✨(models) make user and authentication work with Keycloak and admin
The admin was broken as we did not worry about it up to now. On the frontend we want to use OIDC authentication only but for the admin, it is better if the default authentication works as well. To allow this, we propose to add an "email" field to the user model and make it the identifier in place of the usual username. Some changes are necessary to make the "createsuperuser" management command work. We also had to fix the "oidc_user_getter" method to make it work with Keycloak. Some tests were added to secure that everything works as expected.
This commit is contained in:
Samuel Paccoud - DINUM
committed by
Anthony LC
Anthony LC
parent
e1688b923e
commit
8b026078bc
@@ -7,8 +7,10 @@ class OIDCToken(AccessToken):
|
||||
|
||||
@classmethod
|
||||
def for_user(cls, user):
|
||||
token = super().for_user(user)
|
||||
"""Returns an authorization token for the given user for testing."""
|
||||
identity = user.identities.filter(is_main=True).first()
|
||||
|
||||
token = cls()
|
||||
token["first_name"] = (
|
||||
user.profile_contact.short_name if user.profile_contact else "David"
|
||||
)
|
||||
@@ -17,5 +19,7 @@ class OIDCToken(AccessToken):
|
||||
if user.profile_contact
|
||||
else "Bowman"
|
||||
)
|
||||
token["email"] = identity.email
|
||||
token["sub"] = str(identity.sub)
|
||||
token["email"] = user.email
|
||||
|
||||
return token
|
||||
|
||||
Reference in New Issue
Block a user