Commit 05b622e0 authored by Lukas Burgey's avatar Lukas Burgey

Fix a bug in the userinfo parsing

parent d9c79088
......@@ -269,19 +269,26 @@ class User(AbstractUser):
remote_entitlements_raw = []
# determine upstream entitlements
if self.idp.userinfo_field_entitlements in userinfo:
field = userinfo[self.idp.userinfo_field_entitlements]
if isinstance(field, list):
remote_entitlements = [
Entitlement.extract_name(name)
for name in field
]
remote_entitlements_raw = field
elif isinstance(field, str):
remote_entitlements = [Entitlement.extract_name(field)]
remote_entitlements_raw = [field]
if self.idp.userinfo_field_entitlements != '':
if self.idp.userinfo_field_entitlements in userinfo:
field = userinfo[self.idp.userinfo_field_entitlements]
if isinstance(field, list):
remote_entitlements = [
Entitlement.extract_name(name)
for name in field
]
remote_entitlements_raw = field
elif isinstance(field, str):
remote_entitlements = [Entitlement.extract_name(field)]
remote_entitlements_raw = [field]
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)
LOGGER.info(
'Userinfo from the idp %s does not contain the configured field %s. Change the OIDC Config',
self.idp,
self.idp.userinfo_field_entitlements,
)
# check if local_entitlements were removed
for loc_ent in local_entitlements:
......@@ -301,14 +308,21 @@ class User(AbstractUser):
local_groups = self.vos.instance_of(Group)
remote_groups = []
if not ignore_groups and self.idp.userinfo_field_groups in userinfo:
field = userinfo[self.idp.userinfo_field_entitlements]
if isinstance(field, list):
remote_groups = field
elif isinstance(field, str):
remote_groups = [field]
if self.idp.userinfo_field_groups != '' and not ignore_groups:
if self.idp.userinfo_field_groups in userinfo:
field = userinfo[self.idp.userinfo_field_groups]
if isinstance(field, list):
remote_groups = field
elif isinstance(field, str):
remote_groups = [field]
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_groups)
else:
LOGGER.error('Userinfo field %s is neither str nor list', self.idp.userinfo_field_entitlements)
LOGGER.info(
'Userinfo from the idp %s does not contain the configured field %s. Change the OIDC Config',
self.idp,
self.idp.userinfo_field_groups,
)
# check if groups were removed
for group in local_groups:
......@@ -317,7 +331,7 @@ class User(AbstractUser):
# check if groups were added
for group_name in remote_groups:
group = Group.get_group(name=group_name, idp=self.idp)
group = Group.get_group(group_name, self.idp)
# check if user needs to be in this group
if not self.vos.filter(name=group_name, idp=self.idp).exists():
......@@ -373,6 +387,7 @@ class User(AbstractUser):
self.userinfo = userinfo
self.save()
ignore_group = False
ignore_groups = self.update_userinfo_entitlements(userinfo)
self.update_userinfo_groups(userinfo, ignore_groups=ignore_groups)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment