Merge pull request fangli#64 from kevPo/create-user-flag

Added new user creation setting.
rev4love · Oct 9, 2018 · 8fe1bab · 8fe1bab
2 parents 90a2409 + 7650fbc
commit 8fe1bab
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/AUTHORS.rst b/AUTHORS.rst
@@ -27,3 +27,4 @@ Contributors
 - `Tonymke <https://github.com/tonymke/>`_
 - `pintor <https://github.com/pintor>`_
 - `BaconAndEggs <https://github.com/BaconAndEggs>`_
+_ `kevPo <https://github.com/kevPo>`_
diff --git a/README.rst b/README.rst
@@ -128,6 +128,7 @@ How to use?
 
             # Optional settings below
             'DEFAULT_NEXT_URL': '/admin',  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
+            'CREATE_USER': 'TRUE', # Create a new Django user when a new user logs in. Defaults to True.
             'NEW_USER_PROFILE': {
                 'USER_GROUPS': [],  # The default group name when a new user logs in
                 'ACTIVE_STATUS': True,  # The default active status for new users
@@ -158,6 +159,8 @@ Explanation
 
 **METADATA_AUTO_CONF_URL** Auto SAML2 metadata configuration URL
 
+**CREATE_USER** Determines if a new Django user should be created for new users.
+
 **NEW_USER_PROFILE** Default settings for newly created users
 
 **ATTRIBUTES_MAP** Mapping of Django user attributes to SAML2 user attributes

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
@@ -161,10 +161,14 @@ def acs(r):
         if settings.SAML2_AUTH.get('TRIGGER', {}).get('BEFORE_LOGIN', None):
             import_string(settings.SAML2_AUTH['TRIGGER']['BEFORE_LOGIN'])(user_identity)
     except User.DoesNotExist:
-        target_user = _create_new_user(user_name, user_email, user_first_name, user_last_name)
-        if settings.SAML2_AUTH.get('TRIGGER', {}).get('CREATE_USER', None):
-            import_string(settings.SAML2_AUTH['TRIGGER']['CREATE_USER'])(user_identity)
-        is_new_user = True
+        new_user_should_be_created = settings.SAML2_AUTH.get('CREATE_USER', True)
+        if new_user_should_be_created: 
+            target_user = _create_new_user(user_name, user_email, user_first_name, user_last_name)
+            if settings.SAML2_AUTH.get('TRIGGER', {}).get('CREATE_USER', None):
+                import_string(settings.SAML2_AUTH['TRIGGER']['CREATE_USER'])(user_identity)
+            is_new_user = True
+        else:
+            return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
 
     r.session.flush()