Minor refactor on role/group code.

[distortedsignal]

This is a minor refactor on the role/group code, and a little on the code that returns the username as well.

I was thinking about this code over the weekend, and I realized that, even if there was no way for the user to log in via groups, we would still run the XPath to get their groups from the SAML Response. I would prefer that we only run the XPath if we have to.

There was some collateral damage to the final code that checks if the user needs to be created in the system and returns the username.

Developer Certificate of Origin Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 York Street, Suite 102, San Francisco, CA 94110 USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Signed-off-by: Thomas Kelley distortedsignal@gmail.com

[distortedsignal]

This was a dead branch because this issue was taken care of on (new) line 666.

[distortedsignal]

This check was removed because it is now taken care of by (new) line 662.

[distortedsignal]

This logic was moved into _valid_config_and_roles.

[distortedsignal]

Instead of having this function return a boolean, I think it's more literate to have the function return str or None, and return this function (new line 696).

[codecov-commenter]

Codecov Report

Merging #54 into master will increase coverage by 0.29%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master      #54      +/-   ##
==========================================
+ Coverage   91.75%   92.05%   +0.29%     
==========================================
  Files           2        2              
  Lines         376      390      +14     
==========================================
+ Hits          345      359      +14     
  Misses         31       31              

Impacted Files	Coverage Δ
samlauthenticator/samlauthenticator.py	92.03% <100.00%> (+0.29%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6226aa5...3d667d6. Read the comment docs.

[distortedsignal]

Hey @0nebody I'd appreciate if you could take a look at this and give feedback. I'll merge this in a week if I don't hear back from you.

[0nebody]

I like this changes to this function. Its easier to see the checks performed to authenticate a user.

[0nebody]

Reviewed your changes and like the improvements.