Browse Source

Update SURFconext to update Researcher data when changed.

master
Joshua Rubingh 6 months ago
parent
commit
5fc2b2b4b2
  1. 2
      VRE/VRE/env.example
  2. 92
      VRE/apps/api/authentication.py

2
VRE/VRE/env.example

@ -30,7 +30,7 @@ MEDIA_ROOT= @@ -30,7 +30,7 @@ MEDIA_ROOT=
# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-TIME_ZONE
TIME_ZONE=Europe/Amsterdam
# Authentication settings
# Authentication settings (This needs to be placed in the file called: '../surfnet_conext_secrets.ini')
# This information can be created in a separate settings.ini file.
# https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html
# The Client ID which is the Entity ID in SurfConext

92
VRE/apps/api/authentication.py

@ -1,11 +1,14 @@ @@ -1,11 +1,14 @@
# import the logging library
from .models import Token
from hawkrest import HawkAuthentication
from rest_framework import exceptions
import django.utils
import logging
import django.utils
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
from hawkrest import HawkAuthentication
from rest_framework import exceptions
from apps.university.models import Faculty, University
from .models import Token
# Get an instance of a logger
logger = logging.getLogger(__name__)
@ -76,31 +79,82 @@ class APIHawk(HawkAuthentication): @@ -76,31 +79,82 @@ class APIHawk(HawkAuthentication):
class VRE_OIDC_Researcher_Update(OIDCAuthenticationBackend):
"""Update the logged in user his/her first and last name based on Surfconext login
"""Update the logged in user his/her first and last name based on SURFconext login
This is done after each login.
"""
def create_user(self, claims):
user = super().create_user(claims)
def __get_or_create_faculty(self, claims):
# Not sure how to handle this. For now, first matched faculty is used, or else first in provided list is created and used
# We cannot handle multiple faculties for now
email_domain = claims.get('schac_home_organization', '')
faculty_list = claims.get('ou', [])
if '' == email_domain or len(faculty_list) == 0:
return None
university = University.objects.filter(email__endswith=f'@{email_domain}').first()
if university is None:
# University is not known in the VRE. Cant update faculty data
return None
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
user.save()
# Find the first available faculty based on the provided list and university
faculty = Faculty.objects.filter(name__in=faculty_list, university=university).first()
if faculty is None:
# Create a new faculty, as we do not know it.
faculty = Faculty.objects.create(name=faculty_list[0], university=university)
return faculty
def __enhance_user(self, user, claims):
update_user = False
# Update first name
if (claims.get('given_name', '') != '' and claims.get('given_name') != user.first_name):
user.first_name = claims.get('given_name')
update_user = True
# Update last name
if (claims.get('family_name', '') != '' and claims.get('family_name') != user.last_name):
user.last_name = claims.get('family_name')
update_user = True
# Update email address (from a private invitation)
if (claims.get('email', '') != '' and claims.get('email') != user.email):
user.email = claims.get('email')
update_user = True
# Save changes to the database
if update_user:
user.save()
update_researcher = False
# Update ID number (P-number)
idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
user.researcher.idnumber = idnumber
user.researcher.save()
if idnumber != user.researcher.idnumber:
user.researcher.idnumber = idnumber
update_researcher = True
# Get or create the faculty based on the logged in user his/her claims
faculty = self.__get_or_create_faculty(claims)
# Update faculty if it is known and not the same as the existing one of the researcher
if faculty != None and faculty != user.researcher.faculty:
user.researcher.faculty = faculty
update_researcher = True
# Save changes to the database
if update_researcher:
user.researcher.save()
def create_user(self, claims):
user = super().create_user(claims)
self.__enhance_user(user, claims)
return user
def update_user(self, user, claims):
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
user.save()
idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
user.researcher.idnumber = idnumber
user.researcher.save()
self.__enhance_user(user, claims)
return user

Loading…
Cancel
Save