create groups on demand

Author: fopina

dojo/backends.py

@@ -40,8 +40,8 @@ def _update_user(
         if self.group_re is None:
             return user
 
-        # list of all existing "SAML2-mapped" groups
-        all_saml_groups = {group.name: group for group in Dojo_Group.objects.all() if self.group_re.match(group.name)}
+        # list of all existing "SAML2-mapped" groups - regexp excluded so the ones no longer matching regexp are removed
+        all_saml_groups = {group.name: group for group in Dojo_Group.objects.filter(social_provider=Dojo_Group.SAML)}
 
         # list of groups user MUST have
         needs_groups = set()
@@ -75,8 +75,9 @@ def _update_user(
             for group_name in groups_to_add:
                 group = all_saml_groups.get(group_name)
                 if group is None:
-                    logger.error("Group %s is mapped for SAML2 but it does not exist in Dojo", group_name)
-                else:
-                    Dojo_Group_Member.objects.create(group=group, user_id=user.pk, role=reader_role)
-                    logger.debug("User %s became member of SAML2 group: %s", user, group.name)
+                    group = Dojo_Group.objects.create(name=group_name, social_provider=Dojo_Group.SAML)
+                    logger.error("Group %s did not exist locally so it was created", group_name)
+
+                Dojo_Group_Member.objects.create(group=group, user_id=user.pk, role=reader_role)
+                logger.debug("User %s became member of SAML2 group: %s", user, group.name)
         return user

dojo/db_migrations/0245_alter_dojo_group_social_provider.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.1.12 on 2025-10-05 14:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0244_pghistory_indices'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='dojo_group',
+            name='social_provider',
+            field=models.CharField(blank=True, choices=[('AzureAD', 'AzureAD'), ('Remote', 'Remote'), ('SAML2', 'SAML2')], help_text='Group imported from a social provider.', max_length=10, null=True, verbose_name='Social Authentication Provider'),
+        ),
+    ]

dojo/group/utils.py

@@ -32,7 +32,7 @@ def group_post_save_handler(sender, **kwargs):
         group.auth_group = auth_group
         group.save()
         user = get_current_user()
-        if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS:
+        if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS and not settings.SAML2_GROUPS_ATTRIBUTE:
             # Add the current user as the owner of the group
             member = Dojo_Group_Member()
             member.user = user

dojo/models.py

@@ -273,9 +273,11 @@ class UserContactInfo(models.Model):
 class Dojo_Group(models.Model):
     AZURE = "AzureAD"
     REMOTE = "Remote"
+    SAML = "SAML2"
     SOCIAL_CHOICES = (
         (AZURE, _("AzureAD")),
         (REMOTE, _("Remote")),
+        (SAML, _("SAML2")),
     )
     name = models.CharField(max_length=255, unique=True)
     description = models.CharField(max_length=4000, null=True, blank=True)