* add api for manual creation of users via shib

dfc50ba5 · Benjamin Ledel · 14656b89 · dfc50ba5 · dfc50ba5 · dfc50ba5
Commit dfc50ba5 authored 1 year ago by Benjamin Ledel
--- a/src/consents/serializers.py
+++ b/src/consents/serializers.py
@@ -92,4 +92,7 @@ class SaveUserConsentSerializer(serializers.Serializer):
 class CreateUserSerializer(serializers.Serializer):
    email = serializers.CharField()
    first_name = serializers.CharField()
-    last_name = serializers.CharField()
\ No newline at end of file
+    last_name = serializers.CharField()
+
+class CreateUserShibbolethSerializer(serializers.Serializer):
+    email = serializers.CharField()
\ No newline at end of file
--- a/src/consents/urls.py
+++ b/src/consents/urls.py
@@ -8,6 +8,7 @@ urlpatterns = [
    path('provider/create', views.CreateProviderConsentView.as_view()),
    path('user/save', views.SaveUserConsentView.as_view()),
    path('user/create', views.CreateUserConsentView.as_view()),
+    path('user/create-via-shibboleth', views.CreateUserConsentViaShibbolethView.as_view()),
    path('user/status', views.GetUserConsentStatusView.as_view()),
    path('user/analytics-tokens', views.GetUserConsentAnalyticsTokens.as_view()),
    path('user/analytics-tokens/consent', views.SaveUserConsentAnalyticsTokens.as_view()),

--- a/src/consents/views.py
+++ b/src/consents/views.py
 import json
+import string
+import random
 import os
 import secrets

@@ -15,12 +17,12 @@ from rest_framework.views import APIView
 from backend.role_permission import IsProvider
 from consents.serializers import (ProviderSchemaSerializer,
                                  ProvidersSerializer,
-                                  SaveUserConsentSerializer, CreateUserSerializer)
+                                  SaveUserConsentSerializer, CreateUserSerializer, CreateUserShibbolethSerializer)
 from providers.models import AnalyticsToken, AnalyticsTokenVerb, Provider, ProviderAuthorization, ProviderSchema
 from providers.serializers import (AnalyticsTokenSerializer, ConsentUserVerbThirdPartySerializer,
                                   GetUsersConsentsThirdPartySerializer)
 from users.models import CustomUser
-from xapi.views import shib_connector_resolver
+from xapi.views import shib_connector_resolver, shib_connector_resolver_to_pairwaise_id

 from .models import UserConsents

@@ -352,7 +354,6 @@ class CreateUserConsentView(APIView):
        serializer.is_valid(raise_exception=True) 
        
        email = serializer.validated_data["email"]
-        email = shib_connector_resolver(email=email, provider=provider)

        if CustomUser.objects.filter(email=email).first() is None:
           user = CustomUser.objects.create(
@@ -368,6 +369,40 @@ class CreateUserConsentView(APIView):
                    safe=False,
                    status=status.HTTP_200_OK,
                )
+    
+class CreateUserConsentViaShibbolethView(APIView):
+    
+    def post(self, request):
+        application_token = request.headers.get("Authorization", "").split("Basic ")[-1]
+        provider = ProviderAuthorization.objects.filter(key=application_token).first()
+        if provider is None:
+            return JsonResponse(
+                {"message": "invalid access token"},
+                safe=False,
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+       
+        serializer = CreateUserShibbolethSerializer(data=request.data, many=True)
+        serializer.is_valid(raise_exception=True) 
+        
+        email = serializer.validated_data["email"]
+        shib_id = shib_connector_resolver_to_pairwaise_id(email=email, provider=provider)
+
+        if CustomUser.objects.filter(uid=shib_id).first() is None:
+           user = CustomUser.objects.create(
+                uid=shib_id, # this is the pairwaise id 
+                email=''.join(random.choices(string.ascii_uppercase + string.digits, k=8)) + "@manual-created.polaris",
+                first_name=''.join(random.choices(string.ascii_uppercase + string.digits, k=8)),
+                last_name=''.join(random.choices(string.ascii_uppercase + string.digits, k=8))
+           )
+
+        return JsonResponse(
+                    {
+                        "user": user,
+                    },
+                    safe=False,
+                    status=status.HTTP_200_OK,
+                )

 class SaveUserConsentView(APIView):
    """

--- a/src/xapi/views.py
+++ b/src/xapi/views.py
@@ -50,7 +50,7 @@ def anonymize_statement(x_api_statement):
    x_api_statement.set("actor", {"name": "anonymous", "mbox":  settings.ANON_HASH_PREFIX + ": " + hashed_actor})


-def shib_connector_resolver(email, provider):
+def shib_connector_resolver_to_pairwaise_id(email, provider):
    if settings.SHIB_ID_CONNECTOR_ENABLED:
      r = None
      if settings.SHIB_ID_CONNECTOR_CACHE:
@@ -82,6 +82,12 @@ def shib_connector_resolver(email, provider):
             r.set(email,shib_id)
             r.expires(email,settings.SHIB_ID_CONNECTOR_CACHE_MAX_AGE*60)

+      return shib_id
+    return ""
+
+def shib_connector_resolver(email, provider):
+    if settings.SHIB_ID_CONNECTOR_ENABLED:
+      shib_id = shib_connector_resolver_to_pairwaise_id(email=email, provider=provider)
      # Shib-ID is here the pairwaise id,so we need to resolve to the user email
      try:
         user = CustomUser.objects.get(shibboleth_connector_identifier=shib_id)