feat(flow): auto-resolve authentik sub and improve admin dropdown UX

2026-03-30 03:33:50 +08:00
parent 2f97f45795
commit cc9ad16311
3 changed files with 23 additions and 6 deletions
--- a/app/api/admin_catalog.py
+++ b/app/api/admin_catalog.py
@@ -83,7 +83,11 @@ def _sync_member_to_authentik(
        display_name=display_name,
        is_active=is_active,
    )
-    return {"authentik_user_id": result.user_id, "sync_action": result.action}
+    return {
+        "authentik_user_id": result.user_id,
+        "sync_action": result.action,
+        "authentik_sub": result.authentik_sub or "",
+    }


@router.get("/systems")
@@ -332,17 +336,25 @@ def upsert_member(
    db: Session = Depends(get_db),
 ) -> MemberItem:
    users_repo = UsersRepository(db)
+    resolved_sub = payload.authentik_sub
    authentik_user_id = None
    if payload.sync_to_authentik:
+        seed_sub = payload.authentik_sub or (payload.email or "")
+        if not seed_sub:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="authentik_sub_or_email_required")
        sync = _sync_member_to_authentik(
-            authentik_sub=payload.authentik_sub,
+            authentik_sub=seed_sub,
            email=payload.email,
            display_name=payload.display_name,
            is_active=payload.is_active,
        )
        authentik_user_id = int(sync["authentik_user_id"])
+        if sync.get("authentik_sub"):
+            resolved_sub = str(sync["authentik_sub"])
+    if not resolved_sub:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="authentik_sub_required")
    row = users_repo.upsert_by_sub(
-        authentik_sub=payload.authentik_sub,
+        authentik_sub=resolved_sub,
        email=payload.email,
        display_name=payload.display_name,
        is_active=payload.is_active,