authentik.enterprise.providers.scim.signals

View Source

 1from django.db.models import Model
 2from django.db.models.signals import post_save
 3from django.dispatch import receiver
 4
 5from authentik.core.models import USER_PATH_SYSTEM_PREFIX, User, UserTypes
 6from authentik.events.middleware import audit_ignore
 7from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMProvider
 8
 9USER_PATH_PROVIDERS_SCIM = USER_PATH_SYSTEM_PREFIX + "/providers/scim"
10
11
12@receiver(post_save, sender=SCIMProvider)
13def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created: bool, **__):
14    """Create service account before provider is saved"""
15    identifier = f"ak-providers-scim-{instance.pk}"
16    with audit_ignore():
17        if instance.auth_mode in [
18            SCIMAuthenticationMode.OAUTH_SILENT,
19            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
20        ]:
21            user, user_created = User.objects.update_or_create(
22                username=identifier,
23                defaults={
24                    "name": f"SCIM Provider {instance.name} Service-Account",
25                    "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
26                    "path": USER_PATH_PROVIDERS_SCIM,
27                },
28            )
29            if created or user_created:
30                instance.auth_oauth_user = user
31                instance.save()
32        elif instance.auth_mode == SCIMAuthenticationMode.TOKEN:
33            User.objects.filter(username=identifier).delete()

USER_PATH_PROVIDERS_SCIM = 'goauthentik.io/providers/scim'

@receiver(post_save, sender=SCIMProvider)

def scim_provider_post_save( sender: type[django.db.models.base.Model], instance: authentik.providers.scim.models.SCIMProvider, created: bool, **__): View Source

13@receiver(post_save, sender=SCIMProvider)
14def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created: bool, **__):
15    """Create service account before provider is saved"""
16    identifier = f"ak-providers-scim-{instance.pk}"
17    with audit_ignore():
18        if instance.auth_mode in [
19            SCIMAuthenticationMode.OAUTH_SILENT,
20            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
21        ]:
22            user, user_created = User.objects.update_or_create(
23                username=identifier,
24                defaults={
25                    "name": f"SCIM Provider {instance.name} Service-Account",
26                    "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
27                    "path": USER_PATH_PROVIDERS_SCIM,
28                },
29            )
30            if created or user_created:
31                instance.auth_oauth_user = user
32                instance.save()
33        elif instance.auth_mode == SCIMAuthenticationMode.TOKEN:
34            User.objects.filter(username=identifier).delete()

Create service account before provider is saved