add support for templates in oidc claims (#37774)

2020-08-14 10:56:11 +02:00 · 2020-08-14 10:56:11 +02:00 · 85c3b6f838
parent 88096a2eca
commit 85c3b6f838
1 changed files with 8 additions and 2 deletions
--- a/src/authentic2_gnm/management/commands/sync-cut.py
+++ b/src/authentic2_gnm/management/commands/sync-cut.py
@ -27,6 +27,7 @@ from django.core.management.base import BaseCommand

 from django_rbac.utils import get_ou_model
 from authentic2.a2_rbac.utils import get_default_ou
+from authentic2.utils.template import Template
 from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount


@ -71,9 +72,14 @@ class Command(BaseCommand):
            except OIDCAccount.DoesNotExist:
                continue
            for claim in cut_users.claim_mappings.all():
-                setattr(account.user, claim.attribute, user_dict.get(claim.claim))
+                if '{{' in claim.claim or '{%' in claim.claim:
+                    template = Template(claim.claim)
+                    attribute_value = template.render(context=user_dict)
+                else:
+                    attribute_value = user_dict.get(claim.claim)
+                setattr(account.user, claim.attribute, attribute_value)
                try:
-                    setattr(account.user.attributes, claim.attribute, user_dict.get(claim.claim))
+                    setattr(account.user.attributes, claim.attribute, attribute_value)
                except AttributeError:
                    pass
            account.user.save()