add CUT synchronisation as a management command (#22222)

README

@@ -4,6 +4,22 @@ authentic2-gnm
 Extension module for authentic with various developments that are at the moment
 at least specific to the GNM project.
 
+Settings
+--------
+
+CUT_API_BASE_URL
+  https://admin-cut-rec.grandlyon.com/api/
+
+CUT_API_CREDENTIALS
+  ('...', '...')
+
+CUT_GNM_OU_MAPPING
+  {
+   'gl-guichet-numerique-bron': 'hobo-bron',
+   'gl-guichet-numerique-dardilly': 'hobo-dardilly',
+   ...
+  }
+
 
 License
 -------

src/authentic2_gnm/management/commands/sync-cut.py

@@ -0,0 +1,72 @@
+# authentic2_gnm - Authentic2 plugin for GNM
+# Copyright (C) 2017-2018  Entr'ouvert
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import requests
+import sys
+
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.core.management.base import BaseCommand
+
+from django_rbac.utils import get_ou_model
+from authentic2.a2_rbac.utils import get_default_ou
+from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
+
+
+class Command(BaseCommand):
+    def handle(self, *args, **options):
+        User = get_user_model()
+        OU = get_ou_model()
+
+        cut_agents = OIDCProvider.objects.get(name='cut-agents')
+
+        ou_mapping = settings.CUT_GNM_OU_MAPPING
+
+        for ou_cut_slug, ou_gnm_slug in ou_mapping.items():
+            ou_gnm = OU.objects.get(slug=ou_gnm_slug)
+            url = settings.CUT_API_BASE_URL + 'users/?ou__slug=%s' % ou_cut_slug
+            for cut_user_data in requests.get(url, auth=settings.CUT_API_CREDENTIALS).json()['results']:
+                try:
+                    # get user with sub
+                    user = User.objects.get(oidc_account__provider=cut_agents,
+                                            oidc_account__sub=cut_user_data['sub'])
+                except User.DoesNotExist:
+                    # fallback to getting the user from its (email, ou)
+                    try:
+                        user = User.objects.get(email=cut_user_data['email'], ou=ou_gnm)
+                    except User.DoesNotExist:
+                        # uuid?
+                        try:
+                            user = User.objects.get(uuid=cut_user_data['sub'])
+                        except User.DoesNotExist:
+                            # at last, create new user
+                            print 'creating', cut_user_data['email']
+                            user = User()
+
+                if (user.uuid != cut_user_data['sub'] or
+                        user.ou != ou_gnm or
+                        user.email != cut_user_data['email'] or
+                        user.first_name != cut_user_data['first_name'] or
+                        user.last_name != cut_user_data['last_name']):
+                    # only touch user if there are changes
+                    user.uuid = cut_user_data['sub']
+                    user.ou = ou_gnm
+                    user.email = cut_user_data['email']
+                    user.first_name = cut_user_data['first_name']
+                    user.last_name = cut_user_data['last_name']
+                    user.save()
+
+                OIDCAccount.objects.get_or_create(provider=cut_agents, user=user, sub=cut_user_data['sub'])