github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-08 02:39:22 +00:00
Code Issues Projects Releases Wiki Activity

perf: Support SAML2, OIDC user authentication services, mapping user group field information

Browse Source
This commit is contained in:
feng
2024-08-29 19:23:04 +08:00
committed by feng626
parent 1068662ab1
commit c545e2a3aa
4 changed files with 67 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/authentication/backends/oidc/backends.py
View File

@@ -8,27 +8,26 @@
"""
import base64
import requests
from rest_framework.exceptions import ParseError
import requests
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import SuspiciousOperation
from django.db import transaction
from django.urls import reverse
from django.conf import settings
from rest_framework.exceptions import ParseError
from common.utils import get_logger
from authentication.signals import user_auth_success, user_auth_failed
from authentication.utils import build_absolute_uri_for_oidc
from common.utils import get_logger
from users.utils import construct_user_email
from ..base import JMSBaseAuthBackend
from .utils import validate_and_return_id_token
from .decorator import ssl_verification
from .signals import (
openid_create_or_update_user
)
from authentication.signals import user_auth_success, user_auth_failed
from .utils import validate_and_return_id_token
from ..base import JMSBaseAuthBackend
logger = get_logger(__file__)
@@ -55,16 +54,17 @@ class UserMixin:
logger.debug(log_prompt.format(user_attrs))
username = user_attrs.get('username')
name = user_attrs.get('name')
groups = user_attrs.pop('groups', None)
user, created = get_user_model().objects.get_or_create(
username=username, defaults=user_attrs
)
user_attrs['groups'] = groups
logger.debug(log_prompt.format("user: {}|created: {}".format(user, created)))
logger.debug(log_prompt.format("Send signal => openid create or update user"))
openid_create_or_update_user.send(
sender=self.__class__, request=request, user=user, created=created,
name=name, username=username, email=email
sender=self.__class__, request=request, user=user,
created=created, attrs=user_attrs,
)
return user, created
@@ -269,7 +269,8 @@ class OIDCAuthPasswordBackend(OIDCBaseBackend):
# Calls the token endpoint.
logger.debug(log_prompt.format('Call the token endpoint'))
token_response = requests.post(settings.AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT, data=token_payload, timeout=request_timeout)
token_response = requests.post(settings.AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT, data=token_payload,
timeout=request_timeout)
try:
token_response.raise_for_status()
token_response_data = token_response.json()

4
apps/authentication/backends/saml2/backends.py
View File

@@ -27,9 +27,13 @@ class SAML2Backend(JMSModelBackend):
log_prompt = "Get or Create user [SAML2Backend]: {}"
logger.debug(log_prompt.format('start'))
groups = saml_user_data.pop('groups', None)
user, created = get_user_model().objects.get_or_create(
username=saml_user_data['username'], defaults=saml_user_data
)
saml_user_data['groups'] = groups
logger.debug(log_prompt.format("user: {}|created: {}".format(user, created)))
logger.debug(log_prompt.format("Send signal => saml2 create or update user"))

3
apps/authentication/backends/saml2/views.py
View File

@@ -87,6 +87,7 @@ class PrepareRequestMixin:
('name', 'name', False),
('phone', 'phone', False),
('comment', 'comment', False),
('groups', 'groups', False),
)
attr_list = []
for name, friend_name, is_required in need_attrs:
@@ -185,7 +186,7 @@ class PrepareRequestMixin:
user_attrs = {}
attr_mapping = settings.SAML2_RENAME_ATTRIBUTES
attrs = saml_instance.get_attributes()
valid_attrs = ['username', 'name', 'email', 'comment', 'phone']
valid_attrs = ['username', 'name', 'email', 'comment', 'phone', 'groups']
for attr, value in attrs.items():
attr = attr.rsplit('/', 1)[-1]