def create_user(self, claims):
"""Return object for a newly created user account."""
# Overriding lib's logic, use preferred_username from oidc as username
username = claims.get(
import_from_settings('OIDC_USERNAME_ATTRIBUTE',
'preferred_username'), '')
email = claims.get('email', '')
first_name = claims.get('given_name', '')
last_name = claims.get('family_name', '')
if not username:
if not email:
LOG.debug(
"OpenID Connect no username and email while creating new user"
)
return None
username = default_username_algo(email)
return self.UserModel.objects.create_user(
username=username,
email=email,
first_name=first_name,
last_name=last_name,
is_superuser=self.is_hue_superuser(claims))
def create_user(self, claims):
"""
Create a user account for the given claims.
This method is overridden to ensure we create a user account
which will work in the DUA world.
"""
username = claims.get("preferred_username", default_username_algo(claims["email"]))
user = self.UserModel(username=username, email=claims["email"])
user._disable_account_creation = True
user.set_unusable_password()
user.save()
extra = {}
if claims.get("zoneinfo"):
extra["timezone"] = claims["zoneinfo"]
if claims.get("locale"):
extra["language"] = claims["locale"]
Account.create(**{
"request": self.request,
"user": user,
"create_email": False,
**extra,
})
if claims.get("email_verified", False):
EmailAddress.objects.create(
email=user.email,
verified=True,
primary=True,
)
else:
EmailAddress.objects.add_email(user, user.email, confirm=True)
return user
def handle(self, *args, **options):
email = options['email']
if not email:
email = input('Email: ').strip()
if ' ' in email or email.count('@') != 1:
raise CommandError(f'Invalid email {email!r}')
try:
user = User.objects.get(email__iexact=email)
except User.DoesNotExist:
username_algo = import_from_settings('OIDC_USERNAME_ALGO', None)
if username_algo:
username = username_algo(email)
else:
username = default_username_algo(email)
user = User.objects.create(
username=username,
email=email,
)
user.set_unusable_password()
self.stdout.write(self.style.WARNING('User created'))
user.is_superuser = not user.is_superuser
user.is_active = True # just to be sure
user.save()
if user.is_superuser:
self.stdout.write(
self.style.SUCCESS(f'{email} PROMOTED to superuser'))
else:
self.stdout.write(
self.style.WARNING(f'{email} DEMOTED to superuser'))
def handle(self, *args, **options):
jsonfile = options['jsonfile']
if jsonfile:
with open(jsonfile) as f:
users = json.load(f)
else:
# Reading from stdin is convenient since the host and
# docker don't necessary share filesystem.
users = json.load(sys.stdin)
self.stdout.write(self.style.SUCCESS(f'Import {len(users)} users'))
uploaders = Group.objects.get(name='Uploaders')
count_creations = 0
for email in users:
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
username_algo = import_from_settings('OIDC_USERNAME_ALGO',
None)
if username_algo:
username = username_algo(email)
else:
username = default_username_algo(email)
user = User.objects.create(
username=username,
email=email,
)
user.set_unusable_password()
self.stdout.write(
self.style.SUCCESS(f'User created ({user.email})'))
# Put the user in the Uploaders group so they can have
# the right permissions they need when they generate
# their API tokens.
user.groups.add(uploaders)
tokens = users[email]
if not tokens:
self.stdout.write(
self.style.WARNING(
f'{user.email} has no active API tokens'))
for token in tokens:
if Token.objects.filter(user=user, key=token['key']):
continue
Token.objects.create(user=user,
key=token['key'],
notes=token['notes'],
expires_at=token['expires'])
count_creations += 1
self.stdout.write(
self.style.SUCCESS(f'Created {count_creations} API tokens'))
def create_user(self, claims):
"""Return object for a newly created user account."""
# Overriding lib's logic, use preferred_username from oidc as username
username = claims.get(import_from_settings('OIDC_USERNAME_ATTRIBUTE', 'preferred_username'), '')
email = claims.get('email', '')
first_name = claims.get('given_name', '')
last_name = claims.get('family_name', '')
if not username:
if not email:
LOG.debug("OpenID Connect no username and email while creating new user")
return None
username = default_username_algo(email)
return self.UserModel.objects.create_user(username=username, email=email,
first_name=first_name, last_name=last_name,
is_superuser=self.is_hue_superuser(claims))
def run_test(self, data, expected):
actual = default_username_algo(data)
self.assertEqual(actual, expected)
self.assertEqual(type(actual), type(expected))
