authentik.sources.scim.signals

View Source

 1from django.db.models import Model
 2from django.db.models.signals import post_delete, post_save
 3from django.dispatch import receiver
 4
 5from authentik.core.models import USER_PATH_SYSTEM_PREFIX, Token, TokenIntents, User, UserTypes
 6from authentik.events.middleware import audit_ignore
 7from authentik.sources.scim.models import SCIMSource
 8
 9USER_PATH_SOURCE_SCIM = USER_PATH_SYSTEM_PREFIX + "/sources/scim"
10
11
12@receiver(post_save, sender=SCIMSource)
13def scim_source_post_save(sender: type[Model], instance: SCIMSource, created: bool, **_):
14    """Create service account before source is saved"""
15    identifier = instance.service_account_identifier
16    user, _ = User.objects.update_or_create(
17        username=identifier,
18        defaults={
19            "name": f"SCIM Source {instance.name} Service-Account",
20            "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
21            "path": USER_PATH_SOURCE_SCIM,
22        },
23    )
24    token, token_created = Token.objects.update_or_create(
25        identifier=identifier,
26        defaults={
27            "user": user,
28            "intent": TokenIntents.INTENT_API,
29            "expiring": False,
30            "managed": f"goauthentik.io/sources/scim/{instance.pk}",
31        },
32    )
33    if created or token_created:
34        with audit_ignore():
35            instance.token = token
36            instance.save()
37
38
39@receiver(post_delete, sender=SCIMSource)
40def scim_source_post_delete(sender: type[Model], instance: SCIMSource, **_):
41    """Delete SCIM Source service account after deleting source"""
42    User.objects.filter(
43        username=instance.service_account_identifier, type=UserTypes.INTERNAL_SERVICE_ACCOUNT
44    ).delete()

USER_PATH_SOURCE_SCIM = 'goauthentik.io/sources/scim'

@receiver(post_save, sender=SCIMSource)

def scim_source_post_save( sender: type[django.db.models.base.Model], instance: authentik.sources.scim.models.SCIMSource, created: bool, **_): View Source

13@receiver(post_save, sender=SCIMSource)
14def scim_source_post_save(sender: type[Model], instance: SCIMSource, created: bool, **_):
15    """Create service account before source is saved"""
16    identifier = instance.service_account_identifier
17    user, _ = User.objects.update_or_create(
18        username=identifier,
19        defaults={
20            "name": f"SCIM Source {instance.name} Service-Account",
21            "type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
22            "path": USER_PATH_SOURCE_SCIM,
23        },
24    )
25    token, token_created = Token.objects.update_or_create(
26        identifier=identifier,
27        defaults={
28            "user": user,
29            "intent": TokenIntents.INTENT_API,
30            "expiring": False,
31            "managed": f"goauthentik.io/sources/scim/{instance.pk}",
32        },
33    )
34    if created or token_created:
35        with audit_ignore():
36            instance.token = token
37            instance.save()

Create service account before source is saved

@receiver(post_delete, sender=SCIMSource)

def scim_source_post_delete( sender: type[django.db.models.base.Model], instance: authentik.sources.scim.models.SCIMSource, **_): View Source

40@receiver(post_delete, sender=SCIMSource)
41def scim_source_post_delete(sender: type[Model], instance: SCIMSource, **_):
42    """Delete SCIM Source service account after deleting source"""
43    User.objects.filter(
44        username=instance.service_account_identifier, type=UserTypes.INTERNAL_SERVICE_ACCOUNT
45    ).delete()

Delete SCIM Source service account after deleting source