From 5d9231d7246f80630d4814538314d17b029e2841 Mon Sep 17 00:00:00 2001 From: darta Date: Mon, 16 May 2022 10:12:11 +0200 Subject: [PATCH] fix(admin): jwt api checks if new users groups exist --- admin/src/admin/lib/admin.py | 39 ++++++++++++++++---------- admin/src/admin/lib/keycloak_client.py | 12 +++++--- admin/src/admin/schemas/user.yml | 4 +++ admin/src/admin/views/ApiViews.py | 6 ++++ 4 files changed, 42 insertions(+), 19 deletions(-) diff --git a/admin/src/admin/lib/admin.py b/admin/src/admin/lib/admin.py index 1286cfb..4bd75f9 100644 --- a/admin/src/admin/lib/admin.py +++ b/admin/src/admin/lib/admin.py @@ -162,7 +162,7 @@ class Admin: ddmail, ddpassword, group="admin", - temporary=False, + password_temporary=False, ) self.keycloak.assign_realm_roles(uid, "admin") log.warning("KEYCLOAK: OK") @@ -632,7 +632,7 @@ class Admin: "gids": pathslist, "quota": u["quota"], "roles": [u["role"].strip()], - "temporary": True + "password_temporary": True if u["password_temporal"].lower() == "yes" else False, "password": self.get_dice_pwd() @@ -803,7 +803,7 @@ class Admin: u["last"], u["email"], u["password"], - temporary=u["temporary"], + password_temporary=u["password_temporary"], ) self.av.add_user_default_avatar(uid, u["roles"][0]) # Add user to role and group rolename @@ -1296,8 +1296,8 @@ class Admin: externaluser["gids"].append(data["action"]) return True - def user_update_password(self, userid, password, temporary): - return self.keycloak.update_user_pwd(userid, password, temporary) + def user_update_password(self, userid, password, password_temporary): + return self.keycloak.update_user_pwd(userid, password, password_temporary) def update_users_from_keycloak(self): kgroups = self.keycloak.get_groups() @@ -1700,6 +1700,22 @@ class Admin: pathpart = pathpart + "." + part pathslist.append(pathpart) + for path in pathslist: + path = "/" + path.replace(".", "/") + log.warning( + " KEYCLOAK USERS: Assign user " + u["username"] + " to group " + path + ) + try: + gid = self.keycloak.get_group_by_path(path=path)["id"] + except: + return False + # gid = self.keycloak.add_group_tree(path) + # log.warning("THE PATH "+str(path)+" HAS GID "+str(gid)) + # self.moodle.add_system_cohort(path) + # self.nextcloud.add_group(path) + # self.resync_data() + # gid = self.keycloak.get_group_by_path(path=path)["id"] + ### KEYCLOAK ####################### ev = Events("Add user", u["username"], total=5) @@ -1711,18 +1727,14 @@ class Admin: u["email"], u["password"], enabled=u["enabled"], + password_temporary=u.get("password_temporary", True), ) self.av.add_user_default_avatar(uid, u["role"]) # Add user to role and group rolename log.warning( - " KEYCLOAK USERS: Assign user " - + u["username"] - + " with initial pwd " - + u["password"] - + " to role " - + u["role"] + " KEYCLOAK USERS: Assign user " + u["username"] + " to role " + u["role"] ) self.keycloak.assign_realm_roles(uid, u["role"]) gid = self.keycloak.get_group_by_path(path="/" + u["role"])["id"] @@ -1731,12 +1743,9 @@ class Admin: # Add user to groups for path in pathslist: path = "/" + path.replace(".", "/") - log.warning( - " KEYCLOAK USERS: Assign user " + u["username"] + " to group " + path - ) gid = self.keycloak.get_group_by_path(path=path)["id"] self.keycloak.group_user_add(uid, gid) - ev.increment({"name": "Added to system groups", "data": []}) + ev.increment({"name": "Added to system groups", "data": []}) pathslist.append(u["role"]) ### MOODLE diff --git a/admin/src/admin/lib/keycloak_client.py b/admin/src/admin/lib/keycloak_client.py index 6aa3ba9..da316cb 100644 --- a/admin/src/admin/lib/keycloak_client.py +++ b/admin/src/admin/lib/keycloak_client.py @@ -152,7 +152,7 @@ class KeycloakClient: email, password, group=False, - temporary=True, + password_temporary=True, enabled=True, ): # RETURNS string with keycloak user id (the main id in this app) @@ -167,7 +167,11 @@ class KeycloakClient: "firstName": first, "lastName": last, "credentials": [ - {"type": "password", "value": password, "temporary": temporary} + { + "type": "password", + "value": password, + "temporary": password_temporary, + } ], } ) @@ -186,11 +190,11 @@ class KeycloakClient: self.keycloak_admin.group_user_add(uid, gid) return uid - def update_user_pwd(self, user_id, password, temporary=True): + def update_user_pwd(self, user_id, password, password_temporary=True): # Updates payload = { "credentials": [ - {"type": "password", "value": password, "temporary": temporary} + {"type": "password", "value": password, "temporary": password_temporary} ] } self.connect() diff --git a/admin/src/admin/schemas/user.yml b/admin/src/admin/schemas/user.yml index b94083d..6cc9770 100644 --- a/admin/src/admin/schemas/user.yml +++ b/admin/src/admin/schemas/user.yml @@ -13,6 +13,10 @@ email: password: required: true type: string +password_temporary: + required: false + type: boolean + default: true quota: required: true type: string diff --git a/admin/src/admin/views/ApiViews.py b/admin/src/admin/views/ApiViews.py index 91d152e..f095d18 100644 --- a/admin/src/admin/views/ApiViews.py +++ b/admin/src/admin/views/ApiViews.py @@ -172,7 +172,13 @@ def ddapi_user(user_ddid=None): if app.admin.get_user_username(data["username"]): raise Error("conflict", "User id already exists") + data = app.validators["user"].normalized(data) keycloak_id = app.admin.add_user(data) + if not keycloak_id: + raise Error( + "precondition_required", + "Not all user groups already in system. Please create user groups before adding user.", + ) return ( json.dumps({"keycloak_id": keycloak_id}), 200,