From 605f232cc2c679928588c09e57faaa8d458abbe1 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 8 Aug 2023 16:51:44 +0700 Subject: [PATCH] 11508 review changes, change SOCIAL_AUTH_ to REMOTE_AUTH_BACKEND --- .../authentication/microsoft-azure-ad.md | 10 +++++----- netbox/netbox/authentication.py | 12 ++++++------ netbox/netbox/settings.py | 5 +++++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/docs/administration/authentication/microsoft-azure-ad.md b/docs/administration/authentication/microsoft-azure-ad.md index 1d74aad60..caff45e81 100644 --- a/docs/administration/authentication/microsoft-azure-ad.md +++ b/docs/administration/authentication/microsoft-azure-ad.md @@ -82,20 +82,20 @@ SOCIAL_AUTH_PIPELINE = ( ) # Define special user types using groups. Exercise great caution when assigning superuser status. -SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP = { +REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP = { "is_staff": ['{AZURE_GROUP_ID}',], "is_superuser": ['{AZURE_GROUP_ID}',] } -SOCIAL_AUTH_AZUREAD_GROUP_MAP = { +REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP = { '{AZURE_GROUP_ID}': '{NETBOX_GROUP}', } ``` -**SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them. +**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them. -**SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them. +**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them. -**SOCIAL_AUTH_AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name. +**REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name. ## Testing diff --git a/netbox/netbox/authentication.py b/netbox/netbox/authentication.py index ee2ffeb85..590517231 100644 --- a/netbox/netbox/authentication.py +++ b/netbox/netbox/authentication.py @@ -398,18 +398,18 @@ def azuread_map_groups(response, user, backend, *args, **kwargs): ''' logger = logging.getLogger('netbox.auth.azuread_map_groups') - if not hasattr(settings, "SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP"): + if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP"): raise ImproperlyConfigured( - "Azure group mapping has been configured, but SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP is not defined." + "Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP is not defined." ) - if not hasattr(settings, "SOCIAL_AUTH_AZUREAD_GROUP_MAP"): + if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP"): raise ImproperlyConfigured( - "Azure group mapping has been configured, but SOCIAL_AUTH_AZUREAD_GROUP_MAP is not defined." + "Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP is not defined." ) - flags_by_group = getattr(settings, "SOCIAL_AUTH_AZUREAD_USER_FLAGS_BY_GROUP") - group_mapping = getattr(settings, "SOCIAL_AUTH_AZUREAD_GROUP_MAP") + flags_by_group = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP") + group_mapping = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP") access_token = response.get('access_token') headers = { diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 2744ba701..184db5ba4 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -162,6 +162,11 @@ TIME_FORMAT = getattr(configuration, 'TIME_FORMAT', 'g:i a') TIME_ZONE = getattr(configuration, 'TIME_ZONE', 'UTC') ENABLE_LOCALIZATION = getattr(configuration, 'ENABLE_LOCALIZATION', False) +# Load all REMOTE_AUTH_BACKEND_* settings from the user configuration +for param in dir(configuration): + if param.startswith('REMOTE_AUTH_BACKEND_'): + globals()[param] = getattr(configuration, param) + # Check for hard-coded dynamic config parameters for param in PARAMS: if hasattr(configuration, param.name):