cco/py-scopes
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

org.user: save intermediate state (create / update grants not working: 404 Not Found)

Browse source
This commit is contained in:
Helmut Merz 2025-08-06 09:45:56 +02:00
parent 3e43c25d84
commit 775603046a
4 changed files with 26 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
demo/config.py
View file

@ -43,5 +43,6 @@ oidc_params = dict(
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None), cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None),
private_key_file=getenv('OIDC_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json'), private_key_file=getenv('OIDC_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json'),
organization_id=getenv('OIDC_ORGANIZATION_ID', '311473502274248525'), organization_id=getenv('OIDC_ORGANIZATION_ID', '311473502274248525'),
project_id=getenv('OIDC_PROJECT_ID', '311473502274248525'),
) )

1
demo/env.in
View file

@ -13,4 +13,5 @@ OIDC_PROVIDER=
OIDC_CLIENT_ID= OIDC_CLIENT_ID=
OIDC_COOKIE_CRYPT= OIDC_COOKIE_CRYPT=
OIDC_ORGANIZATION_ID= OIDC_ORGANIZATION_ID=
OIDC_PROJECT_ID=

29
scopes/org/user.py
View file

@ -19,8 +19,13 @@ class User:
hashedPassword: Optional[str] = None hashedPassword: Optional[str] = None
firstName: str = '' firstName: str = ''
lastName: str = '' lastName: str = ''
displayName: str = ''
grants: List[str] = field(default_factory=list) grants: List[str] = field(default_factory=list)
def __post_init__(self):
if not self.displayName:
self.displayName = ' '.join((self.firstName, self.lastName))
class ExtUser: class ExtUser:
"""All infos for exchanging user data with an external service. """All infos for exchanging user data with an external service.
@ -32,11 +37,14 @@ class ExtUser:
provider = 'zitatel' provider = 'zitatel'
endpoints = dict( endpoints = dict(
users_human='v2/users/human', users_human='v2/users/human',
#create_authorization='management/v1/zitadel.authorization.v2beta.AuthorizationService/CreateAuthorization',
create_authorization='v2beta/authorizations',
) )
def __init__(self, user, idPrefix=''): def __init__(self, user, idPrefix=''):
self.user = user self.user = user
self.userId = idPrefix + user.login self.userId = idPrefix + user.login
self.client = client.ApiClient(config.oidc_provider)
def asDict(self): def asDict(self):
params = config.oidc_params params = config.oidc_params
@ -47,17 +55,17 @@ class ExtUser:
profile=dict( profile=dict(
givenName=self.user.firstName, givenName=self.user.firstName,
familyName=self.user.lastName, familyName=self.user.lastName,
displayName=self.user.displayName,
), ),
organization=dict(orgId=params['organization_id']), organization=dict(orgId=params['organization_id']),
) )
return data return data
def create(self, updateIfExits=False): def create(self, updateIfExits=False):
clt = client.ApiClient(config.oidc_provider)
data = self.asDict() data = self.asDict()
if self.user.hashedPassword: if self.user.hashedPassword:
data['hashedPassword'] = self.user.hashedPassword data['hashedPassword'] = self.user.hashedPassword
status, res = clt.post(self.endpoints['users_human'], data) status, res = self.client.post(self.endpoints['users_human'], data)
if status > 201: if status > 201:
if updateIfExits: if updateIfExits:
return self.update() return self.update()
@ -67,21 +75,28 @@ class ExtUser:
return self.createGrants() return self.createGrants()
def update(self, createIfMissing=False): def update(self, createIfMissing=False):
clt = client.ApiClient(config.oidc_provider)
data = self.asDict() data = self.asDict()
if self.user.hashedPassword: if self.user.hashedPassword:
data['password'] = dict(hashedPassword=self.user.hashedPassword) data['password'] = dict(hashedPassword=self.user.hashedPassword)
status, res = clt.put(self.endpoints['users_human'], self.userId, data) status, res = self.client.put(self.endpoints['users_human'], self.userId, data)
if status > 200: if status > 200:
if createIfMissing: if createIfMissing:
return self.create() return self.create()
else: else:
return status, res return status, res
if self.user.grants: if self.user.grants:
return self.updateGrants() #return self.updateGrants()
groups = ' '.join(self.user.grants)
data = dict(metadata=[dict(key='gloops', value='groups')])
return self.client.post(f'v2/users/human/{self.userId}/metadata', data)
def createGrants(self): def createGrants(self):
pass data = dict(
userId=self.userId,
projectId=config.oidc_params['project_id'],
roleKeys=self.user.grants,
)
return self.client.post(self.endpoints['create_authorization'], data)
def updateGrants(self): def updateGrants(self):
pass self.createGrants()

3
scopes/web/client.py
View file

@ -25,6 +25,7 @@ class ApiClient:
def post(self, endpoint, data): def post(self, endpoint, data):
headers = self.authentication() headers = self.authentication()
headers['Content-Type'] = 'application/json' headers['Content-Type'] = 'application/json'
headers['Connect-Protocol-Version'] = '1'
# self.makeUrl(endpoint) # self.makeUrl(endpoint)
url = '/'.join((self.baseUrl, endpoint)) url = '/'.join((self.baseUrl, endpoint))
resp = requests.post(url, json=data, headers=headers) resp = requests.post(url, json=data, headers=headers)
@ -35,7 +36,7 @@ class ApiClient:
def put(self, endpoint, objId, data): def put(self, endpoint, objId, data):
headers = self.authentication() headers = self.authentication()
headers['Content-Type'] = 'application/json' headers['Content-Type'] = 'application/json'
# self.makeUrl(endpoint) # self.makeUrl(endpoint, objId)
url = '/'.join((self.baseUrl, endpoint, objId)) url = '/'.join((self.baseUrl, endpoint, objId))
resp = requests.put(url, json=data, headers=headers) resp = requests.put(url, json=data, headers=headers)
if resp.status_code >= 400: if resp.status_code >= 400: