From 5df6508a98ef058c6203cfa83f13fa221e6a6d05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Fri, 8 May 2015 12:11:47 +0200 Subject: [PATCH 4/4] authentic2 agent: manage profile fields (#7185) --- .../authentic2/management/commands/hobo_deploy.py | 15 +++++++++++++++ hobo/multitenant/settings_loaders.py | 20 +++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/hobo/agent/authentic2/management/commands/hobo_deploy.py b/hobo/agent/authentic2/management/commands/hobo_deploy.py index 17efc57..bcec9c3 100644 --- a/hobo/agent/authentic2/management/commands/hobo_deploy.py +++ b/hobo/agent/authentic2/management/commands/hobo_deploy.py @@ -10,6 +10,7 @@ from django.core.management import call_command from authentic2 import app_settings from authentic2.compat import get_user_model from authentic2.compat_lasso import lasso +from authentic2.models import Attribute from authentic2.saml.models import LibertyProvider, SPOptionsIdPPolicy, SAMLAttribute from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import Group @@ -64,6 +65,20 @@ class Command(hobo_deploy.Command): user.is_superuser = True user.save() + # create/update user attributes + for attribute in hobo_environment.get('profile', {}).get('fields'): + if attribute['name'] in ('first_name', 'last_name', 'email'): + # those fields are hardcoded in the user model + continue + attr, created = Attribute.objects.get_or_create(name=attribute['name']) + for key in ('label', 'description', 'asked_on_registration', + 'user_editable', 'user_visible', 'kind'): + setattr(attr, key, attribute[key]) + if attribute['disabled']: + # don't actively remove attribute, just mark it as not visible + attr.user_visible = False + attr.save() + # creation of IdpPolicy policy, created = SPOptionsIdPPolicy.objects.get_or_create(name='Default') if created: diff --git a/hobo/multitenant/settings_loaders.py b/hobo/multitenant/settings_loaders.py index d9d86de..d4071a4 100644 --- a/hobo/multitenant/settings_loaders.py +++ b/hobo/multitenant/settings_loaders.py @@ -82,9 +82,10 @@ class CORSSettings(FileBaseSettingsLoader): # class Authentic(FileBaseSettingsLoader): - FILENAME = 'hobo.json' # for get_new_time() only + FILENAME = 'hobo.json' def update_settings(self, tenant_settings, tenant): + # update SAML certicates and keys tenant_dir = os.path.join(settings.TENANT_BASE, tenant.domain_url) saml_crt = os.path.join(tenant_dir, 'saml.crt') saml_key = os.path.join(tenant_dir, 'saml.key') @@ -95,6 +96,23 @@ class Authentic(FileBaseSettingsLoader): else: tenant_settings.A2_IDP_SAML2_ENABLE = False + # then other things + path = os.path.join(tenant_dir, self.FILENAME) + if os.path.exists(path): + self.update_settings_from_path(tenant_settings, path) + + def update_settings_from_path(self, tenant_settings, path): + # profile fields + with file(path) as f: + hobo_json = json.load(f) + + fields = hobo_json.get('profile', {}).get('fields') + if fields: + fields.sort(lambda x, y: cmp(x.get('order'), y.get('order'))) + tenant_settings.A2_PROFILE_FIELDS = [x['name'] for x in fields if not x['disabled']] + tenant_settings.A2_REQUIRED_FIELDS = [x['name'] for x in fields if x['required']] + tenant_settings.A2_REGISTRATION_FIELDS = [x['name'] for x in fields if x['asked_on_registration']] + # # Generic loaders (not recommended) -- 2.1.4