add CUT synchronisation as a management command (#22222)
This commit is contained in:
parent
3622d54cf2
commit
6ecdbf370a
16
README
16
README
|
@ -4,6 +4,22 @@ authentic2-gnm
|
|||
Extension module for authentic with various developments that are at the moment
|
||||
at least specific to the GNM project.
|
||||
|
||||
Settings
|
||||
--------
|
||||
|
||||
CUT_API_BASE_URL
|
||||
https://admin-cut-rec.grandlyon.com/api/
|
||||
|
||||
CUT_API_CREDENTIALS
|
||||
('...', '...')
|
||||
|
||||
CUT_GNM_OU_MAPPING
|
||||
{
|
||||
'gl-guichet-numerique-bron': 'hobo-bron',
|
||||
'gl-guichet-numerique-dardilly': 'hobo-dardilly',
|
||||
...
|
||||
}
|
||||
|
||||
|
||||
License
|
||||
-------
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# authentic2_gnm - Authentic2 plugin for GNM
|
||||
# Copyright (C) 2017-2018 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import requests
|
||||
import sys
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core.management.base import BaseCommand
|
||||
|
||||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
def handle(self, *args, **options):
|
||||
User = get_user_model()
|
||||
OU = get_ou_model()
|
||||
|
||||
cut_agents = OIDCProvider.objects.get(name='cut-agents')
|
||||
|
||||
ou_mapping = settings.CUT_GNM_OU_MAPPING
|
||||
|
||||
for ou_cut_slug, ou_gnm_slug in ou_mapping.items():
|
||||
ou_gnm = OU.objects.get(slug=ou_gnm_slug)
|
||||
url = settings.CUT_API_BASE_URL + 'users/?ou__slug=%s' % ou_cut_slug
|
||||
for cut_user_data in requests.get(url, auth=settings.CUT_API_CREDENTIALS).json()['results']:
|
||||
try:
|
||||
# get user with sub
|
||||
user = User.objects.get(oidc_account__provider=cut_agents,
|
||||
oidc_account__sub=cut_user_data['sub'])
|
||||
except User.DoesNotExist:
|
||||
# fallback to getting the user from its (email, ou)
|
||||
try:
|
||||
user = User.objects.get(email=cut_user_data['email'], ou=ou_gnm)
|
||||
except User.DoesNotExist:
|
||||
# uuid?
|
||||
try:
|
||||
user = User.objects.get(uuid=cut_user_data['sub'])
|
||||
except User.DoesNotExist:
|
||||
# at last, create new user
|
||||
print 'creating', cut_user_data['email']
|
||||
user = User()
|
||||
|
||||
if (user.uuid != cut_user_data['sub'] or
|
||||
user.ou != ou_gnm or
|
||||
user.email != cut_user_data['email'] or
|
||||
user.first_name != cut_user_data['first_name'] or
|
||||
user.last_name != cut_user_data['last_name']):
|
||||
# only touch user if there are changes
|
||||
user.uuid = cut_user_data['sub']
|
||||
user.ou = ou_gnm
|
||||
user.email = cut_user_data['email']
|
||||
user.first_name = cut_user_data['first_name']
|
||||
user.last_name = cut_user_data['last_name']
|
||||
user.save()
|
||||
|
||||
OIDCAccount.objects.get_or_create(provider=cut_agents, user=user, sub=cut_user_data['sub'])
|
Reference in New Issue