wip

2026-04-15 12:23:29 +02:00
parent dd0f7eaf05
commit 349877b5e3
6 changed files with 90 additions and 15 deletions
--- a/epauth/views.py
+++ b/epauth/views.py
@ -4,8 +4,8 @@ from django.contrib.auth import login
 from django.shortcuts import redirect
 from django.contrib.auth import get_user_model

-from epdb.logic import UserManager
-
+from epdb.logic import UserManager, GroupManager
+from epdb.models import Group

 def entra_login(request):
    msal_app = msal.ConfidentialClientApplication(
@ -35,11 +35,29 @@ def entra_callback(request):

    # Acquire token using the flow and callback request
    result = msal_app.acquire_token_by_auth_code_flow(flow, request.GET)
+    print(result)
+    # if "error" in result:
+    #     {'correlation_id': '626f511b-5230-4d06-9ffd-d89a764082c6',
+    #      'error': 'invalid_client',
+    #      'error_codes': [7000222],
+    #      'error_description': 'AADSTS7000222: The provided client secret keys for app '
+    #                           "'35c75dfb-bd15-493d-b4e9-af847f2df894' are expired. "
+    #                           'Visit the Azure portal to create new keys for your app: '
+    #                           'https://aka.ms/NewClientSecret, or consider using '
+    #                           'certificate credentials for added security: '
+    #                           'https://aka.ms/certCreds. Trace ID: '
+    #                           '30ba1c58-c949-4432-9ed6-3b6136856700 Correlation ID: '
+    #                           '626f511b-5230-4d06-9ffd-d89a764082c6 Timestamp: '
+    #                           '2026-04-15 08:21:15Z',
+    #      'error_uri': 'https://login.microsoftonline.com/error?code=7000222',
+    #      'timestamp': '2026-04-15 08:21:15Z',
+    #      'trace_id': '30ba1c58-c949-4432-9ed6-3b6136856700'}
+    #     return redirect("/")

    claims = result["id_token_claims"]

    user_name = claims["name"]
-    user_email = claims["emailaddress"]
+    user_email = claims.get("emailaddress", claims["email"])
    user_oid = claims["oid"]

    # Get implementing class
@ -57,4 +75,28 @@ def entra_callback(request):

    login(request, u)

-    return redirect("/")  # Handle errors
+    # EDIT START
+    # Ensure groups exists in eP
+    for id, name in s.ENTRA_SECRET_GROUPS.items():
+        if not Group.objects.filter(uuid=id).exists():
+            g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ", uuid=id)
+        else:
+            g = Group.objects.get(uuid=id)
+        # Ensure its secret
+        g.secret = True
+        g.save()
+
+    for id, name in s.ENTRA_GROUPS.items():
+        if not Group.objects.filter(uuid=id).exists():
+            g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ", uuid=id)
+        else:
+            g = Group.objects.get(uuid=id)
+
+    for group_uuid in claims.get("groups", []):
+        if Group.objects.filter(uuid=group_uuid).exists():
+            g = Group.objects.get(uuid=group_uuid)
+            g.user_member.add(u)
+
+    # EDIT END
+
+    return redirect(s.SERVER_URL)  # Handle errors