core: add User.uid for globally unique user ID
This commit is contained in:
parent
d122bddae2
commit
60c244c31d
|
@ -6,17 +6,11 @@ from django.contrib.auth.mixins import (
|
|||
)
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.http import HttpRequest, HttpResponse, JsonResponse
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.translation import gettext as _
|
||||
from django.views.generic import DetailView, FormView, ListView, UpdateView
|
||||
from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
|
||||
from django.views.generic import DetailView, FormView, UpdateView
|
||||
from guardian.mixins import PermissionRequiredMixin
|
||||
|
||||
from authentik.admin.views.utils import (
|
||||
BackSuccessUrlMixin,
|
||||
DeleteMessageView,
|
||||
SearchListMixin,
|
||||
UserPaginateListMixin,
|
||||
)
|
||||
from authentik.admin.views.utils import BackSuccessUrlMixin, DeleteMessageView
|
||||
from authentik.flows.exceptions import FlowNonApplicableException
|
||||
from authentik.flows.forms import FlowForm, FlowImportForm
|
||||
from authentik.flows.models import Flow
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
"""authentik core models"""
|
||||
from datetime import timedelta
|
||||
from hashlib import sha256
|
||||
from typing import Any, Dict, Optional, Type
|
||||
from uuid import uuid4
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import AbstractUser
|
||||
from django.contrib.auth.models import UserManager as DjangoUserManager
|
||||
from django.db import models
|
||||
|
@ -119,6 +121,11 @@ class User(GuardianUserMixin, AbstractUser):
|
|||
self.password_change_date = now()
|
||||
return super().set_password(password)
|
||||
|
||||
@property
|
||||
def uid(self) -> str:
|
||||
"""Generate a globall unique UID, based on the user ID and the hashed secret key"""
|
||||
return sha256(f"{self.id}-{settings.SECRET_KEY}".encode("ascii")).hexdigest()
|
||||
|
||||
class Meta:
|
||||
|
||||
permissions = (
|
||||
|
|
|
@ -3,7 +3,6 @@ from hashlib import sha256
|
|||
from types import GeneratorType
|
||||
|
||||
import xmlsec
|
||||
from django.conf import settings
|
||||
from django.http import HttpRequest
|
||||
from lxml import etree # nosec
|
||||
from lxml.etree import Element, SubElement # nosec
|
||||
|
@ -147,9 +146,7 @@ class AssertionProcessor:
|
|||
name_id = Element(f"{{{NS_SAML_ASSERTION}}}NameID")
|
||||
name_id.attrib["Format"] = self.auth_n_request.name_id_policy
|
||||
# persistent is used as a fallback, so always generate it
|
||||
persistent = sha256(
|
||||
f"{self.http_request.user.id}-{settings.SECRET_KEY}".encode("ascii")
|
||||
).hexdigest()
|
||||
persistent = self.http_request.user.uid
|
||||
name_id.text = persistent
|
||||
# If name_id_mapping is set, we override the value, regardless of what the SP asks for
|
||||
if self.provider.name_id_mapping:
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{% load i18n %}
|
||||
{% load static %}
|
||||
|
||||
<header class="pf-c-login__main-header">
|
||||
<h1 class="pf-c-title pf-m-3xl">
|
||||
|
|
Reference in a new issue