Skip to content

Commit

Permalink
✨ Add a UID attribute selector
Browse files Browse the repository at this point in the history
  • Loading branch information
jemrobinson committed Feb 21, 2024
1 parent 0d67182 commit aeb7eca
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 1 deletion.
2 changes: 2 additions & 0 deletions apricot/apricot_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ def __init__(
client_secret: str,
domain: str,
port: int,
uid_attribute: str,
**kwargs: Any,
) -> None:
# Log to stdout
Expand All @@ -29,6 +30,7 @@ def __init__(
client_id=client_id,
client_secret=client_secret,
domain=domain,
uid_attribute=uid_attribute,
**kwargs,
)
except Exception as exc:
Expand Down
14 changes: 13 additions & 1 deletion apricot/oauth/microsoft_entra_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,18 @@ def groups(self) -> list[LDAPAttributeDict]:
def users(self) -> list[LDAPAttributeDict]:
output = []
try:
user_data = self.query("https://graph.microsoft.com/v1.0/users/")
queries = [
"displayName",
"givenName",
"id",
"mail",
"surname",
"userPrincipalName",
self.uid_attribute,
]
user_data = self.query(
f"https://graph.microsoft.com/v1.0/users?$select={','.join(queries)}"
)
for user_dict in user_data["value"]:
attributes = {k: [v if v else ""] for k, v in dict(user_dict).items()}
attributes["objectclass"] = [
Expand All @@ -62,6 +73,7 @@ def users(self) -> list[LDAPAttributeDict]:
attributes["domain"] = [
str(user_dict["userPrincipalName"]).split("@")[1]
]
attributes["uid"] = [str(user_dict[self.uid_attribute])]
output.append(attributes)
except KeyError:
pass
Expand Down
2 changes: 2 additions & 0 deletions apricot/oauth/oauth_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,13 @@ def __init__(
redirect_uri: str,
scopes: list[str],
token_url: str,
uid_attribute: str,
) -> None:
# Set attributes
self.client_secret = client_secret
self.domain = domain
self.token_url = token_url
self.uid_attribute = uid_attribute
# Allow token scope to not match requested scope. (Other auth libraries allow
# this, but Requests-OAuthlib raises exception on scope mismatch by default.)
os.environ["OAUTHLIB_RELAX_TOKEN_SCOPE"] = "1" # noqa: S105
Expand Down
6 changes: 6 additions & 0 deletions docker/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ if [ -z "${DOMAIN}" ]; then
exit 1
fi

if [ -z "${UID_ATTRIBUTE}" ]; then
echo "UID_ATTRIBUTE environment variable is not set"
exit 1
fi

# Arguments with defaults
if [ -z "${PORT}" ]; then
echo "PORT environment variable is not set: using default of 1389"
Expand All @@ -42,4 +47,5 @@ hatch run python run.py \
--client-secret "$CLIENT_SECRET" \
--domain "$DOMAIN" \
--port "${PORT}" \
--uid-attribute "${UID_ATTRIBUTE}" \
$EXTRA_OPTS
1 change: 1 addition & 0 deletions run.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
parser.add_argument("-p", "--port", type=int, default=1389, help="Port to run on.")
parser.add_argument("-i", "--client-id", type=str, help="OAuth client ID.")
parser.add_argument("-s", "--client-secret", type=str, help="OAuth client secret.")
parser.add_argument("-u", "--uid-attribute", type=str, help="Which user attribute to use for UID.")
# Options for Microsoft Entra backend
group = parser.add_argument_group("Microsoft Entra")
group.add_argument("-t", "--entra-tenant-id", type=str, help="Microsoft Entra tenant ID.", required=False)
Expand Down

0 comments on commit aeb7eca

Please sign in to comment.