fix: 更新OIDC配置时，将keycloak配置转换为openid (#6893)

* fix: 修改磁盘使用等key值 * fix: 更新OIDC配置时，将keycloak配置转换为openid Co-authored-by: Michael Bai <baijiangjie@gmail.com>
2025-09-05 09:21:02 +00:00 · 2021-09-16 18:57:09 +08:00
parent a784a33203
commit c26ca20ad8
2 changed files with 98 additions and 52 deletions
--- a/apps/settings/models.py
+++ b/apps/settings/models.py
@@ -84,6 +84,7 @@ class Setting(models.Model):
            getattr(self.__class__, f'refresh_{self.name}')()
        else:
            setattr(settings, self.name, self.cleaned_value)
+        self.refresh_keycloak_to_openid_if_need()

    @classmethod
    def refresh_authentications(cls, name):
@@ -129,6 +130,41 @@ class Setting(models.Model):
    def refresh_AUTH_OPENID(cls):
        cls.refresh_authentications('AUTH_OPENID')

+    def refresh_keycloak_to_openid_if_need(self):
+        watch_config_names = [
+            'AUTH_OPENID', 'AUTH_OPENID_REALM_NAME', 'AUTH_OPENID_SERVER_URL',
+            'AUTH_OPENID_PROVIDER_ENDPOINT', 'AUTH_OPENID_KEYCLOAK'
+        ]
+        if self.name not in watch_config_names:
+            # 不在监听的配置中, 不需要刷新
+            return
+        auth_keycloak = self.__class__.objects.filter(name='AUTH_OPENID_KEYCLOAK').first()
+        if not auth_keycloak or not auth_keycloak.cleaned_value:
+            # 关闭 Keycloak 方式的配置, 不需要刷新
+            return
+
+        from jumpserver.conf import Config
+        config_names = [
+            'AUTH_OPENID', 'AUTH_OPENID_REALM_NAME',
+            'AUTH_OPENID_SERVER_URL', 'AUTH_OPENID_PROVIDER_ENDPOINT'
+        ]
+        # 获取当前 keycloak 配置
+        keycloak_config = {}
+        for name in config_names:
+            setting = self.__class__.objects.filter(name=name).first()
+            if not setting:
+                continue
+            value = setting.cleaned_value
+            keycloak_config[name] = value
+
+        # 转化 keycloak 配置为 openid 配置
+        openid_config = Config.convert_keycloak_to_openid(keycloak_config)
+        if not openid_config:
+            return
+        # 刷新 settings
+        for key, value in openid_config.items():
+            setattr(settings, key, value)
+
    @classmethod
    def refresh_AUTH_RADIUS(cls):
        cls.refresh_authentications('AUTH_RADIUS')