refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id
This commit is contained in:
Chris
@@ -23,7 +23,7 @@ def upsert_user_by_sub(
|
||||
) -> InternalUpsertUserBySubResponse:
|
||||
repo = UsersRepository(db)
|
||||
user = repo.upsert_by_sub(
|
||||
authentik_sub=payload.sub,
|
||||
user_sub=payload.user_sub,
|
||||
username=payload.username,
|
||||
email=payload.email,
|
||||
display_name=payload.display_name,
|
||||
@@ -31,8 +31,8 @@ def upsert_user_by_sub(
|
||||
)
|
||||
return {
|
||||
"id": user.id,
|
||||
"sub": user.authentik_sub,
|
||||
"authentik_user_id": user.authentik_user_id,
|
||||
"user_sub": user.user_sub,
|
||||
"idp_user_id": user.idp_user_id,
|
||||
"username": user.username,
|
||||
"email": user.email,
|
||||
"display_name": user.display_name,
|
||||
@@ -40,20 +40,20 @@ def upsert_user_by_sub(
|
||||
}
|
||||
|
||||
|
||||
@router.get("/permissions/{authentik_sub}/snapshot", response_model=PermissionSnapshotResponse)
|
||||
@router.get("/permissions/{user_sub}/snapshot", response_model=PermissionSnapshotResponse)
|
||||
def get_permission_snapshot(
|
||||
authentik_sub: str,
|
||||
user_sub: str,
|
||||
db: Session = Depends(get_db),
|
||||
) -> PermissionSnapshotResponse:
|
||||
users_repo = UsersRepository(db)
|
||||
perms_repo = PermissionsRepository(db)
|
||||
|
||||
user = users_repo.get_by_sub(authentik_sub)
|
||||
user = users_repo.get_by_sub(user_sub)
|
||||
if user is None:
|
||||
return PermissionSnapshotResponse(authentik_sub=authentik_sub, permissions=[])
|
||||
return PermissionSnapshotResponse(user_sub=user_sub, permissions=[])
|
||||
|
||||
permissions = perms_repo.list_by_user(user.id, user.authentik_sub)
|
||||
return PermissionService.build_snapshot(authentik_sub=authentik_sub, permissions=permissions)
|
||||
permissions = perms_repo.list_by_user(user.id, user.user_sub)
|
||||
return PermissionService.build_snapshot(user_sub=user_sub, permissions=permissions)
|
||||
|
||||
|
||||
@router.post("/authentik/users/ensure", response_model=AuthentikEnsureUserResponse)
|
||||
@@ -64,7 +64,7 @@ def ensure_authentik_user(
|
||||
settings = get_settings()
|
||||
authentik_service = AuthentikAdminService(settings=settings)
|
||||
sync_result = authentik_service.ensure_user(
|
||||
sub=payload.sub,
|
||||
sub=payload.user_sub,
|
||||
email=payload.email,
|
||||
username=payload.username,
|
||||
display_name=payload.display_name,
|
||||
@@ -72,17 +72,17 @@ def ensure_authentik_user(
|
||||
)
|
||||
|
||||
users_repo = UsersRepository(db)
|
||||
resolved_sub = payload.sub or ""
|
||||
if sync_result.authentik_sub:
|
||||
resolved_sub = sync_result.authentik_sub
|
||||
resolved_sub = payload.user_sub or ""
|
||||
if sync_result.user_sub:
|
||||
resolved_sub = sync_result.user_sub
|
||||
if not resolved_sub:
|
||||
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail="authentik_missing_sub")
|
||||
users_repo.upsert_by_sub(
|
||||
authentik_sub=resolved_sub,
|
||||
user_sub=resolved_sub,
|
||||
username=payload.username,
|
||||
email=payload.email,
|
||||
display_name=payload.display_name,
|
||||
is_active=payload.is_active,
|
||||
authentik_user_id=sync_result.user_id,
|
||||
idp_user_id=sync_result.user_id,
|
||||
)
|
||||
return AuthentikEnsureUserResponse(authentik_user_id=sync_result.user_id, action=sync_result.action)
|
||||
return AuthentikEnsureUserResponse(idp_user_id=sync_result.user_id, action=sync_result.action)
|
||||
|
||||
Reference in New Issue
Block a user