Person: createExtUser (with zitadel) basically working
This commit is contained in:
parent
cab2d09737
commit
9bfdbc71c2
5 changed files with 27 additions and 23 deletions
19
config.py
19
config.py
|
|
@ -1,19 +0,0 @@
|
||||||
# loops/config.py
|
|
||||||
# (used for testing only)
|
|
||||||
|
|
||||||
from dotenv import load_dotenv
|
|
||||||
from os import getenv
|
|
||||||
|
|
||||||
load_dotenv()
|
|
||||||
|
|
||||||
server_port = getenv('SERVER_PORT', '8099')
|
|
||||||
|
|
||||||
app_factory = zope_app_factory
|
|
||||||
|
|
||||||
# storage settings
|
|
||||||
dbengine = 'postgresql+psycopg'
|
|
||||||
dbname = getenv('DBNAME', 'demo')
|
|
||||||
dbuser = getenv('DBUSER', 'demo')
|
|
||||||
dbpassword = getenv('DBPASSWORD', 'secret')
|
|
||||||
dbschema = getenv('DBSCHEMA', 'demo')
|
|
||||||
|
|
||||||
|
|
@ -36,6 +36,9 @@ oidc_params = dict(
|
||||||
cookie_name=getenv('OIDC_COOKIE_NAME', 'oidc_' + oidc_client_id),
|
cookie_name=getenv('OIDC_COOKIE_NAME', 'oidc_' + oidc_client_id),
|
||||||
cookie_domain=getenv('OIDC_COOKIE_DOMAIN', None),
|
cookie_domain=getenv('OIDC_COOKIE_DOMAIN', None),
|
||||||
cookie_lifetime=getenv('OIDC_COOKIE_LIFETIME', '86400'),
|
cookie_lifetime=getenv('OIDC_COOKIE_LIFETIME', '86400'),
|
||||||
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None)
|
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None),
|
||||||
|
private_key_file=getenv('OIDC_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json'),
|
||||||
|
organization_id=getenv('OIDC_ORGANIZATION_ID', '12346'),
|
||||||
|
project_id=getenv('OIDC_PROJECT_ID', '12347'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ from loops.concept import Concept
|
||||||
from loops.interfaces import IConcept
|
from loops.interfaces import IConcept
|
||||||
from loops.organize.interfaces import IAddress, IPerson, IHasRole
|
from loops.organize.interfaces import IAddress, IPerson, IHasRole
|
||||||
from loops.organize.interfaces import ANNOTATION_KEY
|
from loops.organize.interfaces import ANNOTATION_KEY
|
||||||
from loops.organize.util import getPrincipalForUserId
|
from loops.organize.util import getInternalPrincipal, getPrincipalForUserId
|
||||||
from loops.predicate import RelationAdapter
|
from loops.predicate import RelationAdapter
|
||||||
from loops.predicate import PredicateInterfaceSourceList
|
from loops.predicate import PredicateInterfaceSourceList
|
||||||
from loops.security.common import assignOwner, removeOwner, allowEditingForOwner
|
from loops.security.common import assignOwner, removeOwner, allowEditingForOwner
|
||||||
|
|
@ -81,8 +81,22 @@ class Person(AdapterBase, BasePerson):
|
||||||
_contextAttributes = list(IPerson) + list(IConcept)
|
_contextAttributes = list(IPerson) + list(IConcept)
|
||||||
|
|
||||||
def createExtUser(self, userId):
|
def createExtUser(self, userId):
|
||||||
from scopes.org import user
|
import config
|
||||||
|
params = getattr(config, 'oidc_params', None)
|
||||||
|
if params is None:
|
||||||
|
return
|
||||||
#print('*** Person.createExtUser', userId)
|
#print('*** Person.createExtUser', userId)
|
||||||
|
from scopes.org import user
|
||||||
|
try:
|
||||||
|
prc = getInternalPrincipal(userId, self.context)
|
||||||
|
except ValueError: # may happen during testing
|
||||||
|
#print('*** PAU not available, userId:', userId)
|
||||||
|
return
|
||||||
|
u = user.User(prc.login, self.email, #prc.password,
|
||||||
|
firstName=self.firstName or '',
|
||||||
|
lastName=self.lastName or '')
|
||||||
|
xu = user.ExtUser(u, prc.__parent__.prefix)
|
||||||
|
xu.create(True)
|
||||||
|
|
||||||
def getUserId(self):
|
def getUserId(self):
|
||||||
return getattr(self.context, '_userId', None)
|
return getattr(self.context, '_userId', None)
|
||||||
|
|
@ -116,6 +130,7 @@ class Person(AdapterBase, BasePerson):
|
||||||
setter.propagateSecurity()
|
setter.propagateSecurity()
|
||||||
allowEditingForOwner(self.context, revert=not userId) # why this?
|
allowEditingForOwner(self.context, revert=not userId) # why this?
|
||||||
if not oldUserId:
|
if not oldUserId:
|
||||||
|
pass
|
||||||
self.createExtUser(userId)
|
self.createExtUser(userId)
|
||||||
userId = property(getUserId, setUserId)
|
userId = property(getUserId, setUserId)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,12 +33,16 @@ oidc_params = dict(
|
||||||
op_config_url=oidc_provider + '/.well-known/openid-configuration',
|
op_config_url=oidc_provider + '/.well-known/openid-configuration',
|
||||||
op_uris=None,
|
op_uris=None,
|
||||||
op_keys=None,
|
op_keys=None,
|
||||||
|
op_project_scope='urn:zitadel:iam:org:project:id:zitadel:aud',
|
||||||
callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth/callback'),
|
callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth/callback'),
|
||||||
client_id=oidc_client_id,
|
client_id=oidc_client_id,
|
||||||
principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'),
|
principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'),
|
||||||
cookie_name=getenv('OIDC_COOKIE_NAME', 'oidc_' + oidc_client_id),
|
cookie_name=getenv('OIDC_COOKIE_NAME', 'oidc_' + oidc_client_id),
|
||||||
cookie_domain=getenv('OIDC_COOKIE_DOMAIN', None),
|
cookie_domain=getenv('OIDC_COOKIE_DOMAIN', None),
|
||||||
cookie_lifetime=getenv('OIDC_COOKIE_LIFETIME', '86400'),
|
cookie_lifetime=getenv('OIDC_COOKIE_LIFETIME', '86400'),
|
||||||
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None)
|
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None),
|
||||||
|
private_key_file=getenv('OIDC_SERVICE_USER_PRIVATE_KEY_FILE',
|
||||||
|
'loops/tests/test-private-key.json'),
|
||||||
|
organization_id=getenv('OIDC_ORGANIZATION_ID', '12346'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
1
loops/tests/test-private-key.json
Normal file
1
loops/tests/test-private-key.json
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
{"type":"serviceaccount","keyId":"314794985486606157","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA0dC8wcwu6Uefxx/shqsSTk//ATseeCy28RMAEa4NFGj/y8Ju\nOfVUj7pB5+6onjmsBAHXhCJ+fEWWAJdHnbvywrBNNhVx38f8v+90zUP2IzlT1UDp\ncTIYaehnf3+uqwgMcijnYJ6UgaHFMSecxnYD4adnw8J/FEMDgy2N+v5krp989VQ5\nT2kgrkb/l5z8dgLhmmcLKm7YCG1uXXP+g+qzEZ9Uhur5b+czjIalzC/tq2V2JoJB\nooH9w1iaRXRKel7FZPo0YGyQh/0a9Zn5JsXVc3YTHTKh9madr/yQqmk+6siTl/Ou\ntz9mvpY+AfFRaIWikoyB3W9rHd0b6WtQPflEPwIDAQABAoIBAAN64daZC2IlJPpJ\nhkPJjJkt7H3ZvCykGTiwZvzkFSV0hGGdzPQ7JHbp0PQG2lcdf8PlP+zaIZzwDofd\n+nscRe+CuxUdj/D1QTTxxM8uxGNbLQ/JbtXIzezbxPOxa3U8wfAWy5enqbDovPuO\nu6PzCydv/mGZ1T/ByMohNEyocYUP6mupHWwf2hN/lnrL264w8uvNjAw0xDtbtBJN\nX61u6vi/fiY37qKblN3irAePwK4LIhHZZoyJ1HrFYIkFf0Bviuzpw/ASVqbjizPV\nmTxGxghiQacAMvSSe+pcfJ7ip74rCFv7+6pzL+yW8df1lbSM9vS+86SDgY9RCc2E\n3h1/hUECgYEA/WqiWNXey25qCNB6WHo3SU5cZIZVNWzsT1zkwkXOUtEyU0/zEfT+\nEjW/vbxIBgZNV1tX2aXd7Ke5OCoQ1dqLnmDoO5d13xTeaWN3FR8ibTwbaDCwyg5d\njyIXK2k7IwtcpJFgJFGM/6udAdO/bPm1IPEslJXHBqZoGrKb+bTw6N8CgYEA0/RQ\nHtQluQYBtXNzEql0MaxBUxfHkwjL6Yo6dM+EJAomI+cccVy22s+z2aQX5GVQnbzs\nm9BGkJzzn7eGPy3i2LgStqUZ2W7VqfIJNCIDbC7OxBAaszh5/LEgv5pfp1Yr/HIf\nwHZz53rdV8H+oUfMJdlyrRyGOeGIDZCd94nTMKECgYAQOpT9BW1IL+EAgYFkSydh\nPXBzS5sHWdtkVbmcq2XELfuAFF2np73hoqmN2BHwuNSZJJNir9mffzpAW4lKeL16\nPhCBSHjW+Xoo26LTqnPE9RV4Pa4EspjRQsijEhEkdGTRcTHsAYD7Gp1qcYoPy4oK\n+wb02Qau6Vc/ZnLQsgK/lwKBgQDMLSGxUPQ11E95GAnWBF7mKuWSwemC/opQItRF\nClJk1VIAa/W+Tm3nQwYhti0920tZaFEVmAEh9c/KH+S2n+FSm5+LSmgoSNiSqZGs\nIsfhQwXzYQAXfWQlxAukB3X1oNEmkll78Z+dcYIfs8UyYBOMsngBwuSahWOmjZVe\ni+phgQKBgC0ozpbIcNg48M4/Rrev3qJB7XlU74MySsFJdBhlrzmK3+z02bXWbyaJ\nzQLwC6Dorw0PcWAKtcJcbBn6ZAoptcmG6wdQrYk1IC+82TDcNvAFL06y8OXHYLtu\ni5AiE4nK1waoDF/1I66VACyKI6hhISRW3bKaxHhrx5OsGKVurF4R\n-----END RSA PRIVATE KEY-----\n","expirationDate":"9999-12-31T23:59:59Z","userId":"311889729668833101"}
|
||||||
Loading…
Add table
Reference in a new issue