diff --git a/ephios/core/migrations/0030_identityprovider_internal_name_and_more.py b/ephios/core/migrations/0030_identityprovider_internal_name_and_more.py index 86df8d1b1..4c6f02d5f 100644 --- a/ephios/core/migrations/0030_identityprovider_internal_name_and_more.py +++ b/ephios/core/migrations/0030_identityprovider_internal_name_and_more.py @@ -1,8 +1,13 @@ # Generated by Django 5.0.8 on 2024-11-22 09:25 from django.db import migrations, models -from django.db.models import Value -from django.db.models.functions import Concat, Random, Round + + +def set_idp_internal_names(apps, schema_editor): + IdentityProvider = apps.get_model("core", "IdentityProvider") + for idp in IdentityProvider.objects.all(): + idp.internal_name = idp.label + idp.save() class Migration(migrations.Migration): @@ -16,10 +21,9 @@ class Migration(migrations.Migration): model_name="identityprovider", name="internal_name", field=models.CharField( - db_default=Concat(Value("Identity Provider "), (Round(Random() * Value(10000)))), help_text="Internal name for this provider.", max_length=255, - unique=True, + unique=False, verbose_name="internal name", ), ), @@ -38,6 +42,7 @@ class Migration(migrations.Migration): name="qualification_codename_to_uuid", field=models.JSONField( default=dict, + blank=True, help_text="A json encoded dictionary containing mappings of qualification names as they appear in thequalification claim to the qualification uuid. If a key is not found, use the key directly.", verbose_name="qualification codename to uuid", ), @@ -54,4 +59,5 @@ class Migration(migrations.Migration): ), preserve_default=False, ), + migrations.RunPython(set_idp_internal_names), ] diff --git a/ephios/core/migrations/0031_qualificationgrant_externally_managed_and_more.py b/ephios/core/migrations/0031_qualificationgrant_externally_managed_and_more.py index ec7d0c483..903cfbde3 100644 --- a/ephios/core/migrations/0031_qualificationgrant_externally_managed_and_more.py +++ b/ephios/core/migrations/0031_qualificationgrant_externally_managed_and_more.py @@ -1,4 +1,4 @@ -# Generated by Django 5.0.8 on 2024-11-23 12:48 +# Generated by Django 5.0.9 on 2024-11-24 21:52 from django.db import migrations, models @@ -6,7 +6,6 @@ class Migration(migrations.Migration): dependencies = [ - ("auth", "0012_alter_user_first_name_max_length"), ("core", "0030_identityprovider_internal_name_and_more"), ] @@ -20,16 +19,6 @@ class Migration(migrations.Migration): verbose_name="externally managed", ), ), - migrations.AlterField( - model_name="identityprovider", - name="default_groups", - field=models.ManyToManyField( - blank=True, - help_text="The groups that users logging in with this provider will be added to. ", - to="auth.group", - verbose_name="default groups", - ), - ), migrations.AlterField( model_name="identityprovider", name="internal_name", diff --git a/ephios/core/models/users.py b/ephios/core/models/users.py index 1d2be1bc1..272bd187a 100644 --- a/ephios/core/models/users.py +++ b/ephios/core/models/users.py @@ -647,6 +647,7 @@ class IdentityProvider(Model): "qualification claim to the qualification uuid. If a key is not found, use the key directly." ), default=dict, + blank=True, ) def __str__(self): diff --git a/ephios/extra/auth.py b/ephios/extra/auth.py index 20b04a8d7..3e455d67a 100644 --- a/ephios/extra/auth.py +++ b/ephios/extra/auth.py @@ -49,50 +49,50 @@ def update_user(self, user, claims): except ValueError: pass user.save() + self._update_user_groups(user, claims) + self._update_user_qualifications(user, claims) + oidc_update_user.send(self, user=user, claims=claims, provider=self.provider) + return user - if self.provider.group_claim: - groups = set(self.provider.default_groups.all()) - groups_in_claims = dotted_get(claims, self.provider.group_claim, []) - for group_name in groups_in_claims: - try: - groups.add(Group.objects.get(name__iexact=group_name)) - except Group.DoesNotExist: - if self.provider.create_missing_groups: - groups.add(Group.objects.create(name=group_name)) - user.groups.set(groups) - else: - user.groups.add(*self.provider.default_groups.all()) - - if self.provider.qualification_claim: - target_qualification_uuids = [] - for codename in dotted_get(claims, self.provider.qualification_claim, []): - try: - target_qualification_uuids.append( - uuid.UUID( - str( - self.provider.qualification_codename_to_uuid.get(codename, codename) - ) - ) + def _update_user_qualifications(self, user, claims): + if not self.provider.qualification_claim: + return + target_qualification_uuids = [] + for codename in dotted_get(claims, self.provider.qualification_claim, []): + try: + target_qualification_uuids.append( + uuid.UUID( + str(self.provider.qualification_codename_to_uuid.get(codename, codename)) ) - except ValueError: - pass + ) + except ValueError: + pass - target_qualifications = Qualification.objects.filter( - uuid__in=target_qualification_uuids - ) - QualificationGrant.objects.filter( + target_qualifications = Qualification.objects.filter(uuid__in=target_qualification_uuids) + QualificationGrant.objects.filter( + user=user, + externally_managed=True, + ).exclude(qualification__in=target_qualifications).delete() + for qualification in target_qualifications: + QualificationGrant.objects.get_or_create( + defaults={"expires": None, "externally_managed": True}, user=user, - externally_managed=True, - ).exclude(qualification__in=target_qualifications).delete() - for qualification in target_qualifications: - QualificationGrant.objects.get_or_create( - defaults={"expires": None, "externally_managed": True}, - user=user, - qualification=qualification, - ) + qualification=qualification, + ) - oidc_update_user.send(self, user=user, claims=claims, provider=self.provider) - return user + def _update_user_groups(self, user, claims): + if not self.provider.group_claim: + user.groups.add(*self.provider.default_groups.all()) + return + groups = set(self.provider.default_groups.all()) + groups_in_claims = dotted_get(claims, self.provider.group_claim, []) + for group_name in groups_in_claims: + try: + groups.add(Group.objects.get(name__iexact=group_name)) + except Group.DoesNotExist: + if self.provider.create_missing_groups: + groups.add(Group.objects.create(name=group_name)) + user.groups.set(groups) def authenticate(self, request, username=None, password=None, **kwargs): try: