June
5676b1a468
The custom pipeline code is licensed under the Creative Commons: CC BY-SA 4.0 license. See: https://github.com/goauthentik/authentik/blob/main/LICENSE https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md https://docs.goauthentik.io/integrations/services/netbox/
61 lines
2 KiB
Diff
61 lines
2 KiB
Diff
diff --git a/netbox/netbox/custom_pipeline.py b/netbox/netbox/custom_pipeline.py
|
|
new file mode 100644
|
|
index 000000000..470f388dc
|
|
--- /dev/null
|
|
+++ b/netbox/netbox/custom_pipeline.py
|
|
@@ -0,0 +1,55 @@
|
|
+# Licensed under Creative Commons: CC BY-SA 4.0 license.
|
|
+# https://github.com/goauthentik/authentik/blob/main/LICENSE
|
|
+# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
|
|
+# https://docs.goauthentik.io/integrations/services/netbox/
|
|
+from netbox.authentication import Group
|
|
+
|
|
+class AuthFailed(Exception):
|
|
+ pass
|
|
+
|
|
+def add_groups(response, user, backend, *args, **kwargs):
|
|
+ try:
|
|
+ groups = response['groups']
|
|
+ except KeyError:
|
|
+ pass
|
|
+
|
|
+ # Add all groups from oAuth token
|
|
+ for group in groups:
|
|
+ group, created = Group.objects.get_or_create(name=group)
|
|
+ user.groups.add(group)
|
|
+
|
|
+def remove_groups(response, user, backend, *args, **kwargs):
|
|
+ try:
|
|
+ groups = response['groups']
|
|
+ except KeyError:
|
|
+ # Remove all groups if no groups in oAuth token
|
|
+ user.groups.clear()
|
|
+ pass
|
|
+
|
|
+ # Get all groups of user
|
|
+ user_groups = [item.name for item in user.groups.all()]
|
|
+ # Get groups of user which are not part of oAuth token
|
|
+ delete_groups = list(set(user_groups) - set(groups))
|
|
+
|
|
+ # Delete non oAuth token groups
|
|
+ for delete_group in delete_groups:
|
|
+ group = Group.objects.get(name=delete_group)
|
|
+ user.groups.remove(group)
|
|
+
|
|
+
|
|
+def set_roles(response, user, backend, *args, **kwargs):
|
|
+ # Remove Roles temporary
|
|
+ user.is_superuser = False
|
|
+ user.is_staff = False
|
|
+ try:
|
|
+ groups = response['groups']
|
|
+ except KeyError:
|
|
+ # When no groups are set
|
|
+ # save the user without Roles
|
|
+ user.save()
|
|
+ pass
|
|
+
|
|
+ # Set roles is role (superuser or staff) is in groups
|
|
+ user.is_superuser = True if 'superusers' in groups else False
|
|
+ user.is_staff = True if 'staff' in groups else False
|
|
+ user.save()
|