From 82dde62c361053a3224ad775c5dda72affd5e8e9 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 3 Aug 2023 20:47:34 +0700 Subject: [PATCH] 11508 add is_active, reset superuser and staff based on Azure --- netbox/netbox/authentication.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/netbox/netbox/authentication.py b/netbox/netbox/authentication.py index 105cc1807..82ae86d45 100644 --- a/netbox/netbox/authentication.py +++ b/netbox/netbox/authentication.py @@ -413,6 +413,8 @@ def azure_map_groups(response, user, backend, *args, **kwargs): "Azure group mapping has been configured, but SOCIAL_AUTH_AZUREAD_GROUP_MAP is not defined." ) + all_users_active = getattr(settings, "SOCIAL_AUTH_AZUREAD_USER_DEFAULT_ACTIVE", False) + url = 'https://graph.microsoft.com/v1.0/me' access_token = response.get('access_token') @@ -433,23 +435,24 @@ def azure_map_groups(response, user, backend, *args, **kwargs): headers=headers, ) - user.is_superuser = False - user.is_staff = False + is_superuser = False + is_staff = False values = response.json().get('value', []) for value in values: # AD response contains both directories and groups - we only want groups if value.get('@odata.type') == '#microsoft.graph.group': group_id = value.get('id', None) - user.is_active = True + if all_users_active: + is_active = True + else: + is_active = group_id in flags_by_group['is_active'] if group_id in flags_by_group['is_superuser']: - user.is_superuser = True - user.save() + is_superuser = True if group_id in flags_by_group['is_staff']: - user.is_staff = True - user.save() + is_staff = True if group_id in group_mapping: group = Group.objects.get(name=group_mapping[group_id]) @@ -457,3 +460,8 @@ def azure_map_groups(response, user, backend, *args, **kwargs): group.user_set.add(user) else: logger.info(f"Azure group mapping - group: {group_mapping[group_id]} not found.") + + user.is_superuser = is_superuser + user.is_staff = is_staff + user.is_active = is_active + user.save()