jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(api): add role to SSO assertion

Browse source
This commit is contained in:
Taha Yassine Kraiem 2021-12-03 18:24:50 +01:00
parent db4b2c5a62
commit 63946ad777
3 changed files with 33 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ee/api/chalicelib/blueprints/bp_saml.py
View file

@ -12,7 +12,7 @@ from chalicelib.utils.helper import environ
from onelogin.saml2.auth import OneLogin_Saml2_Logout_Request
from chalice import Response
from chalicelib.core import users, tenants
from chalicelib.core import users, tenants, roles
@app.route('/sso/saml2', methods=['GET'], authorizer=None)
@ -63,13 +63,21 @@ def process_sso_assertion():
if t is None:
print("invalid tenantKey, please copy the correct value from Preferences > Account")
return {"errors": ["invalid tenantKey, please copy the correct value from Preferences > Account"]}
print(user_data)
role_name = user_data.get("role", [])
if len(role_name) == 0:
print("No role specified, setting role to member")
role_name = ["member"]
role_name = role_name[0]
role = roles.get_role_by_name(tenant_id=t['tenantId'], name=role_name)
if role is None:
return {"errors": [f"role {role_name} not found, please create it in openreplay first"]}
if existing is None:
print("== new user ==")
users.create_sso_user(tenant_id=t['tenantId'], email=email, admin=True,
origin=SAML2_helper.get_saml2_provider(),
name=" ".join(user_data.get("firstName", []) + user_data.get("lastName", [])),
internal_id=internal_id)
internal_id=internal_id, role_id=role["roleId"])
else:
if t['tenantId'] != existing["tenantId"]:
print("user exists for a different tenant")

19
ee/api/chalicelib/core/roles.py
View file

@ -46,7 +46,7 @@ def create(tenant_id, user_id, name, description, permissions):
RETURNING *;""",
{"tenant_id": tenant_id, "name": name, "description": description, "permissions": permissions})
)
row=cur.fetchone()
row = cur.fetchone()
row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
return helper.dict_to_camel_case(row)
@ -67,6 +67,23 @@ def get_roles(tenant_id):
return helper.list_to_camel_case(rows)
def get_role_by_name(tenant_id, name):
with pg_client.PostgresClient() as cur:
cur.execute(
cur.mogrify("""SELECT *
FROM public.roles
where tenant_id =%(tenant_id)s
AND deleted_at IS NULL
AND name ILIKE %(name)s
;""",
{"tenant_id": tenant_id, "name": name})
)
row = cur.fetchone()
if row is not None:
row["created_at"] = TimeUTC.datetime_to_timestamp(row["created_at"])
return helper.dict_to_camel_case(row)
def delete(tenant_id, user_id, role_id):
admin = users.get(user_id=user_id, tenant_id=tenant_id)

8
ee/api/chalicelib/core/users.py
View file

@ -690,12 +690,12 @@ def authenticate_sso(email, internal_id, exp=None):
return None
def create_sso_user(tenant_id, email, admin, name, origin, internal_id=None):
def create_sso_user(tenant_id, email, admin, name, origin, role_id, internal_id=None):
with pg_client.PostgresClient() as cur:
query = cur.mogrify(f"""\
WITH u AS (
INSERT INTO public.users (tenant_id, email, role, name, data, origin, internal_id)
VALUES (%(tenantId)s, %(email)s, %(role)s, %(name)s, %(data)s, %(origin)s, %(internal_id)s)
INSERT INTO public.users (tenant_id, email, role, name, data, origin, internal_id, role_id)
VALUES (%(tenantId)s, %(email)s, %(role)s, %(name)s, %(data)s, %(origin)s, %(internal_id)s, %(role_id)s)
RETURNING *
),
au AS (
@ -715,7 +715,7 @@ def create_sso_user(tenant_id, email, admin, name, origin, internal_id=None):
FROM u;""",
{"tenantId": tenant_id, "email": email, "internal_id": internal_id,
"role": "admin" if admin else "member", "name": name, "origin": origin,
"data": json.dumps({"lastAnnouncementView": TimeUTC.now()})})
"role_id": role_id, "data": json.dumps({"lastAnnouncementView": TimeUTC.now()})})
cur.execute(
query
)