Merge branch 'settings' into dev

peppelinux · peppelinux · commit 9d975f724321 · 2021-07-15T15:30:04.000+02:00
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -110,9 +110,20 @@ class LoginView(SPConfigMixin, View):
         will be rendered.
     """
 
-    wayf_template = 'djangosaml2/wayf.html'
-    authorization_error_template = 'djangosaml2/auth_error.html'
-    post_binding_form_template = 'djangosaml2/post_binding_form.html'
+    wayf_template = getattr(
+        settings,
+        'SAML2_CUSTOM_WAYF_TEMPLATE','djangosaml2/wayf.html'
+    )
+    authorization_error_template = getattr(
+        settings,
+        'SAML2_CUSTOM_AUTHORIZATION_ERROR_TEMPLATE',
+        'djangosaml2/auth_error.html'
+    )
+    post_binding_form_template = getattr(
+        settings,
+        'SAML2_CUSTOM_POST_BINDING_FORM_TEMPLATE',
+        'djangosaml2/post_binding_form.html'
+    )
 
     def get_next_path(self, request: HttpRequest) -> str:
         ''' Returns the path to put in the RelayState to redirect the user to after having logged in.
diff --git a/docs/source/contents/setup.rst b/docs/source/contents/setup.rst
@@ -400,13 +400,29 @@ For example::
 
     from djangosaml2.backends import Saml2Backend
 
+
     class ModifiedSaml2Backend(Saml2Backend):
         def save_user(self, user, *args, **kwargs):
             user.save()
             user_group = Group.objects.get(name='Default')
             user.groups.add(user_group)
             return super().save_user(user, *args, **kwargs)
 
+Keep in mind save_user is only called when there was a reason to save the User model (ie. first login), and it has no access to SAML attributes for authorization. If this is required, it can be achieved by overriding the _update_user::
+
+    from djangosaml2.backends import Saml2Backend
+
+    class ModifiedSaml2Backend(Saml2Backend):
+        def _update_user(self, user, attributes: dict, attribute_mapping: dict, force_save: bool = False):
+            if 'eduPersonEntitlement' in attributes:
+                if 'some-entitlement' in attributes['eduPersonEntitlement']:
+                    user.is_staff = True
+                    force_save = True
+                else:
+                    user.is_staff = False
+                    force_save = True
+             return super()._update_user(user, attributes, attribute_mapping, force_save)
+
 .. _hooks: https://github.com/identitypython/djangosaml2/blob/master/djangosaml2/backends.py#L181
 
 
diff --git a/setup.py b/setup.py
@@ -24,7 +24,7 @@ def read(*rnames):
 
 setup(
     name='djangosaml2',
-    version='1.3.2',
+    version='1.3.3',
     description='pysaml2 integration for Django',
     long_description=read('README.md'),
     long_description_content_type='text/markdown',
