From a3404fe5d3ec6f5a44fadea3d80ccacbcffaf02d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Fri, 8 May 2015 12:11:47 +0200 Subject: [PATCH 4/4] authentic2 agent: manage profile fields (#7185) --- .../authentic2/management/commands/hobo_deploy.py | 49 +++++++++++++++++----- hobo/multitenant/settings_loaders.py | 20 ++++++++- 2 files changed, 57 insertions(+), 12 deletions(-) diff --git a/hobo/agent/authentic2/management/commands/hobo_deploy.py b/hobo/agent/authentic2/management/commands/hobo_deploy.py index 17efc57..21c736b 100644 --- a/hobo/agent/authentic2/management/commands/hobo_deploy.py +++ b/hobo/agent/authentic2/management/commands/hobo_deploy.py @@ -10,6 +10,7 @@ from django.core.management import call_command from authentic2 import app_settings from authentic2.compat import get_user_model from authentic2.compat_lasso import lasso +from authentic2.models import Attribute from authentic2.saml.models import LibertyProvider, SPOptionsIdPPolicy, SAMLAttribute from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import Group @@ -64,6 +65,28 @@ class Command(hobo_deploy.Command): user.is_superuser = True user.save() + # create/update user attributes + fields = [] + disabled_fields = [] + for attribute in hobo_environment.get('profile', {}).get('fields'): + if attribute['name'] in ('first_name', 'last_name', 'email'): + # those fields are hardcoded in the user model + continue + attr, created = Attribute.objects.get_or_create(name=attribute['name']) + for key in ('label', 'description', 'asked_on_registration', + 'user_editable', 'user_visible', 'kind'): + setattr(attr, key, attribute[key]) + if attribute['disabled']: + # don't actively remove attribute, just make sure it never + # gets displayed + attr.user_visible = False + attr.user_editable = False + attr.asked_on_registration = False + disabled_fields.append(attr.name) + else: + fields.append(attr.name) + attr.save() + # creation of IdpPolicy policy, created = SPOptionsIdPPolicy.objects.get_or_create(name='Default') if created: @@ -72,20 +95,24 @@ class Command(hobo_deploy.Command): policy.accepted_name_id_format = ['username', 'persistent', 'email'] policy.save() - policy_type = ContentType.objects.get_for_model(SPOptionsIdPPolicy) - # create SAML default policy attributes - for name in ('username', 'first_name', 'last_name', 'email', 'is_superuser'): - SAMLAttribute.objects.get_or_create(name=name, - name_format='basic', - attribute_name='django_user_%s' % name, - object_id=policy.id, - content_type=policy_type - ) - SAMLAttribute.objects.get_or_create(name='role', + policy_type = ContentType.objects.get_for_model(SPOptionsIdPPolicy) + + # create SAML default policy attributes + for name in ['username', 'is_superuser'] + fields + disabled_fields: + attribute, created = SAMLAttribute.objects.get_or_create(name=name, name_format='basic', - attribute_name='django_user_group_names', + attribute_name='django_user_%s' % name, object_id=policy.id, content_type=policy_type + ) + attribute.enabled = not (name in disabled_fields) + attribute.save() + + SAMLAttribute.objects.get_or_create(name='role', + name_format='basic', + attribute_name='django_user_group_names', + object_id=policy.id, + content_type=policy_type ) # create or update Service Providers diff --git a/hobo/multitenant/settings_loaders.py b/hobo/multitenant/settings_loaders.py index d9d86de..d4071a4 100644 --- a/hobo/multitenant/settings_loaders.py +++ b/hobo/multitenant/settings_loaders.py @@ -82,9 +82,10 @@ class CORSSettings(FileBaseSettingsLoader): # class Authentic(FileBaseSettingsLoader): - FILENAME = 'hobo.json' # for get_new_time() only + FILENAME = 'hobo.json' def update_settings(self, tenant_settings, tenant): + # update SAML certicates and keys tenant_dir = os.path.join(settings.TENANT_BASE, tenant.domain_url) saml_crt = os.path.join(tenant_dir, 'saml.crt') saml_key = os.path.join(tenant_dir, 'saml.key') @@ -95,6 +96,23 @@ class Authentic(FileBaseSettingsLoader): else: tenant_settings.A2_IDP_SAML2_ENABLE = False + # then other things + path = os.path.join(tenant_dir, self.FILENAME) + if os.path.exists(path): + self.update_settings_from_path(tenant_settings, path) + + def update_settings_from_path(self, tenant_settings, path): + # profile fields + with file(path) as f: + hobo_json = json.load(f) + + fields = hobo_json.get('profile', {}).get('fields') + if fields: + fields.sort(lambda x, y: cmp(x.get('order'), y.get('order'))) + tenant_settings.A2_PROFILE_FIELDS = [x['name'] for x in fields if not x['disabled']] + tenant_settings.A2_REQUIRED_FIELDS = [x['name'] for x in fields if x['required']] + tenant_settings.A2_REGISTRATION_FIELDS = [x['name'] for x in fields if x['asked_on_registration']] + # # Generic loaders (not recommended) -- 2.1.4