def _update_attr_owned_by_cis(self, profile_json): """Updates the attributes owned by cisv2. Takes profiles profile_json and returns a profile json with updated values and sigs.""" # New up a a cis_profile object user = User(user_structure_json=profile_json) user.update_timestamp("last_modified") user.last_modified.value = user._get_current_utc_time() user.sign_attribute("last_modified", "cis")
def _update_attr_owned_by_cis(self, user_id, user): """ Updates the attributes owned by CIS itself. Updated attributes: - last_modified - active @user_id str of the user's user_id @user a cis_profile.User object to update the attributes of Returns a cis_profile.User object with updated, signed values """ logger.info("Updating CIS owned attributes", extra={"user_id": user_id}) user.update_timestamp("last_modified") user.last_modified.value = user._get_current_utc_time() user.sign_attribute("last_modified", "cis") # Currently we accept LDAP, HRIS and access_provider (auth0) disabling a user (eventually this could be only # HRIS and Auth0, or HRIS and CIS with write back to auth0) # Since CIS is authoritative on this attribute, we rewrite it here if user.active.signature.publisher.name in [ "ldap", "access_provider", "hris" ]: if self.config("verify_signatures", namespace="cis") == "true": logger.info("Verifying signature of attribute active", extra={"user_id": user_id}) user.verify_attribute_signature("active") else: logger.warning( "Verifying CIS owned signatures bypassed due to setting `verify_signatures` being false", extra={"user_id": user_id}, ) user.sign_attribute("active", "cis") # Re-verifying signatures for consistency, since we modified them if self.config("verify_signatures", namespace="cis") == "true": user.verify_attribute_signature("active") user.verify_attribute_signature("last_modified") else: logger.warning( "Verifying CIS owned signatures bypassed due to setting `verify_signatures` being false", extra={"user_id": user_id}, ) return user