core: add groups to users

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-26 19:51:24 +02:00
parent fae4d34131
commit 2a122845d9
4 changed files with 27 additions and 7 deletions

View File

@ -1,4 +1,5 @@
"""User API Views""" """User API Views"""
from authentik.core.api.groups import GroupSerializer
from django.http.response import Http404 from django.http.response import Http404
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.utils.http import urlencode from django.utils.http import urlencode
@ -8,7 +9,7 @@ from rest_framework.decorators import action
from rest_framework.fields import CharField, JSONField, SerializerMethodField from rest_framework.fields import CharField, JSONField, SerializerMethodField
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.serializers import BooleanField, ModelSerializer from rest_framework.serializers import BooleanField, ListSerializer, ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h
@ -29,6 +30,7 @@ class UserSerializer(ModelSerializer):
is_superuser = BooleanField(read_only=True) is_superuser = BooleanField(read_only=True)
avatar = CharField(read_only=True) avatar = CharField(read_only=True)
attributes = JSONField(validators=[is_dict], required=False) attributes = JSONField(validators=[is_dict], required=False)
groups = ListSerializer(child=GroupSerializer(), read_only=True, source="ak_groups")
class Meta: class Meta:
@ -40,6 +42,7 @@ class UserSerializer(ModelSerializer):
"is_active", "is_active",
"last_login", "last_login",
"is_superuser", "is_superuser",
"groups",
"email", "email",
"avatar", "avatar",
"attributes", "attributes",

View File

@ -50,11 +50,8 @@ func (pi *ProviderInstance) Search(bindDN string, searchReq ldap.SearchRequest,
}, },
} }
attrs = append(attrs, AKAttrsToLDAP(g.Attributes)...) attrs = append(attrs, AKAttrsToLDAP(g.Attributes)...)
// attrs = append(attrs, &ldap.EntryAttribute{Name: "description", Values: []string{fmt.Sprintf("%s", g.Name)}})
// attrs = append(attrs, &ldap.EntryAttribute{Name: "gidNumber", Values: []string{fmt.Sprintf("%d", g.UnixID)}}) dn := pi.GetGroupDN(g)
// attrs = append(attrs, &ldap.EntryAttribute{Name: "uniqueMember", Values: h.getGroupMembers(g.UnixID)})
// attrs = append(attrs, &ldap.EntryAttribute{Name: "memberUid", Values: h.getGroupMemberIDs(g.UnixID)})
dn := fmt.Sprintf("cn=%s,%s", *g.Name, pi.GroupDN)
entries = append(entries, &ldap.Entry{DN: dn, Attributes: attrs}) entries = append(entries, &ldap.Entry{DN: dn, Attributes: attrs})
} }
case UserObjectClass, "": case UserObjectClass, "":
@ -102,7 +99,7 @@ func (pi *ProviderInstance) Search(bindDN string, searchReq ldap.SearchRequest,
attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}}) attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}})
} }
// attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: h.getGroupDNs(append(u.OtherGroups, u.PrimaryGroup))}) attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)})
attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...) attrs = append(attrs, AKAttrsToLDAP(u.Attributes)...)

View File

@ -1,7 +1,10 @@
package ldap package ldap
import ( import (
"fmt"
"github.com/nmcclain/ldap" "github.com/nmcclain/ldap"
"goauthentik.io/outpost/pkg/models"
) )
func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute { func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
@ -18,3 +21,15 @@ func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
} }
return attrList return attrList
} }
func (pi *ProviderInstance) GroupsForUser(user *models.User) []string {
groups := make([]string, len(user.Groups))
for i, group := range user.Groups {
groups[i] = pi.GetGroupDN(group)
}
return groups
}
func (pi *ProviderInstance) GetGroupDN(group *models.Group) string {
return fmt.Sprintf("cn=%s,%s", *group.Name, pi.GroupDN)
}

View File

@ -15140,6 +15140,11 @@ definitions:
title: Is superuser title: Is superuser
type: boolean type: boolean
readOnly: true readOnly: true
groups:
type: array
items:
$ref: '#/definitions/Group'
readOnly: true
email: email:
title: Email address title: Email address
type: string type: string