From 70bf03e73e0316664d8d4eaecd38dd53b2d6012e Mon Sep 17 00:00:00 2001
From: Julian Dehm <j.dehm@liqd.net>
Date: Mon, 21 Oct 2024 17:41:21 +0200
Subject: [PATCH] fix saml login errors after rebase on a+

---
 Makefile                                      |  2 +-
 adhocracy-plus/config/settings/dev.py         | 64 ++++++++++---------
 apps/djangosaml2_overwrites/overwrites.py     | 16 ++---
 .../djangosaml2_overwrites/signup.html        |  8 +--
 changelog/_1111.md                            |  3 +
 5 files changed, 48 insertions(+), 45 deletions(-)
 create mode 100644 changelog/_1111.md

diff --git a/Makefile b/Makefile
index f06582952..c3784773f 100644
--- a/Makefile
+++ b/Makefile
@@ -161,7 +161,7 @@ lint-html-fix:
 .PHONY: lint-html-files
 lint-html-files:
 	EXIT_STATUS=0; \
-	$(VIRTUAL_ENV)/bin/djlint $(ARGUMENTS) --profile=django --ignore=H006,H030,H031 || EXIT_STATUS=$$?; \
+	$(VIRTUAL_ENV)/bin/djlint $(ARGUMENTS) --profile=django --ignore=T002,H006,H030,H031 || EXIT_STATUS=$$?; \
 	exit $${EXIT_STATUS}
 
 .PHONY: lint-python-files
diff --git a/adhocracy-plus/config/settings/dev.py b/adhocracy-plus/config/settings/dev.py
index dfa75adce..af94db061 100644
--- a/adhocracy-plus/config/settings/dev.py
+++ b/adhocracy-plus/config/settings/dev.py
@@ -49,40 +49,45 @@
 BASEDIR = path.dirname(path.abspath(__file__))
 
 SAML_CONFIG = {
-  'entityid': 'http://app.example.com',
-  'allow_unknown_attributes': True,
-  'attribute_map_dir': path.join(BASEDIR, 'saml', 'attribute-maps'),
-  'service': {
-    'sp': {
-      'name': 'Federated Django sample SP',
-      'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
-      'endpoints': {
-        'single_logout_service': [
-          ('http://localhost:8004/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
-          ('http://localhost:8004/saml2/ls/post', saml2.BINDING_HTTP_POST),
-        ],
-        'assertion_consumer_service': [
-          ('http://localhost:8004/saml2/acs/', saml2.BINDING_HTTP_POST),
+    "entityid": "http://app.example.com",
+    "allow_unknown_attributes": True,
+    "attribute_map_dir": path.join(BASEDIR, "saml", "attribute-maps"),
+    "service": {
+        "sp": {
+            "name": "Federated Django sample SP",
+            "name_id_format": saml2.saml.NAMEID_FORMAT_PERSISTENT,
+            "endpoints": {
+                "single_logout_service": [
+                    ("http://localhost:8004/saml2/ls/", saml2.BINDING_HTTP_REDIRECT),
+                    ("http://localhost:8004/saml2/ls/post", saml2.BINDING_HTTP_POST),
+                ],
+                "assertion_consumer_service": [
+                    ("http://localhost:8004/saml2/acs/", saml2.BINDING_HTTP_POST),
+                ],
+            },
+            "required_attributes": ["mail"],
+            "allow_unsolicited": False,
+        },
+    },
+    "metadata": {
+        "remote": [
+            {"url": "http://localhost:8080/simplesaml/saml2/idp/metadata.php"},
         ],
-      },
-      'required_attributes': ['mail'],
     },
-  },
-  'metadata': {
-    'remote': [{"url": "http://localhost:8080/simplesaml/saml2/idp/metadata.php"},],
-  },
-  'key_file': path.join(BASEDIR, 'saml', 'private.key'),
-  'cert_file': path.join(BASEDIR, 'saml', 'cert.pem'),
-  'encryption_keypairs': [{
-    'key_file': path.join(BASEDIR, 'saml', 'private.key'),
-    'cert_file': path.join(BASEDIR, 'saml', 'cert.pem'),
-  }],
-  'debug': 1,
+    "key_file": path.join(BASEDIR, "saml", "private.key"),
+    "cert_file": path.join(BASEDIR, "saml", "cert.pem"),
+    "encryption_keypairs": [
+        {
+            "key_file": path.join(BASEDIR, "saml", "private.key"),
+            "cert_file": path.join(BASEDIR, "saml", "cert.pem"),
+        }
+    ],
+    "debug": 1,
 }
-SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'
+SAML_DJANGO_USER_MAIN_ATTRIBUTE = "email"
 SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_REDIRECT
 SAML_ATTRIBUTE_MAPPING = {
-    'mail': ['email', 'set_username_from_email'],
+    "mail": ["email", "set_username_from_email"],
 }
 
 # The local.py import happens at the end of this file so that it can overwrite
@@ -106,4 +111,3 @@
     CKEDITOR_CONFIGS["video-editor"]["embed_provider"] = CKEDITOR_URL
 except NameError:
     pass
-
diff --git a/apps/djangosaml2_overwrites/overwrites.py b/apps/djangosaml2_overwrites/overwrites.py
index 1019ebf74..af1699cb8 100644
--- a/apps/djangosaml2_overwrites/overwrites.py
+++ b/apps/djangosaml2_overwrites/overwrites.py
@@ -3,8 +3,6 @@
 from djangosaml2.urls import urlpatterns
 from djangosaml2.views import AssertionConsumerServiceView
 
-from apps.users.models import User
-
 from .urls import urlpatterns as custom_urlpatterns
 
 
@@ -15,21 +13,19 @@ def apply_custom_overwrites():
 
 
 def customize_session(self, user, session_info):
-    user_obj = User.objects.get(email=user)
-    if not EmailAddress.objects.filter(user=user_obj, email=user).exists():
-        email_address = EmailAddress(user=user_obj, email=user)
+    if not EmailAddress.objects.filter(user=user, email=user.email).exists():
+        email_address = EmailAddress(user=user, email=user.email)
         email_address.save()
-    if not EmailAddress.objects.filter(user=user_obj, primary=True).exists():
-        email_address = EmailAddress.objects.get(user=user_obj, email=user)
+    if not EmailAddress.objects.filter(user=user, primary=True).exists():
+        email_address = EmailAddress.objects.get(user=user, email=user.email)
         email_address.primary = True
         email_address.save()
 
 
 def custom_redirect(self, user, relay_state, session_info):
-    user_obj = User.objects.get(email=user)
-    email_address = EmailAddress.objects.get(user=user_obj, email=user)
+    email_address = EmailAddress.objects.get(user=user, email=user.email)
     if not email_address.verified:
-        signup = reverse('saml2_signup')
+        signup = reverse("saml2_signup")
         if relay_state:
             signup += "?next={}".format(relay_state)
         return signup
diff --git a/apps/djangosaml2_overwrites/templates/djangosaml2_overwrites/signup.html b/apps/djangosaml2_overwrites/templates/djangosaml2_overwrites/signup.html
index 2b0f157d6..bcaf22a54 100644
--- a/apps/djangosaml2_overwrites/templates/djangosaml2_overwrites/signup.html
+++ b/apps/djangosaml2_overwrites/templates/djangosaml2_overwrites/signup.html
@@ -1,8 +1,8 @@
-{% extends "socialaccount/base.html" %}
+{% extends "account/base.html" %}
 
 {% load i18n %}
 
-{% block head_title %}{% trans "Signup" %}{% endblock %}
+{% block head_title %}{% trans "Signup" %}{% endblock head_title %}
 
 {% block content %}
     <h1>{% trans "Sign Up" %}</h1>
@@ -53,7 +53,7 @@ <h1>{% trans "Sign Up" %}</h1>
         <div class="form-check">
           <label class="form-check__label">
             {{ form.terms_of_use_extra }}
-            {{ form.terms_of_use_extra.label|safe}}
+            {{ form.terms_of_use_extra.label|safe }}
             {% if form.terms_of_use_extra.field.required %}<span role="presentation" title="{% trans 'This field is required' %}">*</span>{% endif %}
             </label>
             {{ form.terms_of_use.errors }}
@@ -87,4 +87,4 @@ <h1>{% trans "Sign Up" %}</h1>
         </div>
     </form>
 
-{% endblock %}
+{% endblock content %}
diff --git a/changelog/_1111.md b/changelog/_1111.md
new file mode 100644
index 000000000..c2eb1756e
--- /dev/null
+++ b/changelog/_1111.md
@@ -0,0 +1,3 @@
+### Fixed
+
+- fix saml login broken after rebase on latest a+