OIDC list accounts (#994)

Added the function to use lists instead of a single string in account autoprovision.
2025-06-14 20:16:05 +00:00 · 2021-11-19 17:53:17 +02:00
parent bfaf5655ae
commit b3f9b4a2b0
4 changed files with 89 additions and 8 deletions
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@ -28,6 +28,7 @@ class Setting(db.Model):
        'allow_user_create_domain': False,
        'allow_user_remove_domain': False,
        'allow_user_view_history': False,
+	'delete_sso_accounts': False,
        'bg_domain_updates': False,
        'enable_api_rr_history': True,
        'site_name': 'PowerDNS-Admin',
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -644,7 +644,9 @@ def setting_basic():
            'pretty_ipv6_ptr', 'dnssec_admins_only',
            'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
            'session_timeout', 'warn_session_timeout', 'ttl_options',
-            'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history'
+
+            'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
+	          'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history'
        ]

        return render_template('admin_setting_basic.html', settings=settings)
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -43,7 +43,6 @@ index_bp = Blueprint('index',
                     template_folder='templates',
                     url_prefix='/')

-
@index_bp.before_app_first_request
 def register_modules():
    global google
@ -398,16 +397,39 @@ def login():
            session.pop('oidc_token', None)
            return redirect(url_for('index.login'))

+        #This checks if the account_name_property and account_description property were included in settings.
        if Setting().get('oidc_oauth_account_name_property') and Setting().get('oidc_oauth_account_description_property'):
+
+            #Gets the name_property and description_property.
            name_prop = Setting().get('oidc_oauth_account_name_property')
            desc_prop = Setting().get('oidc_oauth_account_description_property')
+
+            account_to_add = []
+	    #If the name_property and desc_property exist in me (A variable that contains all the userinfo from the IdP).
            if name_prop in me and desc_prop in me:
-                account = handle_account(me[name_prop], me[desc_prop])
-                account.add_user(user)
+                accounts_name_prop = [me[name_prop]] if type(me[name_prop]) is not list else me[name_prop]
+                accounts_desc_prop = [me[desc_prop]] if type(me[desc_prop]) is not list else me[desc_prop]
+		
+                #Run on all groups the user is in by the index num.
+                for i in range(len(accounts_name_prop)):
+                    description = ''
+                    if i < len(accounts_desc_prop):
+                        description = accounts_desc_prop[i]
+                    account = handle_account(accounts_name_prop[i], description)
+
+                    account_to_add.append(account)
                user_accounts = user.get_accounts()
-                for ua in user_accounts:
-                    if ua.name != account.name:
-                        ua.remove_user(user)
+                
+		# Add accounts
+                for account in account_to_add:
+                    if account not in user_accounts:
+                        account.add_user(user)
+
+                # Remove accounts if the setting is enabled
+                if Setting().get('delete_sso_accounts'):
+                    for account in user_accounts:
+                        if account not in account_to_add:
+                              account.remove_user(user)

        session['user_id'] = user.id
        session['authentication_type'] = 'OAuth'