Skip to content

Commit

Permalink
implement synchronization of mafiasi admin status via oidc
Browse files Browse the repository at this point in the history
lilioid committed Nov 13, 2023

Verified

This commit was signed with the committer’s verified signature.
lilioid Lilly
1 parent b48d13a commit a66568b
Showing 3 changed files with 25 additions and 2 deletions.
1 change: 1 addition & 0 deletions src/.env.dev
Original file line number Diff line number Diff line change
@@ -4,3 +4,4 @@ SHORTLINK_ALLOWED_HOSTS=localhost,127.0.0.1,::1
SHORTLINK_DB=sqlite://./db.sqlite3
SHORTLINK_OPENID_CLIENT_ID=dev-client-confidential
SHORTLINK_OPENID_CLIENT_SECRET=B18WWl7b6c8UJ0LpQGdhd3FwVjeWco84
SHORTLINK_OPENID_ADMIN_GROUPS=.*
20 changes: 20 additions & 0 deletions src/mafiasi_link_shortener/links/user_mapping.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
from django.conf import settings
from simple_openid_connect.integrations.django.user_mapping import (
FederatedUserData,
UserMapper,
)

from mafiasi_link_shortener.links import models


class MafiasiUserMapper(UserMapper):
def automap_user_attrs(
self, user: models.MafiasiUser, user_data: FederatedUserData
) -> None:
super().automap_user_attrs(user, user_data)

if hasattr(user_data, "groups"):
for group in user_data.groups:
if settings.OPENID_ADMIN_GROUPS.fullmatch(group) is not None:
user.is_superuser = True
user.is_staff = True
6 changes: 4 additions & 2 deletions src/mafiasi_link_shortener/settings.py
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@
For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.1/ref/settings/
"""

import re
from pathlib import Path

import sentry_sdk
@@ -138,9 +138,11 @@
OPENID_ISSUER = env.str(
"SHORTLINK_OPENID_ISSUER", default="https://identity.mafiasi.de/realms/mafiasi"
)
OPENID_SCOPE = "openid shortlinks"
OPENID_SCOPE = "openid groups shortlinks"
OPENID_CLIENT_ID = env.str("SHORTLINK_OPENID_CLIENT_ID")
OPENID_CLIENT_SECRET = env.str("SHORTLINK_OPENID_CLIENT_SECRET")
OPENID_USER_MAPPER = "mafiasi_link_shortener.links.user_mapping.MafiasiUserMapper"
OPENID_ADMIN_GROUPS = re.compile(env.str("SHORTLINK_OPENID_ADMIN_GROUPS"))

# rest framework
REST_FRAMEWORK = {

0 comments on commit a66568b

Please sign in to comment.