From 85c3b6f8387be497c4e9d954ba78aca9c9dc382d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 14 Aug 2020 10:56:11 +0200
Subject: [PATCH] add support for templates in oidc claims (#37774)

---
 src/authentic2_gnm/management/commands/sync-cut.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/authentic2_gnm/management/commands/sync-cut.py b/src/authentic2_gnm/management/commands/sync-cut.py
index 4eaeeda..6cb864a 100644
--- a/src/authentic2_gnm/management/commands/sync-cut.py
+++ b/src/authentic2_gnm/management/commands/sync-cut.py
@@ -27,6 +27,7 @@ from django.core.management.base import BaseCommand
 
 from django_rbac.utils import get_ou_model
 from authentic2.a2_rbac.utils import get_default_ou
+from authentic2.utils.template import Template
 from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
 
 
@@ -71,9 +72,14 @@ class Command(BaseCommand):
             except OIDCAccount.DoesNotExist:
                 continue
             for claim in cut_users.claim_mappings.all():
-                setattr(account.user, claim.attribute, user_dict.get(claim.claim))
+                if '{{' in claim.claim or '{%' in claim.claim:
+                    template = Template(claim.claim)
+                    attribute_value = template.render(context=user_dict)
+                else:
+                    attribute_value = user_dict.get(claim.claim)
+                setattr(account.user, claim.attribute, attribute_value)
                 try:
-                    setattr(account.user.attributes, claim.attribute, user_dict.get(claim.claim))
+                    setattr(account.user.attributes, claim.attribute, attribute_value)
                 except AttributeError:
                     pass
             account.user.save()