Skip to content

Commit

Permalink
added filter and keycloak specific booleans
Browse files Browse the repository at this point in the history
  • Loading branch information
@lme-nca
lme-nca committed Mar 15, 2024
1 parent 4ca3857 commit 49412f1
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 9 deletions.
3 changes: 3 additions & 0 deletions dojo/context_processors.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ def globalize_vars(request):
"AZUREAD_TENANT_OAUTH2_GET_GROUPS": settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS,
"AZUREAD_TENANT_OAUTH2_GROUPS_FILTER": settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER,
"AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS": settings.AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS,
"KEYCLOAK_TENANT_OAUTH2_GET_GROUPS": settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS,
"KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER": settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER,
"KEYCLOAK_TENANT_OAUTH2_CLEANUP_GROUPS": settings.AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS,
"KEYCLOAK_ENABLED": settings.KEYCLOAK_OAUTH2_ENABLED,
"SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT": settings.SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT,
"GITHUB_ENTERPRISE_ENABLED": settings.GITHUB_ENTERPRISE_OAUTH2_ENABLED,
Expand Down
2 changes: 1 addition & 1 deletion dojo/group/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def group_post_save_handler(sender, **kwargs):
group.save()

user = get_current_user()
if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS:
if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS and not settings.KEYCLOAK_TENANT_OAUTH2_GET_GROUPS:
# Add the current user as the owner of the group
member = Dojo_Group_Member()
member.user = user
Expand Down
24 changes: 16 additions & 8 deletions dojo/pipeline.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from django.conf import settings
from dojo.models import Product, Product_Member, Product_Type, Role, Dojo_Group, Dojo_Group_Member
from social_core.backends.azuread_tenant import AzureADTenantOAuth2
from social_core.backends.open_id_connect import OpenIdConnectAuth
from social_core.backends.google import GoogleOAuth2
from dojo.authorization.roles_permissions import Permissions, Roles
from dojo.product.queries import get_authorized_products
Expand Down Expand Up @@ -66,19 +67,26 @@ def modify_permissions(backend, uid, user=None, social=None, *args, **kwargs):


def update_keycloak_groups(backend, uid, user=None, social=None, *args, **kwargs):
if settings.KEYCLOAK_OAUTH2_ENABLED: #need another setting to enable syncing
if settings.KEYCLOAK_OAUTH2_ENABLED and settings.KEYCLOAK_TENANT_OAUTH2_GET_GROUPS and isinstance(backend, OpenIdConnectAuth):
soc = user.social_auth.order_by("-created").first()
token = soc.extra_data['access_token']
print("accesstoken: " + str(token))
print("response raw: " + str(kwargs['response']))
#print("accesstoken: " + str(token))

Check notice on line 73 in dojo/pipeline.py

View workflow job for this annotation

GitHub Actions / flake8-your-pr

dojo/pipeline.py#L73 

block comment should start with '# ' (E265)
#print("response raw: " + str(kwargs['response']))

Check notice on line 74 in dojo/pipeline.py

View workflow job for this annotation

GitHub Actions / flake8-your-pr

dojo/pipeline.py#L74 

block comment should start with '# ' (E265)
group_names = []
if 'groups' not in kwargs['response'] or kwargs['response']['groups'] == "":
logger.warning("No groups in response. Stopping to update groups of user based on azureAD")
return
group_IDs = kwargs['response']['groups'] # probably need another setting with a regex ?
if len(group_IDs) > 0:
assign_user_to_groups(user, group_IDs, 'Keycloak')
if settings.AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS:
cleanup_old_groups_for_user(user, group_IDs)
group_ids = kwargs['response']['groups'] # probably need another setting with a regex ?

Check notice on line 79 in dojo/pipeline.py

View workflow job for this annotation

GitHub Actions / flake8-your-pr

dojo/pipeline.py#L79 

at least two spaces before inline comment (E261)
for group_from_response in group_ids:
if settings.KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER == "" or re.search(settings.KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER, group_from_response):
group_names.append(group_from_response)
else:
logger.debug("Skipping group " + group_from_response + " due to KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER " + settings.KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER)

if len(group_names) > 0:
assign_user_to_groups(user, group_names, 'Keycloak')
if settings.KEYCLOAK_TENANT_OAUTH2_CLEANUP_GROUPS:
cleanup_old_groups_for_user(user, group_names)

def update_azure_groups(backend, uid, user=None, social=None, *args, **kwargs):

Check notice on line 91 in dojo/pipeline.py

View workflow job for this annotation

GitHub Actions / flake8-your-pr

dojo/pipeline.py#L91 

expected 2 blank lines, found 1 (E302)
if settings.AZUREAD_TENANT_OAUTH2_ENABLED and settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS and isinstance(backend, AzureADTenantOAuth2):
Expand Down
7 changes: 7 additions & 0 deletions dojo/settings/settings.dist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@
DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=(bool, False),
DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER=(str, ''),
DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS=(bool, True),
DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_GET_GROUPS=(bool, False),
DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_CLEANUP_GROUPS=(bool, True),
DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_GROUPS_FILTER=(str, ''),
DD_SOCIAL_AUTH_GITLAB_OAUTH2_ENABLED=(bool, False),
DD_SOCIAL_AUTH_GITLAB_PROJECT_AUTO_IMPORT=(bool, False),
DD_SOCIAL_AUTH_GITLAB_PROJECT_IMPORT_TAGS=(bool, False),
Expand Down Expand Up @@ -639,6 +642,10 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
SOCIAL_AUTH_OIDC_SECRET = env('DD_SOCIAL_AUTH_KEYCLOAK_SECRET')
SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT = env('DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT')

KEYCLOAK_TENANT_OAUTH2_GET_GROUPS = env('DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_GET_GROUPS')
KEYCLOAK_TENANT_OAUTH2_CLEANUP_GROUPS = env('DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_CLEANUP_GROUPS')
KEYCLOAK_TENANT_OAUTH2_GROUPS_FILTER = env('DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_GROUPS_FILTER')

# SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = env('DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY')
# SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = env('DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL')
# SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = env('DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL')
Expand Down

0 comments on commit 49412f1

Please sign in to comment.