Add catch for missing groups in claim

OasisLMF · Sep 18, 2024 · 8a0b1cb · 8a0b1cb
1 parent b565d3b
commit 8a0b1cb
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/server/oasisapi/oidc/keycloak_auth.py b/src/server/oasisapi/oidc/keycloak_auth.py
@@ -157,7 +157,11 @@ def update_groups(self, user, claims):
         """
         Persist Keycloak groups as local Django groups.
         """
-        keycloak_groups = claims.get('groups', [])
+        keycloak_groups = claims.get('groups', None)
+        if keycloak_groups is None:
+            msg = 'No group found in claim / user_info'
+            raise SuspiciousOperation(msg)
+
         for i, keycloak_group in enumerate(keycloak_groups):
             if keycloak_group.startswith('/'):
                 keycloak_groups[i] = keycloak_group[1:]