Update SURFconext to update Researcher data when changed.

6 months ago · 5fc2b2b4b2
2 changed files with 74 additions and 20 deletions
--- a/VRE/VRE/env.example
+++ b/VRE/VRE/env.example
@ -30,7 +30,7 @@ MEDIA_ROOT=
				@@ -30,7 +30,7 @@ MEDIA_ROOT=
 # https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-TIME_ZONE
 TIME_ZONE=Europe/Amsterdam

-# Authentication settings
+# Authentication settings (This needs to be placed in the file called: '../surfnet_conext_secrets.ini')
 # This information can be created in a separate settings.ini file.
 # https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html
 # The Client ID which is the Entity ID in SurfConext
--- a/VRE/apps/api/authentication.py
+++ b/VRE/apps/api/authentication.py
@ -1,11 +1,14 @@
				@@ -1,11 +1,14 @@
 # import the logging library
-from .models import Token
-from hawkrest import HawkAuthentication
-from rest_framework import exceptions
-import django.utils
 import logging
+import django.utils
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend

+from hawkrest import HawkAuthentication
+from rest_framework import exceptions
+
+from apps.university.models import Faculty, University
+from .models import Token
+
 # Get an instance of a logger
 logger = logging.getLogger(__name__)

@ -76,31 +79,82 @@ class APIHawk(HawkAuthentication):
				@@ -76,31 +79,82 @@ class APIHawk(HawkAuthentication):


 class VRE_OIDC_Researcher_Update(OIDCAuthenticationBackend):
-    """Update the logged in user his/her first and last name based on Surfconext login
+    """Update the logged in user his/her first and last name based on SURFconext login

    This is done after each login.
    """

-    def create_user(self, claims):
-        user = super().create_user(claims)
+    def __get_or_create_faculty(self, claims):
+        # Not sure how to handle this. For now, first matched faculty is used, or else first in provided list is created and used
+        # We cannot handle multiple faculties for now
+
+        email_domain = claims.get('schac_home_organization', '')
+        faculty_list = claims.get('ou', [])
+
+        if '' == email_domain or len(faculty_list) == 0:
+            return None
+
+        university = University.objects.filter(email__endswith=f'@{email_domain}').first()
+        if university is None:
+            # University is not known in the VRE. Cant update faculty data
+            return None

-        user.first_name = claims.get('given_name', '')
-        user.last_name = claims.get('family_name', '')
-        user.save()
+        # Find the first available faculty based on the provided list and university
+        faculty = Faculty.objects.filter(name__in=faculty_list, university=university).first()
+        if faculty is None:
+            # Create a new faculty, as we do not know it.
+            faculty = Faculty.objects.create(name=faculty_list[0], university=university)

+        return faculty
+
+    def __enhance_user(self, user, claims):
+        update_user = False
+        # Update first name
+        if (claims.get('given_name', '') != '' and claims.get('given_name') != user.first_name):
+            user.first_name = claims.get('given_name')
+            update_user = True
+
+        # Update last name
+        if (claims.get('family_name', '') != '' and claims.get('family_name') != user.last_name):
+            user.last_name = claims.get('family_name')
+            update_user = True
+
+        # Update email address (from a private invitation)
+        if (claims.get('email', '') != '' and claims.get('email') != user.email):
+            user.email = claims.get('email')
+            update_user = True
+
+        # Save changes to the database
+        if update_user:
+            user.save()
+
+        update_researcher = False
+        # Update ID number (P-number)
        idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
-        user.researcher.idnumber = idnumber
-        user.researcher.save()
+        if idnumber != user.researcher.idnumber:
+            user.researcher.idnumber = idnumber
+            update_researcher = True
+
+        # Get or create the faculty based on the logged in user his/her claims
+        faculty = self.__get_or_create_faculty(claims)
+
+        # Update faculty if it is known and not the same as the existing one of the researcher
+        if faculty != None and faculty != user.researcher.faculty:
+            user.researcher.faculty = faculty
+            update_researcher = True
+
+        # Save changes to the database
+        if update_researcher:
+            user.researcher.save()
+
+    def create_user(self, claims):
+        user = super().create_user(claims)
+
+        self.__enhance_user(user, claims)

        return user

    def update_user(self, user, claims):
-        user.first_name = claims.get('given_name', '')
-        user.last_name = claims.get('family_name', '')
-        user.save()
-
-        idnumber = claims.get('eduperson_principal_name', '').split('@')[0].lower()
-        user.researcher.idnumber = idnumber
-        user.researcher.save()
+        self.__enhance_user(user, claims)

        return user