Commit 44cd3518 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Handle errors in user construction

parent c092acde
...@@ -87,18 +87,26 @@ class OIDCTokenAuthBackend(object): ...@@ -87,18 +87,26 @@ class OIDCTokenAuthBackend(object):
# get the user info from the idp # get the user info from the idp
user_info = self.get_user_info(request, token) user_info = self.get_user_info(request, token)
idp_id = utils.get_session(request, 'idp_id', None) idp_id = utils.get_session(request, 'idp_id', None)
oidc_config = OIDCConfig.objects.get(id=idp_id)
try: try:
# if we know the user we return him # if we know the user we return him
oidc_config = OIDCConfig.objects.get(id=idp_id)
return oidc_config.users.get( return oidc_config.users.get(
sub=user_info['sub'] sub=user_info['sub']
) )
except ObjectDoesNotExist: except ObjectDoesNotExist:
# if we do not know the user yet, we create him try:
user = models.construct_user(user_info) # if we do not know the user yet, we create him
user.save() user = models.User.construct_from_user_info(
return user user_info,
oidc_config,
)
user.save()
return user
except Exception as exception:
LOGGER.error('OIDCTokenAuthBackend: error constructing user: %s', exception)
return None
def get_user(self, user_id): def get_user(self, user_id):
try: try:
......
...@@ -118,7 +118,7 @@ class AuthCallback(View): ...@@ -118,7 +118,7 @@ class AuthCallback(View):
else: else:
# user authenticated -> back to frontend # user authenticated -> back to frontend
login(request, user) login(request, user)
LOGGER.debug('oidc client %s authenticated user as %s', oidc_config, user) LOGGER.debug('AuthCallback: IdP %s authenticated user as %s', oidc_config, user)
response.set_cookie('sessionid', request.COOKIES['sessionid']) response.set_cookie('sessionid', request.COOKIES['sessionid'])
return response return response
......
...@@ -3,9 +3,9 @@ ...@@ -3,9 +3,9 @@
import json import json
import logging import logging
import pika
import requests import requests
from requests.auth import HTTPBasicAuth from requests.auth import HTTPBasicAuth
import pika
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser, Group from django.contrib.auth.models import AbstractUser, Group
from django.core.cache import cache from django.core.cache import cache
...@@ -21,7 +21,6 @@ LOGGER = logging.getLogger(__name__) ...@@ -21,7 +21,6 @@ LOGGER = logging.getLogger(__name__)
# singleton for simple configs # singleton for simple configs
# https://steelkiwi.com/blog/practical-application-singleton-design-pattern/ # https://steelkiwi.com/blog/practical-application-singleton-design-pattern/
class SingletonModel(models.Model): class SingletonModel(models.Model):
class Meta: class Meta:
abstract = True abstract = True
...@@ -358,15 +357,17 @@ class User(AbstractUser): ...@@ -358,15 +357,17 @@ class User(AbstractUser):
LOGGER.info(self._msg('deactivated')) LOGGER.info(self._msg('deactivated'))
def construct_user(user_info): @classmethod
return User( def construct_from_user_info(cls, user_info, idp):
sub=user_info['sub'], LOGGER.debug('User: constructing from %s', user_info)
name=user_info['name'], return cls(
first_name=user_info['given_name'], sub=user_info.get('sub', ''),
last_name=user_info['family_name'], first_name=user_info.get('given_name', ''),
email=user_info['email'], last_name=user_info.get('family_name', ''),
username=user_info['email'], email=user_info.get('email', ''),
) username=user_info.get('email', ''),
idp=idp,
)
class Site(models.Model): class Site(models.Model):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment