authentik.enterprise.providers.scim.signals

View Source

 1from django.db.models import Model
 2from django.db.models.signals import post_save
 3from django.dispatch import receiver
 4
 5from authentik.core.models import USER_PATH_SYSTEM_PREFIX, User, UserTypes
 6from authentik.events.middleware import audit_ignore
 7from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMProvider
 8
 9USER_PATH_PROVIDERS_SCIM = USER_PATH_SYSTEM_PREFIX + "/providers/scim"
10
11
12@receiver(post_save, sender=SCIMProvider)
13def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created: bool, **__):
14    """Create service account before provider is saved"""
15    identifier = f"ak-providers-scim-{instance.pk}"
16    with audit_ignore():
17        if instance.auth_mode == SCIMAuthenticationMode.OAUTH:
18            user, user_created = User.objects.update_or_create(
19                username=identifier,
20                defaults={
21                    "name": f"SCIM Provider {instance.name} Service-Account",
22                    "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
23                    "path": USER_PATH_PROVIDERS_SCIM,
24                },
25            )
26            if created or user_created:
27                instance.auth_oauth_user = user
28                instance.save()
29        elif instance.auth_mode == SCIMAuthenticationMode.TOKEN:
30            User.objects.filter(username=identifier).delete()

USER_PATH_PROVIDERS_SCIM = 'goauthentik.io/providers/scim'

@receiver(post_save, sender=SCIMProvider)

def scim_provider_post_save( sender: type[django.db.models.base.Model], instance: authentik.providers.scim.models.SCIMProvider, created: bool, **__): View Source

13@receiver(post_save, sender=SCIMProvider)
14def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created: bool, **__):
15    """Create service account before provider is saved"""
16    identifier = f"ak-providers-scim-{instance.pk}"
17    with audit_ignore():
18        if instance.auth_mode == SCIMAuthenticationMode.OAUTH:
19            user, user_created = User.objects.update_or_create(
20                username=identifier,
21                defaults={
22                    "name": f"SCIM Provider {instance.name} Service-Account",
23                    "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
24                    "path": USER_PATH_PROVIDERS_SCIM,
25                },
26            )
27            if created or user_created:
28                instance.auth_oauth_user = user
29                instance.save()
30        elif instance.auth_mode == SCIMAuthenticationMode.TOKEN:
31            User.objects.filter(username=identifier).delete()

Create service account before provider is saved