def get_user_classification(self, group_dn_list):
"""
Extend the users classification information with the configured group information
NB: This is not fully implemented at this point
:param group_dn_list: list of DNs the user is member of
:return:
"""
ret = CLASSIFICATION.UNRESTRICTED
for group_dn in group_dn_list:
if group_dn in self.classification_mappings:
ret = CLASSIFICATION.build_user_classification(
ret, self.classification_mappings[group_dn])
return ret
def parse_profile(profile, provider):
# Find email address and normalize it for further processing
email_adr = profile.get(
'email',
profile.get(
'emails',
profile.get('preferred_username', profile.get('upn', None))))
if isinstance(email_adr, list):
email_adr = email_adr[0]
if email_adr:
email_adr = email_adr.lower()
if "@" not in email_adr:
email_adr = None
# Find the name of the user
name = reorder_name(profile.get('name', profile.get('displayName', None)))
# Generate a username
if provider.uid_randomize:
# Use randomizer
uname = random_user(digits=provider.uid_randomize_digits,
delimiter=provider.uid_randomize_delimiter)
else:
# Generate it from email address
uname = profile.get('uname', email_adr)
# 1. Use provided regex matcher
if uname is not None and uname == email_adr and provider.uid_regex:
match = re.match(provider.uid_regex, uname)
if match:
if provider.uid_format:
uname = provider.uid_format.format(
*[x or "" for x in match.groups()]).lower()
else:
uname = ''.join(
[x for x in match.groups() if x is not None]).lower()
# 2. Parse name and domain form email if regex failed or missing
if uname is not None and uname == email_adr:
e_name, e_dom = uname.split("@", 1)
uname = f"{e_name}-{e_dom.split('.')[0]}"
# 3. Use name as username if there are no username found yet
if uname is None and name is not None:
uname = name.replace(" ", "-")
# Cleanup username
if uname:
uname = "".join([c for c in uname if c in VALID_CHARS])
# Get avatar from gravatar
if config.auth.oauth.gravatar_enabled and email_adr:
email_hash = hashlib.md5(email_adr.encode('utf-8')).hexdigest()
alternate = f"https://www.gravatar.com/avatar/{email_hash}?s=256&d=404&r=pg"
else:
alternate = None
# Compute access, roles and classification using auto_properties
access = True
roles = ['user']
classification = cl_engine.UNRESTRICTED
if provider.auto_properties:
for auto_prop in provider.auto_properties:
if auto_prop.type == "access":
# Set default access value for access pattern
access = auto_prop.value != "True"
# Get values for field
field_data = profile.get(auto_prop.field, None)
if not isinstance(field_data, list):
field_data = [field_data]
# Analyse field values
for value in field_data:
# If there is no value, no need to do any tests
if value is None:
continue
# Check access
if auto_prop.type == "access":
if re.match(auto_prop.pattern, value) is not None:
access = auto_prop.value == "True"
break
# Append roles from matching patterns
elif auto_prop.type == "role":
if re.match(auto_prop.pattern, value):
roles.append(auto_prop.value)
break
# Compute classification from matching patterns
elif auto_prop.type == "classification":
if re.match(auto_prop.pattern, value):
classification = cl_engine.build_user_classification(
classification, auto_prop.value)
break
return dict(access=access,
type=roles,
classification=classification,
uname=uname,
name=name,
email=email_adr,
password="******",
avatar=profile.get('picture', alternate))
def get_dynamic_classification(current_c12n, email):
if Classification.dynamic_groups and email:
dyn_group = email.upper().split('@')[1]
return Classification.build_user_classification(
current_c12n, f"{Classification.UNRESTRICTED}//{dyn_group}")
return current_c12n
