From 77c7d433bf4d0ce115429adc708e28708164f9dc Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Tue, 12 Dec 2017 18:58:12 +0100
Subject: [PATCH] Add the description and the check to the backend setting.

---
 README.md                        |  2 +-
 ssoauth/app_settings/defaults.py |  3 ++-
 ssoauth/checks.py                | 10 ++++++++++
 ssoauth/views.py                 |  4 ++--
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 9887b68..5c80b22 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ SP_SSL = False
 
 SP_FORCE_ENTITY_ID = "dev-id-{0}-{1}".format(socket.gethostname(), os.path.dirname(os.path.dirname(__file__)))  # too many localhosts around
 
-LOGIN_URL = urls.reverse_lazy("sso-dev")
+LOGIN_URL = urls.reverse_lazy("sso-dev")  # it's "sso-login" for prod
 ```
 
 
diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 16cd1f6..f8f20e5 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -55,6 +55,8 @@ SU_PERM_NAME = "superuser"
 STAFF_GROUP_NAME = "{0}_staff".format(PROJECT_NAME)
 STAFF_PERM_NAME = "staff"
 
+PRETEND_AUTH_BACKEND = django_settings.AUTHENTICATION_BACKENDS[0]  # pretend to be this backend; django does not expect that it is possible to log in without an authentication backend
+
 
 """
 Not really settings...
@@ -88,4 +90,3 @@ SP_ORGANIZATION = {
     },
 }
 
-DEFAULT_AUTH_BACKEND = django_settings.AUTHENTICATION_BACKENDS[0]
diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index 06c7f37..6da861c 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -88,6 +88,16 @@ def sp_host_is_not_localhost(app_configs, **kwargs):
     return errors
 
 
+@register(Tags.compatibility)
+def pretend_backend(app_configs, **kwargs):
+    errors = list()
+    pretend_expected = "django.contrib.auth.backends.ModelBackend"
+    if app_settings.PRETEND_AUTH_BACKEND != pretend_expected:
+        errors.append(Warning("Please make sure the first element of AUTHENTICATION_BACKENDS is django.contrib.auth.backends.ModelBackend; "
+                              "if you are not using this backend you need to ensure the first backend in the list knows how to get user by id/natural key"))
+    return errors
+
+
 @register(Tags.urls)
 def auth_urls_configured(app_configs, **kwargs):
     errors = list()
diff --git a/ssoauth/views.py b/ssoauth/views.py
index 31b7f82..3fd73c7 100644
--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -177,7 +177,7 @@ class ACSAuthNView(SAMLMixin, View):
         )
         auth_utils.cleanup_direct_permissions(user=user)
         auth_utils.set_user_compat_flags(user=user)
-        user.backend = app_settings.DEFAULT_AUTH_BACKEND
+        user.backend = app_settings.PRETEND_AUTH_BACKEND
         request.user = user
         contrib_auth.login(request, user)
         logger.debug("Logged in {user}".format(**locals()))
@@ -297,7 +297,7 @@ class DevView(FormView):
             except exceptions.ObjectDoesNotExist:
                 import uuid
                 user = auth_utils.get_or_create_user(username=log_in_as_username, uuid=uuid.uuid4())
-            user.backend = app_settings.DEFAULT_AUTH_BACKEND
+            user.backend = app_settings.PRETEND_AUTH_BACKEND
             self.request.user = user
             contrib_auth.login(request=self.request, user=user)
         elif toggle_group:
-- 
GitLab