From 7931cd6258ef14d2057760358d58c7be30858376 Mon Sep 17 00:00:00 2001 From: Mikko Nieminen Date: Mon, 8 Jul 2024 17:49:42 +0200 Subject: [PATCH] add oidc login signal handling (#1367) --- config/settings/base.py | 1 - projectroles/models.py | 12 ++++++++++-- projectroles/signals.py | 19 +++++++++++++++++++ projectroles/tests/test_models.py | 2 +- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/config/settings/base.py b/config/settings/base.py index bf64093d..f0a49fe7 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -448,7 +448,6 @@ AUTHENTICATION_BACKENDS, ) ) - MIDDLEWARE.append('social_django.middleware.SocialAuthExceptionMiddleware') TEMPLATES[0]['OPTIONS']['context_processors'] += [ 'social_django.context_processors.backends', 'social_django.context_processors.login_redirect', diff --git a/projectroles/models.py b/projectroles/models.py index 1d7cd1ca..5eae5e38 100644 --- a/projectroles/models.py +++ b/projectroles/models.py @@ -65,6 +65,7 @@ REMOTE_PROJECT_UNIQUE_MSG = ( 'RemoteProject with the same project UUID and site anready exists' ) +AUTH_PROVIDER_OIDC = 'oidc' # Project ---------------------------------------------------------------------- @@ -1344,8 +1345,13 @@ def get_form_label(self, email=False): return ret def set_group(self): - """Set user group based on user name.""" - if self.username.find('@') != -1: + """Set user group based on user name or social auth provider""" + social_auth = getattr(self, 'social_auth', None) + if social_auth: + social_auth = social_auth.first() + if social_auth and social_auth.provider == AUTH_PROVIDER_OIDC: + group_name = AUTH_PROVIDER_OIDC + elif self.username.find('@') != -1: group_name = self.username.split('@')[1].lower() else: group_name = SODAR_CONSTANTS['SYSTEM_USER_GROUP'] @@ -1354,6 +1360,8 @@ def set_group(self): group.user_set.add(self) return group_name + # TODO: Add get_user_type(), replace is_local() + def is_local(self): return not bool(re.search('@[A-Za-z0-9._-]+$', self.username)) diff --git a/projectroles/signals.py b/projectroles/signals.py index 03ef424b..13444b4c 100644 --- a/projectroles/signals.py +++ b/projectroles/signals.py @@ -9,6 +9,8 @@ user_login_failed, ) +from projectroles.models import AUTH_PROVIDER_OIDC + logger = logging.getLogger(__name__) @@ -29,6 +31,22 @@ def handle_ldap_login(sender, user, **kwargs): raise ex +def handle_oidc_login(sender, user, **kwargs): + """Signal for OIDC login handling""" + social_auth = getattr(user, 'social_auth', None) + if not social_auth: + return + try: + social_auth = social_auth.first() + if social_auth and social_auth.provider == AUTH_PROVIDER_OIDC: + logger.debug('Updating OIDC user..') + user.update_full_name() + except Exception as ex: + logger.error('Exception in handle_oidc_login(): {}'.format(ex)) + if settings.DEBUG: + raise ex + + def assign_user_group(sender, user, **kwargs): """Signal for user group assignment""" try: @@ -56,6 +74,7 @@ def log_user_login_failure(sender, credentials, **kwargs): user_logged_in.connect(handle_ldap_login) +user_logged_in.connect(handle_oidc_login) user_logged_in.connect(assign_user_group) user_logged_in.connect(log_user_login) user_logged_out.connect(log_user_logout) diff --git a/projectroles/tests/test_models.py b/projectroles/tests/test_models.py index c82caf0c..17be25e2 100644 --- a/projectroles/tests/test_models.py +++ b/projectroles/tests/test_models.py @@ -283,7 +283,7 @@ def set_up_as_target(cls, projects): class SODARUserMixin: - """Helper mixin for LDAP SodarUser creation""" + """Helper mixin for SodarUser creation""" def make_sodar_user( self,