From 723449818d9fe04239e064f4b382b4963fd292b4 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Fri, 22 Sep 2017 15:58:26 -0400
Subject: [PATCH 1/2] Fix issue when per user tokens are disabled

---
 awx/main/models/organization.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py
index d92d0d2075..fbffc73315 100644
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -236,7 +236,9 @@ class AuthToken(BaseModel):
         valid_n_tokens_qs = self.user.auth_tokens.filter(
             expires__gt=now,
             reason='',
-        ).order_by('-created')[0:settings.AUTH_TOKEN_PER_USER]
+        ).order_by('-created')
+        if settings.AUTH_TOKEN_PER_USER != -1:
+            valid_n_tokens_qs = valid_n_tokens_qs[0:settings.AUTH_TOKEN_PER_USER]
         valid_n_tokens = valid_n_tokens_qs.values_list('key', flat=True)
 
         return bool(self.key in valid_n_tokens)

From e9e027ecd7a4e5c3c4e5516460e674a29281ff60 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Fri, 22 Sep 2017 15:58:39 -0400
Subject: [PATCH 2/2] Fix issue when the enterprise_auth has already been
 created

---
 awx/sso/backends.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 3fe730231a..3e2410daa2 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -136,8 +136,9 @@ class LDAPBackend(BaseLDAPBackend):
 def _decorate_enterprise_user(user, provider):
     user.set_unusable_password()
     user.save()
-    enterprise_auth = UserEnterpriseAuth(user=user, provider=provider)
-    enterprise_auth.save()
+    enterprise_auth, created = UserEnterpriseAuth.objects.get_or_create(user=user, provider=provider)
+    if created:
+        enterprise_auth.save()
     return enterprise_auth