fix: SAML2 500 error caused by duplicate email or username

apps/authentication/backends/saml2/views.py

@@ -3,8 +3,10 @@ from urllib import parse
 
 from django.conf import settings
 from django.contrib import auth
+from django.db import IntegrityError
 from django.http import HttpResponseRedirect, HttpResponse, HttpResponseServerError
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 from onelogin.saml2.auth import OneLogin_Saml2_Auth
@@ -14,6 +16,7 @@ from onelogin.saml2.idp_metadata_parser import (
     dict_deep_merge
 )
 
+from authentication.views.mixins import FlashMessageMixin
 from common.utils import get_logger
 from .settings import JmsSaml2Settings
 
@@ -243,7 +246,7 @@ class Saml2EndSessionView(View, PrepareRequestMixin):
         return HttpResponseRedirect(logout_url)
 
 
-class Saml2AuthCallbackView(View, PrepareRequestMixin):
+class Saml2AuthCallbackView(View, PrepareRequestMixin, FlashMessageMixin):
 
     def post(self, request):
         log_prompt = "Process SAML2 POST requests: {}"
@@ -272,7 +275,13 @@ class Saml2AuthCallbackView(View, PrepareRequestMixin):
 
         logger.debug(log_prompt.format('Process authenticate'))
         saml_user_data = self.get_attributes(saml_instance)
-        user = auth.authenticate(request=request, saml_user_data=saml_user_data)
+        try:
+            user = auth.authenticate(request=request, saml_user_data=saml_user_data)
+        except IntegrityError:
+            title = _("SAML2 Error")
+            msg = _('Please check if a user with the same username or email already exists')
+            response = self.get_failed_response('/', title, msg)
+            return response
         if user and user.is_valid:
             logger.debug(log_prompt.format('Login: {}'.format(user)))
             auth.login(self.request, user)

apps/i18n/core/zh/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-09-19 16:31+0800\n"
+"POT-Creation-Date: 2024-09-19 17:03+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -1038,11 +1038,12 @@ msgid ""
 "default: {\"length\": 16, \"lowercase\": true, \"uppercase\": true, "
 "\"digit\": true, \"symbol\": true, \"exclude_symbols\": \"\"}"
 msgstr ""
-"length 是密码的长度，填写范围为 8 到 30。"
-"lowercase 表示密码中是否包含小写字母，uppercase 表示是否包含大写字母，"
-"digit 表示是否包含数字，symbol 表示是否包含特殊符号。"
-"exclude_symbols 用于排除特定符号，您可以填写要排除的符号字符（最多 16 个），如果无需排除符号，可以留空。"
-"默认: {\"length\": 16, \"lowercase\": true, \"uppercase\": true, \"digit\": true, \"symbol\": true, \"exclude_symbols\": \"\"}"
+"length 是密码的长度，填写范围为 8 到 30。lowercase 表示密码中是否包含小写字"
+"母，uppercase 表示是否包含大写字母，digit 表示是否包含数字，symbol 表示是否包"
+"含特殊符号。exclude_symbols 用于排除特定符号，您可以填写要排除的符号字符（最"
+"多 16 个），如果无需排除符号，可以留空。默认: {\"length\": 16, "
+"\"lowercase\": true, \"uppercase\": true, \"digit\": true, \"symbol\": true, "
+"\"exclude_symbols\": \"\"}"
 
 #: accounts/serializers/account/template.py:49
 msgid "Secret generation strategy for account creation"
@@ -3174,6 +3175,7 @@ msgid "OpenID Error"
 msgstr "OpenID 错误"
 
 #: authentication/backends/oidc/views.py:175
+#: authentication/backends/saml2/views.py:282
 msgid "Please check if a user with the same username or email already exists"
 msgstr "请检查是否已经存在相同用户名或邮箱的用户"
 
@@ -3203,6 +3205,10 @@ msgstr "最后使用日期"
 msgid "Credential ID"
 msgstr "凭证 ID"
 
+#: authentication/backends/saml2/views.py:281
+msgid "SAML2 Error"
+msgstr "SAML2 错误"
+
 #: authentication/confirm/password.py:16
 msgid "Authentication failed password incorrect"
 msgstr "认证失败 (用户名或密码不正确)"
@@ -7262,7 +7268,8 @@ msgid ""
 "\n"
 "                Your account has expired, please contact the administrator.\n"
 "            "
-msgstr "\n"
+msgstr ""
+"\n"
 "                您的账号已经过期，请联系管理员。            "
 
 #: templates/_message.html:13