diff --git a/demo/config.py b/demo/config.py index 2da03f9..00370d2 100644 --- a/demo/config.py +++ b/demo/config.py @@ -43,5 +43,6 @@ oidc_params = dict( cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None), private_key_file=getenv('OIDC_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json'), organization_id=getenv('OIDC_ORGANIZATION_ID', '311473502274248525'), + project_id=getenv('OIDC_PROJECT_ID', '311473502274248525'), ) diff --git a/demo/env.in b/demo/env.in index 4d831c9..d4f0f74 100644 --- a/demo/env.in +++ b/demo/env.in @@ -13,4 +13,5 @@ OIDC_PROVIDER= OIDC_CLIENT_ID= OIDC_COOKIE_CRYPT= OIDC_ORGANIZATION_ID= +OIDC_PROJECT_ID= diff --git a/scopes/org/user.py b/scopes/org/user.py index fc03143..c2e24e5 100644 --- a/scopes/org/user.py +++ b/scopes/org/user.py @@ -19,8 +19,13 @@ class User: hashedPassword: Optional[str] = None firstName: str = '' lastName: str = '' + displayName: str = '' grants: List[str] = field(default_factory=list) + def __post_init__(self): + if not self.displayName: + self.displayName = ' '.join((self.firstName, self.lastName)) + class ExtUser: """All infos for exchanging user data with an external service. @@ -32,11 +37,14 @@ class ExtUser: provider = 'zitatel' endpoints = dict( users_human='v2/users/human', + #create_authorization='management/v1/zitadel.authorization.v2beta.AuthorizationService/CreateAuthorization', + create_authorization='v2beta/authorizations', ) def __init__(self, user, idPrefix=''): self.user = user self.userId = idPrefix + user.login + self.client = client.ApiClient(config.oidc_provider) def asDict(self): params = config.oidc_params @@ -47,17 +55,17 @@ class ExtUser: profile=dict( givenName=self.user.firstName, familyName=self.user.lastName, + displayName=self.user.displayName, ), organization=dict(orgId=params['organization_id']), ) return data def create(self, updateIfExits=False): - clt = client.ApiClient(config.oidc_provider) data = self.asDict() if self.user.hashedPassword: data['hashedPassword'] = self.user.hashedPassword - status, res = clt.post(self.endpoints['users_human'], data) + status, res = self.client.post(self.endpoints['users_human'], data) if status > 201: if updateIfExits: return self.update() @@ -67,21 +75,28 @@ class ExtUser: return self.createGrants() def update(self, createIfMissing=False): - clt = client.ApiClient(config.oidc_provider) data = self.asDict() if self.user.hashedPassword: data['password'] = dict(hashedPassword=self.user.hashedPassword) - status, res = clt.put(self.endpoints['users_human'], self.userId, data) + status, res = self.client.put(self.endpoints['users_human'], self.userId, data) if status > 200: if createIfMissing: return self.create() else: return status, res if self.user.grants: - return self.updateGrants() + #return self.updateGrants() + groups = ' '.join(self.user.grants) + data = dict(metadata=[dict(key='gloops', value='groups')]) + return self.client.post(f'v2/users/human/{self.userId}/metadata', data) def createGrants(self): - pass + data = dict( + userId=self.userId, + projectId=config.oidc_params['project_id'], + roleKeys=self.user.grants, + ) + return self.client.post(self.endpoints['create_authorization'], data) def updateGrants(self): - pass + self.createGrants() diff --git a/scopes/web/client.py b/scopes/web/client.py index bfd3742..8b877b2 100644 --- a/scopes/web/client.py +++ b/scopes/web/client.py @@ -25,6 +25,7 @@ class ApiClient: def post(self, endpoint, data): headers = self.authentication() headers['Content-Type'] = 'application/json' + headers['Connect-Protocol-Version'] = '1' # self.makeUrl(endpoint) url = '/'.join((self.baseUrl, endpoint)) resp = requests.post(url, json=data, headers=headers) @@ -35,7 +36,7 @@ class ApiClient: def put(self, endpoint, objId, data): headers = self.authentication() headers['Content-Type'] = 'application/json' - # self.makeUrl(endpoint) + # self.makeUrl(endpoint, objId) url = '/'.join((self.baseUrl, endpoint, objId)) resp = requests.put(url, json=data, headers=headers) if resp.status_code >= 400: