paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

saml: Add support for syncing user role.

Browse Source 
Replace the SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT with
SOCIAL_AUTH_SYNC_ATTRS_DICT, designed to support also regular user attrs
like role or full name (in the future).

Custom attributes can stay configured as they were and will get merged
into SOCIAL_AUTH_SYNC_ATTRS_DICT in computed_settings, or can be
specified in SOCIAL_AUTH_SYNC_ATTRS_DICT directly with "custom__"
prefix.

The role sync is plumbed through to user creation, so users can
immediately be created with their intended role as provided by the IdP
when they're creating their account, even when doing this flow without
an invitiation.
This commit is contained in:
Mateusz Mandera
2024-08-04 01:32:32 +02:00
committed by Tim Abbott
parent 9841bb9522
commit 833dce8a13
7 changed files with 289 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
zproject/computed_settings.py
View File

@@ -62,6 +62,8 @@ from .configured_settings import (
SOCIAL_AUTH_SAML_ENABLED_IDPS,
SOCIAL_AUTH_SAML_SECURITY_CONFIG,
SOCIAL_AUTH_SUBDOMAIN,
SOCIAL_AUTH_SYNC_ATTRS_DICT,
SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT,
STATIC_URL,
SUBMIT_USAGE_STATISTICS,
TORNADO_PORTS,
@@ -1181,6 +1183,25 @@ for idp_name, idp_dict in SOCIAL_AUTH_SAML_ENABLED_IDPS.items():
path = f"/etc/zulip/saml/idps/{idp_name}.crt"
idp_dict["x509cert"] = get_from_file_if_exists(path)
def ensure_dict_path(d: dict[str, Any], keys: list[str]) -> None:
for key in keys:
if key not in d:
d[key] = {}
d = d[key]
# Merge SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT into SOCIAL_AUTH_SYNC_ATTRS_DICT.
# This is compat code for the original SOCIAL_AUTH_CUSTOM_ATTRS_DICT setting.
# TODO/compatibility: Remove this for release Zulip 10.0.
for subdomain, dict_for_subdomain in SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT.items():
for backend_name, custom_attrs_map in dict_for_subdomain.items():
ensure_dict_path(SOCIAL_AUTH_SYNC_ATTRS_DICT, [subdomain, backend_name])
for custom_attr_name, source_attr_name in custom_attrs_map.items():
SOCIAL_AUTH_SYNC_ATTRS_DICT[subdomain][backend_name][f"custom__{custom_attr_name}"] = (
source_attr_name
)
SOCIAL_AUTH_PIPELINE = [
"social_core.pipeline.social_auth.social_details",
"zproject.backends.social_auth_associate_user",