core: add User.uid for globally unique user ID

This commit is contained in:
Jens Langhammer 2021-02-14 18:25:50 +01:00
parent d122bddae2
commit 60c244c31d
4 changed files with 11 additions and 14 deletions

View file

@ -6,17 +6,11 @@ from django.contrib.auth.mixins import (
)
from django.contrib.messages.views import SuccessMessageMixin
from django.http import HttpRequest, HttpResponse, JsonResponse
from django.urls import reverse_lazy
from django.utils.translation import gettext as _
from django.views.generic import DetailView, FormView, ListView, UpdateView
from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
from django.views.generic import DetailView, FormView, UpdateView
from guardian.mixins import PermissionRequiredMixin
from authentik.admin.views.utils import (
BackSuccessUrlMixin,
DeleteMessageView,
SearchListMixin,
UserPaginateListMixin,
)
from authentik.admin.views.utils import BackSuccessUrlMixin, DeleteMessageView
from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.forms import FlowForm, FlowImportForm
from authentik.flows.models import Flow

View file

@ -1,8 +1,10 @@
"""authentik core models"""
from datetime import timedelta
from hashlib import sha256
from typing import Any, Dict, Optional, Type
from uuid import uuid4
from django.conf import settings
from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as DjangoUserManager
from django.db import models
@ -119,6 +121,11 @@ class User(GuardianUserMixin, AbstractUser):
self.password_change_date = now()
return super().set_password(password)
@property
def uid(self) -> str:
"""Generate a globall unique UID, based on the user ID and the hashed secret key"""
return sha256(f"{self.id}-{settings.SECRET_KEY}".encode("ascii")).hexdigest()
class Meta:
permissions = (

View file

@ -3,7 +3,6 @@ from hashlib import sha256
from types import GeneratorType
import xmlsec
from django.conf import settings
from django.http import HttpRequest
from lxml import etree # nosec
from lxml.etree import Element, SubElement # nosec
@ -147,9 +146,7 @@ class AssertionProcessor:
name_id = Element(f"{{{NS_SAML_ASSERTION}}}NameID")
name_id.attrib["Format"] = self.auth_n_request.name_id_policy
# persistent is used as a fallback, so always generate it
persistent = sha256(
f"{self.http_request.user.id}-{settings.SECRET_KEY}".encode("ascii")
).hexdigest()
persistent = self.http_request.user.uid
name_id.text = persistent
# If name_id_mapping is set, we override the value, regardless of what the SP asks for
if self.provider.name_id_mapping:

View file

@ -1,5 +1,4 @@
{% load i18n %}
{% load static %}
<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">