From b4aeb0353f003e9285d01d6039d6c4903d94d4d0 Mon Sep 17 00:00:00 2001
From: Cameron Lamb <cameron.lamb@digital.trade.gov.uk>
Date: Fri, 12 May 2023 12:04:50 +0100
Subject: [PATCH 1/2] Separate out the condition for skipping login

---
 djangosaml2/views.py | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/djangosaml2/views.py b/djangosaml2/views.py
index 9aa42f46..7c73940b 100644
--- a/djangosaml2/views.py
+++ b/djangosaml2/views.py
@@ -174,21 +174,23 @@ def load_sso_kwargs(self, sso_kwargs):
     def add_idp_hinting(self, http_response):
         return add_idp_hinting(self.request, http_response) or http_response
 
-    def get(self, request, *args, **kwargs):
-        logger.debug("Login process started")
-        next_path = self.get_next_path(request)
-
-        # if the user is already authenticated that maybe because of two reasons:
+    def should_prevent_auth(self, request) -> bool:
+        # If the user is already authenticated that maybe because of two reasons:
         # A) He has this URL in two browser windows and in the other one he
         #    has already initiated the authenticated session.
         # B) He comes from a view that (incorrectly) send him here because
         #    he does not have enough permissions. That view should have shown
         #    an authorization error in the first place.
-        # We can only make one thing here and that is configurable with the
-        # SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting. If that setting
-        # is True (default value) we will redirect him to the next_path path.
-        # Otherwise, we will show an (configurable) authorization error.
-        if request.user.is_authenticated:
+        return request.user.is_authenticated
+
+    def get(self, request, *args, **kwargs):
+        logger.debug("Login process started")
+        next_path = self.get_next_path(request)
+
+        if self.should_prevent_auth(request):
+            # If the SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting is True
+            # (default value), redirect to the next_path. Otherwise, show a
+            # configurable authorization error.
             if get_custom_setting("SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN", True):
                 return HttpResponseRedirect(next_path)
             logger.debug("User is already logged in")

From 2366a927fa9bb36d1ee49009eda2513d553e7896 Mon Sep 17 00:00:00 2001
From: Cameron Lamb <cameron.lamb@digital.trade.gov.uk>
Date: Mon, 15 May 2023 12:15:41 +0100
Subject: [PATCH 2/2] Bump package version to 1.5.8

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index ce7e18d8..a97c3313 100644
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,7 @@ def read(*rnames):
 
 setup(
     name="djangosaml2",
-    version="1.5.7",
+    version="1.5.8",
     description="pysaml2 integration for Django",
     long_description=read("README.md"),
     long_description_content_type="text/markdown",