Allow cascadia employee to have either employee or student ID.

jeffFranklin · jeffFranklin · commit b278c15d0d0d · 2019-03-04T16:28:43.000-08:00
diff --git a/tests/test_federated.py b/tests/test_federated.py
@@ -1,10 +1,30 @@
 """Just importing federated boosts our coverage."""
-from uw_saml2.idp import federated
+from uw_saml2.idp import federated, attribute
+import pytest
 
 
-def test_cascadia_employee():
-    id_attribute = 'urn:mace:washington.edu:dir:attribute-def:stu-validationID'
-    assert federated.CascadiaEmployeeIdp.id_attribute == id_attribute
+@pytest.mark.parametrize('student,employee', [
+    (['loser'], ['winner']),
+    (['winner'], None),
+    (None, ['winner']),
+    ([], ['winner']),
+    (['winner'], [])
+])
+def test_cascadia_employee_attributes(student, employee):
+    """
+    Cascadia Employees should come across as such, but our test one comes
+    through as a student. This checks that if either one is set, we get
+    a value for remote_user. It's still entirely possible for student to
+    win out.
+    """
+    prefix = 'urn:mace:washington.edu:dir:attribute-def'
+    attrs = {}
+    if student is not None:
+        attrs[f'{prefix}:stu-validationID'] = student
+    if employee is not None:
+        attrs[f'{prefix}:emp-validationID'] = employee
+    mapped_attrs = dict(attribute.map(attrs, federated.CascadiaEmployeeIdp))
+    assert mapped_attrs['remote_user'] == 'winner'
 
 
 def test_scca_dynamic_entity_id():
diff --git a/uw_saml2/idp/attribute.py b/uw_saml2/idp/attribute.py
@@ -24,7 +24,9 @@ def __init__(self, name):
 
     def map(self, values):
         """Return only the first value in a list of values."""
-        return values and values[0]
+        if not values:
+            return None
+        return values[0]
 
 
 class List(Attribute):
diff --git a/uw_saml2/idp/federated.py b/uw_saml2/idp/federated.py
@@ -32,8 +32,12 @@ class CascadiaEmployeeIdp(CascadiaStudentIdp):
     The only difference between an Cascadia Employee and a Student are the
     IdP's endpoint. Even the id_attribute of 'stu-validationID' remains.
     """
-    sso_url = ('https://idp.employee.cascadia.edu'
-               '/idp/profile/SAML2/Redirect/SSO')
+    _idp_url = 'https://idp.employee.cascadia.edu'
+    _attribute_prefix = 'urn:mace:washington.edu:dir:attribute-def'
+    sso_url = f'{_idp_url}/idp/profile/SAML2/Redirect/SSO'
+    attribute_map = {
+        f'{_attribute_prefix}:emp-validationID': 'remote_user'
+    }
 
 
 class CollegenetIdp(IdpConfig):
