if there are tenant specific fields in the config, transfer them from openid token to db

This commit is contained in:
burnettk 2023-02-04 00:03:32 -05:00
parent 8ff42f1b1b
commit a9f00ce1a7
5 changed files with 81 additions and 21 deletions

View File

@ -0,0 +1,32 @@
"""empty message
Revision ID: ca9b79dde5cc
Revises: 2ec4222f0012
Create Date: 2023-02-03 21:06:56.396816
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = 'ca9b79dde5cc'
down_revision = '2ec4222f0012'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column('user', sa.Column('tenant_specific_field_1', sa.String(length=255), nullable=True))
op.add_column('user', sa.Column('tenant_specific_field_2', sa.String(length=255), nullable=True))
op.add_column('user', sa.Column('tenant_specific_field_3', sa.String(length=255), nullable=True))
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column('user', 'tenant_specific_field_3')
op.drop_column('user', 'tenant_specific_field_2')
op.drop_column('user', 'tenant_specific_field_1')
# ### end Alembic commands ###

View File

@ -51,6 +51,19 @@ def load_config_file(app: Flask, env_config_module: str) -> None:
) from exception ) from exception
def _set_up_tenant_specific_fields_as_list_of_strings(app: Flask) -> None:
tenant_specific_fields = app.config.get("TENANT_SPECIFIC_FIELDS")
if tenant_specific_fields is None or tenant_specific_fields == "":
app.config["TENANT_SPECIFIC_FIELDS"] = []
else:
app.config["TENANT_SPECIFIC_FIELDS"] = tenant_specific_fields.split(",")
if len(app.config["TENANT_SPECIFIC_FIELDS"]) > 3:
raise ConfigurationError(
"TENANT_SPECIFIC_FIELDS can have a maximum of 3 fields"
)
def setup_config(app: Flask) -> None: def setup_config(app: Flask) -> None:
"""Setup_config.""" """Setup_config."""
# ensure the instance folder exists # ensure the instance folder exists
@ -108,3 +121,4 @@ def setup_config(app: Flask) -> None:
thread_local_data = threading.local() thread_local_data = threading.local()
app.config["THREAD_LOCAL_DATA"] = thread_local_data app.config["THREAD_LOCAL_DATA"] = thread_local_data
_set_up_tenant_specific_fields_as_list_of_strings(app)

View File

@ -72,7 +72,7 @@ GIT_SSH_PRIVATE_KEY = environ.get("GIT_SSH_PRIVATE_KEY")
GIT_USERNAME = environ.get("GIT_USERNAME") GIT_USERNAME = environ.get("GIT_USERNAME")
GIT_USER_EMAIL = environ.get("GIT_USER_EMAIL") GIT_USER_EMAIL = environ.get("GIT_USER_EMAIL")
# Datbase Configuration # Database Configuration
SPIFF_DATABASE_TYPE = environ.get( SPIFF_DATABASE_TYPE = environ.get(
"SPIFF_DATABASE_TYPE", default="mysql" "SPIFF_DATABASE_TYPE", default="mysql"
) # can also be sqlite, postgres ) # can also be sqlite, postgres
@ -88,3 +88,8 @@ SYSTEM_NOTIFICATION_PROCESS_MODEL_MESSAGE_ID = environ.get(
ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int( ALLOW_CONFISCATING_LOCK_AFTER_SECONDS = int(
environ.get("ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600") environ.get("ALLOW_CONFISCATING_LOCK_AFTER_SECONDS", default="600")
) )
# Tenant specific fields is a comma separated list of field names that we will convert to list of strings
# and store in the user table's tenant_specific_field_n columns. You can have up to three items in this
# comma-separated list.
TENANT_SPECIFIC_FIELDS = environ.get("TENANT_SPECIFIC_FIELDS")

View File

@ -34,6 +34,9 @@ class UserModel(SpiffworkflowBaseDBModel):
service_id = db.Column(db.String(255), nullable=False, unique=False) service_id = db.Column(db.String(255), nullable=False, unique=False)
display_name = db.Column(db.String(255)) display_name = db.Column(db.String(255))
email = db.Column(db.String(255)) email = db.Column(db.String(255))
tenant_specific_field_1 = db.Column(db.String(255))
tenant_specific_field_2 = db.Column(db.String(255))
tenant_specific_field_3 = db.Column(db.String(255))
updated_at_in_seconds: int = db.Column(db.Integer) updated_at_in_seconds: int = db.Column(db.Integer)
created_at_in_seconds: int = db.Column(db.Integer) created_at_in_seconds: int = db.Column(db.Integer)

View File

@ -484,38 +484,44 @@ class AuthorizationService:
.filter(UserModel.service_id == user_info["sub"]) .filter(UserModel.service_id == user_info["sub"])
.first() .first()
) )
email = display_name = username = "" user_attributes = {}
if "email" in user_info: if "email" in user_info:
username = user_info["email"] user_attributes["username"] = user_info["email"]
email = user_info["email"] user_attributes["email"] = user_info["email"]
else: # we fall back to the sub, which may be very ugly. else: # we fall back to the sub, which may be very ugly.
username = user_info["sub"] + "@" + user_info["iss"] fallback_username = user_info["sub"] + "@" + user_info["iss"]
user_attributes["username"] = fallback_username
if "preferred_username" in user_info: if "preferred_username" in user_info:
display_name = user_info["preferred_username"] user_attributes["display_name"] = user_info[
"preferred_username"
]
elif "nickname" in user_info: elif "nickname" in user_info:
display_name = user_info["nickname"] user_attributes["display_name"] = user_info["nickname"]
elif "name" in user_info: elif "name" in user_info:
display_name = user_info["name"] user_attributes["display_name"] = user_info["name"]
user_attributes["service"] = user_info["iss"]
user_attributes["service_id"] = user_info["sub"]
for field_index, tenant_specific_field in enumerate(
current_app.config["TENANT_SPECIFIC_FIELDS"]
):
if tenant_specific_field in user_info:
field_number = field_index + 1
user_attributes[
f"tenant_specific_field_{field_number}"
] = user_info[tenant_specific_field]
if user_model is None: if user_model is None:
current_app.logger.debug("create_user in login_return") current_app.logger.debug("create_user in login_return")
is_new_user = True is_new_user = True
user_model = UserService().create_user( user_model = UserService().create_user(**user_attributes)
username=username,
service=user_info["iss"],
service_id=user_info["sub"],
email=email,
display_name=display_name,
)
else: else:
# Update with the latest information # Update with the latest information
user_model.username = username for key, value in user_attributes.items():
user_model.email = email setattr(user_model, key, value)
user_model.display_name = display_name
user_model.service = user_info["iss"]
user_model.service_id = user_info["sub"]
# this may eventually get too slow. # this may eventually get too slow.
# when it does, be careful about backgrounding, because # when it does, be careful about backgrounding, because