_identity)
     except User.DoesNotExist:
-        target_user = _create_new_user(user_name, user_email, user_first_name, user_last_name)
-        if settings.SAML2_AUTH.get('TRIGGER', {}).get('CREATE_USER', None):
-            import_string(settings.SAML2_AUTH['TRIGGER']['CREATE_USER'])(user_identity)
-        is_new_user = True
+        new_user_should_be_created = settings.SAML2_AUTH.get('CREATE_USER', True)
+        if new_user_should_be_created: 
+            target_user = _create_new_user(user_name, user_email, user_first_name, user_last_name)
+            if settings.SAML2_AUTH.get('TRIGGER', {}).get('CREATE_USER', None):
+                import_string(settings.SAML2_AUTH['TRIGGER']['CREATE_USER'])(user_identity)
+            is_new_user = True
+        else:
+            return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
 
     r.session.flush()