diff --git a/back/taiga_contrib_access_token_auth/services.py b/back/taiga_contrib_access_token_auth/services.py index a43ca0b..bda5461 100644 --- a/back/taiga_contrib_access_token_auth/services.py +++ b/back/taiga_contrib_access_token_auth/services.py @@ -1,4 +1,5 @@ import logging +import os from django.db import transaction as tx from django.apps import apps from django.conf import settings @@ -12,6 +13,13 @@ USER_KEY = getattr(settings, "ACCESS_TOKEN_USER_KEY", "access_token_auth") +def determine_role(groups): + if settings.GROUPS["OWNER"] in groups: + return settings.ROLES["OWNER"] + elif settings.GROUPS["ADMIN"] in groups: + return settings.ROLES["ADMIN"] + return settings.ROLES["MEMBER"] + @tx.atomic def access_token_register( username: str, @@ -21,78 +29,49 @@ def access_token_register( groups: list = None, token: str=None, ): - """ - Register a new user from Access Token. - - This can raise `exc.IntegrityError` exceptions in - case of conflicts found. - - :returns: User - """ + logger.info(f"Starting registration process for user: {email}") auth_data_model = apps.get_model("users", "AuthData") user_model = apps.get_model("users", "User") + membership_model = apps.get_model("projects", "Membership") try: - # Access Token user association exist? - auth_data = auth_data_model.objects.get( - key=USER_KEY, - value=oidc_guid, - ) + auth_data = auth_data_model.objects.get(key=USER_KEY, value=oidc_guid) user = auth_data.user + logger.info(f"User already exists: {email}") except auth_data_model.DoesNotExist: try: - # Is a user with the same email as the Access Token user? user = user_model.objects.get(email=email) - auth_data_model.objects.create( - user=user, - key=USER_KEY, - value=oidc_guid, - extra={} - ) + auth_data_model.objects.create(user=user, key=USER_KEY, value=oidc_guid, extra={}) + logger.info(f"User found by email: {email}") except user_model.DoesNotExist: - # Create a new user username_unique = slugify(username) - user = user_model.objects.create( - email=email, - username=username_unique, - full_name=full_name, - ) - auth_data_model.objects.create( - user=user, - key=USER_KEY, - value=oidc_guid, - extra={} - ) - + user = user_model.objects.create(email=email, username=username_unique, full_name=full_name) + auth_data_model.objects.create(user=user, key=USER_KEY, value=oidc_guid, extra={}) send_register_email(user) - user_registered_signal.send( - sender=user.__class__, - user=user - ) + user_registered_signal.send(sender=user.__class__, user=user) + logger.info(f"New user created: {email}") if token: membership = get_membership_by_token(token) membership.user = user membership.save(update_fields=["user"]) + logger.info(f"Membership updated for user: {email}") - # Update user groups if provided if groups: user.groups.set(groups) + logger.info(f"Groups assigned to user: {email}, groups: {groups}") + + default_role = determine_role(groups) + membership_model.objects.create(user=user, role=default_role) + logger.info(f"Role assigned to user: {email}, role: {default_role}") return user def access_token_login_func(request): try: access_token = request.POST['access_token'] - user_info = get_user_info(access_token) - - # Маппинг групп и ролей groups = user_info.get('groups', []) - roles = [] - for group in groups: - if group.startswith('role:'): - roles.append(group.split(':')[1]) user = access_token_register( username=user_info['username'], @@ -100,7 +79,6 @@ def access_token_login_func(request): full_name=user_info['full_name'], oidc_guid=user_info['guid'], groups=groups, - roles=roles, ) data = make_auth_response_data(user) return data @@ -112,4 +90,10 @@ def access_token_login_func(request): }) except ConnectorBaseException as e: logger.error(f"Access Token authentication failed: {e.detail}") - raise e \ No newline at end of file + raise e + except Exception as e: + logger.error(f"Unexpected error: {e}") + raise ConnectorBaseException({ + "error_message": "Unexpected error", + "details": str(e) + })