From 771b8fd095f3bcb922f761d297c62f1a56a997d5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 16 Feb 2015 14:04:49 -0500
Subject: Prefix userdata hives with _ to avoid conflicts

The main userdata dict contains common attributes, but we add
a sepcial groups list and unmapped extras, as well as indicators
like auth_type.
All these additional attributes are now prefixed by a _ character
so that conflicts with legitimate attributes are improbable.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ipsilon/providers/saml2/auth.py | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

(limited to 'ipsilon/providers/saml2/auth.py')

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 44ed834..a65b52a 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -210,20 +210,13 @@ class AuthenticateRequest(ProviderPageBase):
         if not attrstat.attribute:
             attrstat.attribute = ()
 
-        attributes = dict()
-        userattrs = us.get_user_attrs()
-        for key, value in userattrs.get('userdata', {}).iteritems():
-            if type(value) is str:
-                attributes[key] = value
-        if 'groups' in userattrs:
-            attributes['group'] = userattrs['groups']
-        for _, info in userattrs.get('extras', {}).iteritems():
-            for key, value in info.items():
-                attributes[key] = value
+        attributes = us.get_user_attrs()
 
         for key in attributes:
             values = attributes[key]
-            if type(values) is not list:
+            if isinstance(values, dict):
+                continue
+            if not isinstance(values, list):
                 values = [values]
             for value in values:
                 attr = lasso.Saml2Attribute()
-- 
cgit