From a7c9eb17c558afe26201a0d89d7a89c39b07f661 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 5 Oct 2015 16:30:02 +0200 Subject: [PATCH 4/4] agent/authentic2: add hooks on signals to provision users (#8440) Signals intercepted: - post_save and post_delete on User - post_save and post_delete on Role.members.through --- hobo/agent/authentic2/apps.py | 74 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 70 insertions(+), 4 deletions(-) diff --git a/hobo/agent/authentic2/apps.py b/hobo/agent/authentic2/apps.py index 02db268..b425e54 100644 --- a/hobo/agent/authentic2/apps.py +++ b/hobo/agent/authentic2/apps.py @@ -15,16 +15,18 @@ # along with this program. If not, see . import json +from urlparse import urljoin from django.apps import AppConfig from django.db.models.signals import post_save, post_delete -from django.db.models import Q from django.conf import settings +from django.contrib.auth import get_user_model +from django.db import connection +from django.core.urlresolvers import reverse from django_rbac.utils import get_role_model from hobo.agent.common import notify_agents -from authentic2.utils import to_list from authentic2.saml.models import LibertyProvider @@ -57,7 +59,8 @@ def get_related_roles(role_or_through): role.emails = [] role.emails_to_members = False for attribute in role.attributes.all(): - if attribute.name in ('emails', 'emails_to_members') and attribute.kind == 'json': + if attribute.name in ('emails', 'emails_to_members') \ + and attribute.kind == 'json': setattr(role, attribute.name, json.loads(attribute.value)) return qs @@ -83,6 +86,61 @@ def notify_roles(sender, instance, **kwargs): }) +def get_entity_id(): + tenant = getattr(connection, 'tenant', None) + assert tenant + base_url = tenant.get_base_url() + return urljoin(base_url, reverse('a2-idp-saml-metadata')) + + +def provision_user(sender, user, **kwargs): + notify_agents({ + '@type': 'provision', + 'issuer': unicode(get_entity_id()), + 'audience': get_audience(user), + 'full': True, + 'objects': { + '@type': 'user', + 'data': [ + { + 'uuid': user.uuid, + 'username': user.username, + 'first_name': user.first_name, + 'description': user.last_name, + 'email': user.email, + 'roles': [ + { + 'uuid': role.uuid, + 'name': role.name, + 'slug': role.slug, + } for role in user.roles_and_parents()], + } + ], + } + }) + + +def deprovision_user(sender, user, **kwargs): + notify_agents({ + '@type': 'deprovision', + 'issuer': unicode(get_entity_id()), + 'audience': get_audience(user), + 'full': True, + 'objects': { + '@type': 'user', + 'data': [ + { + 'uuid': user.uuid, + } + ], + } + }) + + +def provision_user_on_role_change(sender, role_member, **kwargs): + provision_user(sender, role_member.user) + + class Authentic2AgentConfig(AppConfig): name = 'hobo.agent.authentic2' label = 'authentic2_agent' @@ -95,4 +153,12 @@ class Authentic2AgentConfig(AppConfig): post_delete.connect(notify_roles, Role) post_save.connect(notify_roles, Role.members.through) post_delete.connect(notify_roles, Role.members.through) - settings.A2_MANAGER_ROLE_FORM_CLASS = 'hobo.agent.authentic2.role_forms.RoleForm' + User = get_user_model() + post_save.connect(provision_user, User) + post_delete.connect(deprovision_user, User) + post_save.connect(provision_user_on_role_change, + Role.members.through) + post_delete.connect(provision_user_on_role_change, + Role.members.through) + settings.A2_MANAGER_ROLE_FORM_CLASS = \ + 'hobo.agent.authentic2.role_forms.RoleForm' -- 2.1.4