fix: SAML2 500 error caused by duplicate email or username

pull/14203/head
wangruidong 2 months ago committed by Bryan
parent cbc09d84df
commit 647736f4e3

@ -3,8 +3,10 @@ from urllib import parse
from django.conf import settings from django.conf import settings
from django.contrib import auth from django.contrib import auth
from django.db import IntegrityError
from django.http import HttpResponseRedirect, HttpResponse, HttpResponseServerError from django.http import HttpResponseRedirect, HttpResponse, HttpResponseServerError
from django.urls import reverse from django.urls import reverse
from django.utils.translation import gettext_lazy as _
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.auth import OneLogin_Saml2_Auth
@ -14,6 +16,7 @@ from onelogin.saml2.idp_metadata_parser import (
dict_deep_merge dict_deep_merge
) )
from authentication.views.mixins import FlashMessageMixin
from common.utils import get_logger from common.utils import get_logger
from .settings import JmsSaml2Settings from .settings import JmsSaml2Settings
@ -243,7 +246,7 @@ class Saml2EndSessionView(View, PrepareRequestMixin):
return HttpResponseRedirect(logout_url) return HttpResponseRedirect(logout_url)
class Saml2AuthCallbackView(View, PrepareRequestMixin): class Saml2AuthCallbackView(View, PrepareRequestMixin, FlashMessageMixin):
def post(self, request): def post(self, request):
log_prompt = "Process SAML2 POST requests: {}" log_prompt = "Process SAML2 POST requests: {}"
@ -272,7 +275,13 @@ class Saml2AuthCallbackView(View, PrepareRequestMixin):
logger.debug(log_prompt.format('Process authenticate')) logger.debug(log_prompt.format('Process authenticate'))
saml_user_data = self.get_attributes(saml_instance) saml_user_data = self.get_attributes(saml_instance)
try:
user = auth.authenticate(request=request, saml_user_data=saml_user_data) user = auth.authenticate(request=request, saml_user_data=saml_user_data)
except IntegrityError:
title = _("SAML2 Error")
msg = _('Please check if a user with the same username or email already exists')
response = self.get_failed_response('/', title, msg)
return response
if user and user.is_valid: if user and user.is_valid:
logger.debug(log_prompt.format('Login: {}'.format(user))) logger.debug(log_prompt.format('Login: {}'.format(user)))
auth.login(self.request, user) auth.login(self.request, user)

@ -7,7 +7,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: JumpServer 0.3.3\n" "Project-Id-Version: JumpServer 0.3.3\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-09-19 16:31+0800\n" "POT-Creation-Date: 2024-09-19 17:03+0800\n"
"PO-Revision-Date: 2021-05-20 10:54+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n"
"Last-Translator: ibuler <ibuler@qq.com>\n" "Last-Translator: ibuler <ibuler@qq.com>\n"
"Language-Team: JumpServer team<ibuler@qq.com>\n" "Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -1038,11 +1038,12 @@ msgid ""
"default: {\"length\": 16, \"lowercase\": true, \"uppercase\": true, " "default: {\"length\": 16, \"lowercase\": true, \"uppercase\": true, "
"\"digit\": true, \"symbol\": true, \"exclude_symbols\": \"\"}" "\"digit\": true, \"symbol\": true, \"exclude_symbols\": \"\"}"
msgstr "" msgstr ""
"length 是密码的长度,填写范围为 8 到 30。" "length 是密码的长度,填写范围为 8 到 30。lowercase 表示密码中是否包含小写字"
"lowercase 表示密码中是否包含小写字母uppercase 表示是否包含大写字母," "母uppercase 表示是否包含大写字母digit 表示是否包含数字symbol 表示是否包"
"digit 表示是否包含数字symbol 表示是否包含特殊符号。" "含特殊符号。exclude_symbols 用于排除特定符号,您可以填写要排除的符号字符(最"
"exclude_symbols 用于排除特定符号,您可以填写要排除的符号字符(最多 16 个),如果无需排除符号,可以留空。" "多 16 个),如果无需排除符号,可以留空。默认: {\"length\": 16, "
"默认: {\"length\": 16, \"lowercase\": true, \"uppercase\": true, \"digit\": true, \"symbol\": true, \"exclude_symbols\": \"\"}" "\"lowercase\": true, \"uppercase\": true, \"digit\": true, \"symbol\": true, "
"\"exclude_symbols\": \"\"}"
#: accounts/serializers/account/template.py:49 #: accounts/serializers/account/template.py:49
msgid "Secret generation strategy for account creation" msgid "Secret generation strategy for account creation"
@ -3174,6 +3175,7 @@ msgid "OpenID Error"
msgstr "OpenID 错误" msgstr "OpenID 错误"
#: authentication/backends/oidc/views.py:175 #: authentication/backends/oidc/views.py:175
#: authentication/backends/saml2/views.py:282
msgid "Please check if a user with the same username or email already exists" msgid "Please check if a user with the same username or email already exists"
msgstr "请检查是否已经存在相同用户名或邮箱的用户" msgstr "请检查是否已经存在相同用户名或邮箱的用户"
@ -3203,6 +3205,10 @@ msgstr "最后使用日期"
msgid "Credential ID" msgid "Credential ID"
msgstr "凭证 ID" msgstr "凭证 ID"
#: authentication/backends/saml2/views.py:281
msgid "SAML2 Error"
msgstr "SAML2 错误"
#: authentication/confirm/password.py:16 #: authentication/confirm/password.py:16
msgid "Authentication failed password incorrect" msgid "Authentication failed password incorrect"
msgstr "认证失败 (用户名或密码不正确)" msgstr "认证失败 (用户名或密码不正确)"
@ -7262,7 +7268,8 @@ msgid ""
"\n" "\n"
" Your account has expired, please contact the administrator.\n" " Your account has expired, please contact the administrator.\n"
" " " "
msgstr "\n" msgstr ""
"\n"
" 您的账号已经过期,请联系管理员。 " " 您的账号已经过期,请联系管理员。 "
#: templates/_message.html:13 #: templates/_message.html:13

Loading…
Cancel
Save