fix(admin): jwt api checks if new users groups exist

admin/src/admin/lib/admin.py

@@ -162,7 +162,7 @@ class Admin:
                 ddmail,
                 ddpassword,
                 group="admin",
-                temporary=False,
+                password_temporary=False,
             )
             self.keycloak.assign_realm_roles(uid, "admin")
             log.warning("KEYCLOAK: OK")
@@ -632,7 +632,7 @@ class Admin:
                     "gids": pathslist,
                     "quota": u["quota"],
                     "roles": [u["role"].strip()],
-                    "temporary": True
+                    "password_temporary": True
                     if u["password_temporal"].lower() == "yes"
                     else False,
                     "password": self.get_dice_pwd()
@@ -803,7 +803,7 @@ class Admin:
                 u["last"],
                 u["email"],
                 u["password"],
-                temporary=u["temporary"],
+                password_temporary=u["password_temporary"],
             )
             self.av.add_user_default_avatar(uid, u["roles"][0])
             # Add user to role and group rolename
@@ -1296,8 +1296,8 @@ class Admin:
                     externaluser["gids"].append(data["action"])
         return True
 
-    def user_update_password(self, userid, password, temporary):
+    def user_update_password(self, userid, password, password_temporary):
-        return self.keycloak.update_user_pwd(userid, password, temporary)
+        return self.keycloak.update_user_pwd(userid, password, password_temporary)
 
     def update_users_from_keycloak(self):
         kgroups = self.keycloak.get_groups()
@@ -1700,6 +1700,22 @@ class Admin:
                     pathpart = pathpart + "." + part
                 pathslist.append(pathpart)
 
+        for path in pathslist:
+            path = "/" + path.replace(".", "/")
+            log.warning(
+                " KEYCLOAK USERS: Assign user " + u["username"] + " to group " + path
+            )
+            try:
+                gid = self.keycloak.get_group_by_path(path=path)["id"]
+            except:
+                return False
+                # gid = self.keycloak.add_group_tree(path)
+                # log.warning("THE PATH "+str(path)+" HAS GID "+str(gid))
+                # self.moodle.add_system_cohort(path)
+                # self.nextcloud.add_group(path)
+                # self.resync_data()
+                # gid = self.keycloak.get_group_by_path(path=path)["id"]
+
         ### KEYCLOAK
         #######################
         ev = Events("Add user", u["username"], total=5)
@@ -1711,18 +1727,14 @@ class Admin:
             u["email"],
             u["password"],
             enabled=u["enabled"],
+            password_temporary=u.get("password_temporary", True),
         )
 
         self.av.add_user_default_avatar(uid, u["role"])
 
         # Add user to role and group rolename
         log.warning(
-            " KEYCLOAK USERS: Assign user "
+            " KEYCLOAK USERS: Assign user " + u["username"] + " to role " + u["role"]
-            + u["username"]
-            + " with initial pwd "
-            + u["password"]
-            + " to role "
-            + u["role"]
         )
         self.keycloak.assign_realm_roles(uid, u["role"])
         gid = self.keycloak.get_group_by_path(path="/" + u["role"])["id"]
@@ -1731,9 +1743,6 @@ class Admin:
         # Add user to groups
         for path in pathslist:
             path = "/" + path.replace(".", "/")
-            log.warning(
-                " KEYCLOAK USERS: Assign user " + u["username"] + " to group " + path
-            )
             gid = self.keycloak.get_group_by_path(path=path)["id"]
             self.keycloak.group_user_add(uid, gid)
             ev.increment({"name": "Added to system groups", "data": []})

admin/src/admin/lib/keycloak_client.py

@@ -152,7 +152,7 @@ class KeycloakClient:
         email,
         password,
         group=False,
-        temporary=True,
+        password_temporary=True,
         enabled=True,
     ):
         # RETURNS string with keycloak user id (the main id in this app)
@@ -167,7 +167,11 @@ class KeycloakClient:
                     "firstName": first,
                     "lastName": last,
                     "credentials": [
-                        {"type": "password", "value": password, "temporary": temporary}
+                        {
+                            "type": "password",
+                            "value": password,
+                            "temporary": password_temporary,
+                        }
                     ],
                 }
             )
@@ -186,11 +190,11 @@ class KeycloakClient:
             self.keycloak_admin.group_user_add(uid, gid)
         return uid
 
-    def update_user_pwd(self, user_id, password, temporary=True):
+    def update_user_pwd(self, user_id, password, password_temporary=True):
         # Updates
         payload = {
             "credentials": [
-                {"type": "password", "value": password, "temporary": temporary}
+                {"type": "password", "value": password, "temporary": password_temporary}
             ]
         }
         self.connect()

admin/src/admin/schemas/user.yml

@@ -13,6 +13,10 @@ email:
 password:
   required: true
   type: string
+password_temporary:
+  required: false
+  type: boolean
+  default: true
 quota:
   required: true
   type: string

admin/src/admin/views/ApiViews.py

@@ -172,7 +172,13 @@ def ddapi_user(user_ddid=None):
 
         if app.admin.get_user_username(data["username"]):
             raise Error("conflict", "User id already exists")
+        data = app.validators["user"].normalized(data)
         keycloak_id = app.admin.add_user(data)
+        if not keycloak_id:
+            raise Error(
+                "precondition_required",
+                "Not all user groups already in system. Please create user groups before adding user.",
+            )
         return (
             json.dumps({"keycloak_id": keycloak_id}),
             200,