diff --git a/README b/README index 6867da7..6f33dd3 100644 --- a/README +++ b/README @@ -4,6 +4,22 @@ authentic2-gnm Extension module for authentic with various developments that are at the moment at least specific to the GNM project. +Settings +-------- + +CUT_API_BASE_URL + https://admin-cut-rec.grandlyon.com/api/ + +CUT_API_CREDENTIALS + ('...', '...') + +CUT_GNM_OU_MAPPING + { + 'gl-guichet-numerique-bron': 'hobo-bron', + 'gl-guichet-numerique-dardilly': 'hobo-dardilly', + ... + } + License ------- diff --git a/src/authentic2_gnm/management/__init__.py b/src/authentic2_gnm/management/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/authentic2_gnm/management/commands/__init__.py b/src/authentic2_gnm/management/commands/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/authentic2_gnm/management/commands/sync-cut.py b/src/authentic2_gnm/management/commands/sync-cut.py new file mode 100644 index 0000000..d1095ff --- /dev/null +++ b/src/authentic2_gnm/management/commands/sync-cut.py @@ -0,0 +1,72 @@ +# authentic2_gnm - Authentic2 plugin for GNM +# Copyright (C) 2017-2018 Entr'ouvert +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import requests +import sys + +from django.conf import settings +from django.contrib.auth import get_user_model +from django.core.management.base import BaseCommand + +from django_rbac.utils import get_ou_model +from authentic2.a2_rbac.utils import get_default_ou +from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount + + +class Command(BaseCommand): + def handle(self, *args, **options): + User = get_user_model() + OU = get_ou_model() + + cut_agents = OIDCProvider.objects.get(name='cut-agents') + + ou_mapping = settings.CUT_GNM_OU_MAPPING + + for ou_cut_slug, ou_gnm_slug in ou_mapping.items(): + ou_gnm = OU.objects.get(slug=ou_gnm_slug) + url = settings.CUT_API_BASE_URL + 'users/?ou__slug=%s' % ou_cut_slug + for cut_user_data in requests.get(url, auth=settings.CUT_API_CREDENTIALS).json()['results']: + try: + # get user with sub + user = User.objects.get(oidc_account__provider=cut_agents, + oidc_account__sub=cut_user_data['sub']) + except User.DoesNotExist: + # fallback to getting the user from its (email, ou) + try: + user = User.objects.get(email=cut_user_data['email'], ou=ou_gnm) + except User.DoesNotExist: + # uuid? + try: + user = User.objects.get(uuid=cut_user_data['sub']) + except User.DoesNotExist: + # at last, create new user + print 'creating', cut_user_data['email'] + user = User() + + if (user.uuid != cut_user_data['sub'] or + user.ou != ou_gnm or + user.email != cut_user_data['email'] or + user.first_name != cut_user_data['first_name'] or + user.last_name != cut_user_data['last_name']): + # only touch user if there are changes + user.uuid = cut_user_data['sub'] + user.ou = ou_gnm + user.email = cut_user_data['email'] + user.first_name = cut_user_data['first_name'] + user.last_name = cut_user_data['last_name'] + user.save() + + OIDCAccount.objects.get_or_create(provider=cut_agents, user=user, sub=cut_user_data['sub'])