member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id

Browse Source
This commit is contained in:
Chris
2026-03-31 22:32:48 +08:00
parent 316d17027b
commit fe6453f6f8
35 changed files with 265 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
backend/app/api/admin_catalog.py
View File

@@ -135,8 +135,8 @@ def _generate_api_key() -> str:
def _sync_member_to_authentik(
*,
authentik_sub: str | None,
authentik_user_id: int | None,
user_sub: str | None,
idp_user_id: int | None,
username: str | None,
email: str | None,
display_name: str | None,
@@ -147,17 +147,17 @@ def _sync_member_to_authentik(
settings = get_settings()
service = AuthentikAdminService(settings=settings)
result = service.ensure_user(
sub=authentik_sub,
sub=user_sub,
email=email,
username=username,
display_name=display_name,
is_active=is_active,
authentik_user_id=authentik_user_id,
idp_user_id=idp_user_id,
)
return {
"authentik_user_id": result.user_id,
"idp_user_id": result.user_id,
"sync_action": result.action,
"authentik_sub": result.authentik_sub or "",
"user_sub": result.user_sub or "",
}
@@ -316,7 +316,7 @@ def list_system_members(
return {
"items": [
MemberRelationItem(
authentik_sub=m.authentik_sub,
user_sub=m.user_sub,
email=m.email,
display_name=m.display_name,
is_active=m.is_active,
@@ -359,7 +359,7 @@ def list_module_members(
return {
"items": [
MemberRelationItem(
authentik_sub=m.authentik_sub,
user_sub=m.user_sub,
email=m.email,
display_name=m.display_name,
is_active=m.is_active,
@@ -567,7 +567,7 @@ def list_members(
"items": [
MemberItem(
id=i.id,
authentik_sub=i.authentik_sub,
user_sub=i.user_sub,
username=i.username,
email=i.email,
display_name=i.display_name,
@@ -587,37 +587,37 @@ def upsert_member(
db: Session = Depends(get_db),
) -> MemberItem:
users_repo = UsersRepository(db)
resolved_sub = payload.authentik_sub
resolved_sub = payload.user_sub
resolved_username = payload.username
authentik_user_id = None
idp_user_id = None
if payload.sync_to_authentik:
seed_sub = payload.authentik_sub or payload.username
seed_sub = payload.user_sub or payload.username
if not seed_sub:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="authentik_sub_or_username_required")
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="user_sub_or_username_required")
sync = _sync_member_to_authentik(
authentik_sub=seed_sub,
authentik_user_id=authentik_user_id,
user_sub=seed_sub,
idp_user_id=idp_user_id,
username=payload.username,
email=payload.email,
display_name=payload.display_name,
is_active=payload.is_active,
)
authentik_user_id = int(sync["authentik_user_id"])
if sync.get("authentik_sub"):
resolved_sub = str(sync["authentik_sub"])
idp_user_id = int(sync["idp_user_id"])
if sync.get("user_sub"):
resolved_sub = str(sync["user_sub"])
if not resolved_sub:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="authentik_sub_required")
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="user_sub_required")
row = users_repo.upsert_by_sub(
authentik_sub=resolved_sub,
user_sub=resolved_sub,
username=resolved_username,
email=payload.email,
display_name=payload.display_name,
is_active=payload.is_active,
authentik_user_id=authentik_user_id,
idp_user_id=idp_user_id,
)
return MemberItem(
id=row.id,
authentik_sub=row.authentik_sub,
user_sub=row.user_sub,
username=row.username,
email=row.email,
display_name=row.display_name,
@@ -625,14 +625,14 @@ def upsert_member(
)
@router.patch("/members/{authentik_sub}", response_model=MemberItem)
@router.patch("/members/{user_sub}", response_model=MemberItem)
def update_member(
authentik_sub: str,
user_sub: str,
payload: MemberUpdateRequest,
db: Session = Depends(get_db),
) -> MemberItem:
users_repo = UsersRepository(db)
row = users_repo.get_by_sub(authentik_sub)
row = users_repo.get_by_sub(user_sub)
if not row:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
@@ -641,29 +641,29 @@ def update_member(
next_display_name = payload.display_name if payload.display_name is not None else row.display_name
next_is_active = payload.is_active if payload.is_active is not None else row.is_active
authentik_user_id = row.authentik_user_id
idp_user_id = row.idp_user_id
if payload.sync_to_authentik:
sync = _sync_member_to_authentik(
authentik_sub=row.authentik_sub,
authentik_user_id=row.authentik_user_id,
user_sub=row.user_sub,
idp_user_id=row.idp_user_id,
username=next_username,
email=next_email,
display_name=next_display_name,
is_active=next_is_active,
)
authentik_user_id = int(sync["authentik_user_id"])
idp_user_id = int(sync["idp_user_id"])
row = users_repo.upsert_by_sub(
authentik_sub=row.authentik_sub,
user_sub=row.user_sub,
username=next_username,
email=next_email,
display_name=next_display_name,
is_active=next_is_active,
authentik_user_id=authentik_user_id,
idp_user_id=idp_user_id,
)
return MemberItem(
id=row.id,
authentik_sub=row.authentik_sub,
user_sub=row.user_sub,
username=row.username,
email=row.email,
display_name=row.display_name,
@@ -671,78 +671,78 @@ def update_member(
)
@router.delete("/members/{authentik_sub}")
@router.delete("/members/{user_sub}")
def delete_member(
authentik_sub: str,
user_sub: str,
db: Session = Depends(get_db),
) -> dict[str, int | str]:
users_repo = UsersRepository(db)
row = users_repo.get_by_sub(authentik_sub)
row = users_repo.get_by_sub(user_sub)
if not row:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
settings = get_settings()
service = AuthentikAdminService(settings=settings)
service.delete_user(
authentik_user_id=row.authentik_user_id,
idp_user_id=row.idp_user_id,
email=row.email,
username=row.username,
)
db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.authentik_sub == authentik_sub))
db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.user_sub == user_sub))
db.delete(row)
db.commit()
return {"deleted": 1, "result": "deleted"}
@router.post("/members/{authentik_sub}/password/reset", response_model=MemberPasswordResetResponse)
@router.post("/members/{user_sub}/password/reset", response_model=MemberPasswordResetResponse)
def reset_member_password(
authentik_sub: str,
user_sub: str,
db: Session = Depends(get_db),
) -> MemberPasswordResetResponse:
users_repo = UsersRepository(db)
user = users_repo.get_by_sub(authentik_sub)
user = users_repo.get_by_sub(user_sub)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
settings = get_settings()
service = AuthentikAdminService(settings=settings)
result = service.reset_password(
authentik_user_id=user.authentik_user_id,
idp_user_id=user.idp_user_id,
email=user.email,
username=user.username,
)
user = users_repo.upsert_by_sub(
authentik_sub=user.authentik_sub,
user_sub=user.user_sub,
username=user.username,
email=user.email,
display_name=user.display_name,
is_active=user.is_active,
authentik_user_id=result.user_id,
idp_user_id=result.user_id,
)
return MemberPasswordResetResponse(authentik_sub=user.authentik_sub, temporary_password=result.temporary_password)
return MemberPasswordResetResponse(user_sub=user.user_sub, temporary_password=result.temporary_password)
@router.get("/members/{authentik_sub}/permission-groups", response_model=MemberPermissionGroupsResponse)
@router.get("/members/{user_sub}/permission-groups", response_model=MemberPermissionGroupsResponse)
def get_member_permission_groups(
authentik_sub: str,
user_sub: str,
db: Session = Depends(get_db),
) -> MemberPermissionGroupsResponse:
users_repo = UsersRepository(db)
groups_repo = PermissionGroupsRepository(db)
user = users_repo.get_by_sub(authentik_sub)
user = users_repo.get_by_sub(user_sub)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
group_keys = groups_repo.list_group_keys_by_member_sub(authentik_sub)
return MemberPermissionGroupsResponse(authentik_sub=authentik_sub, group_keys=group_keys)
group_keys = groups_repo.list_group_keys_by_member_sub(user_sub)
return MemberPermissionGroupsResponse(user_sub=user_sub, group_keys=group_keys)
@router.put("/members/{authentik_sub}/permission-groups", response_model=MemberPermissionGroupsResponse)
@router.put("/members/{user_sub}/permission-groups", response_model=MemberPermissionGroupsResponse)
def set_member_permission_groups(
authentik_sub: str,
user_sub: str,
payload: MemberPermissionGroupsUpdateRequest,
db: Session = Depends(get_db),
) -> MemberPermissionGroupsResponse:
users_repo = UsersRepository(db)
groups_repo = PermissionGroupsRepository(db)
user = users_repo.get_by_sub(authentik_sub)
user = users_repo.get_by_sub(user_sub)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="user_not_found")
@@ -753,8 +753,8 @@ def set_member_permission_groups(
if missing:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"group_not_found:{','.join(missing)}")
groups_repo.replace_member_groups(authentik_sub, [g.id for g in groups])
return MemberPermissionGroupsResponse(authentik_sub=authentik_sub, group_keys=unique_group_keys)
groups_repo.replace_member_groups(user_sub, [g.id for g in groups])
return MemberPermissionGroupsResponse(user_sub=user_sub, group_keys=unique_group_keys)
@router.get("/api-clients")
@@ -1023,31 +1023,31 @@ def delete_permission_group(
return {"deleted": 1, "result": "deleted"}
@router.post("/permission-groups/{group_key}/members/{authentik_sub}")
@router.post("/permission-groups/{group_key}/members/{user_sub}")
def add_group_member(
group_key: str,
authentik_sub: str,
user_sub: str,
db: Session = Depends(get_db),
) -> dict[str, str]:
groups_repo = PermissionGroupsRepository(db)
group = groups_repo.get_by_key(group_key)
if not group:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="group_not_found")
row = groups_repo.add_member_if_not_exists(group.id, authentik_sub)
row = groups_repo.add_member_if_not_exists(group.id, user_sub)
return {"membership_id": row.id, "result": "added"}
@router.delete("/permission-groups/{group_key}/members/{authentik_sub}")
@router.delete("/permission-groups/{group_key}/members/{user_sub}")
def remove_group_member(
group_key: str,
authentik_sub: str,
user_sub: str,
db: Session = Depends(get_db),
) -> dict[str, int | str]:
groups_repo = PermissionGroupsRepository(db)
group = groups_repo.get_by_key(group_key)
if not group:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="group_not_found")
deleted = groups_repo.remove_member(group.id, authentik_sub)
deleted = groups_repo.remove_member(group.id, user_sub)
return {"deleted": deleted, "result": "removed"}