FIX - NAS DEPLOY: стабилизация real-domain Tasker OIDC baseline
This commit is contained in:
DCCONSTRUCTIONS
parent
4eb6362565
commit
c455ce3c34
|
|
@ -343,19 +343,11 @@ def resolve_linked_user(claims, groups, auto_link, auto_create, sync_profile, sk
|
||||||
if link is None and auto_link and email:
|
if link is None and auto_link and email:
|
||||||
user = User.objects.filter(email__iexact=email, is_active=True).first()
|
user = User.objects.filter(email__iexact=email, is_active=True).first()
|
||||||
if user:
|
if user:
|
||||||
link, _ = ExternalIdentityLink.objects.get_or_create(
|
link = resolve_identity_link_for_user(user, subject, email, groups)
|
||||||
provider=OIDC_PROVIDER,
|
|
||||||
subject=subject,
|
|
||||||
defaults={"user": user, "email": email, "groups": groups},
|
|
||||||
)
|
|
||||||
|
|
||||||
if link is None and auto_create and email:
|
if link is None and auto_create and email:
|
||||||
user, user_created = get_or_create_oidc_user(email=email, claims=claims)
|
user, user_created = get_or_create_oidc_user(email=email, claims=claims)
|
||||||
link, _ = ExternalIdentityLink.objects.get_or_create(
|
link = resolve_identity_link_for_user(user, subject, email, groups)
|
||||||
provider=OIDC_PROVIDER,
|
|
||||||
subject=subject,
|
|
||||||
defaults={"user": user, "email": email, "groups": groups},
|
|
||||||
)
|
|
||||||
if user_created:
|
if user_created:
|
||||||
logger.info(
|
logger.info(
|
||||||
"NODEDC OIDC provisioned Tasker user: user_id=%s email_hash=%s subject_hash=%s",
|
"NODEDC OIDC provisioned Tasker user: user_id=%s email_hash=%s subject_hash=%s",
|
||||||
|
|
@ -394,6 +386,52 @@ def resolve_linked_user(claims, groups, auto_link, auto_create, sync_profile, sk
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
|
||||||
|
def resolve_identity_link_for_user(user, subject, email, groups):
|
||||||
|
user_link = ExternalIdentityLink.objects.select_related("user").filter(
|
||||||
|
provider=OIDC_PROVIDER,
|
||||||
|
user=user,
|
||||||
|
).first()
|
||||||
|
|
||||||
|
conflicting_link = ExternalIdentityLink.objects.filter(
|
||||||
|
provider=OIDC_PROVIDER,
|
||||||
|
subject=subject,
|
||||||
|
).exclude(user=user).first()
|
||||||
|
|
||||||
|
if conflicting_link:
|
||||||
|
logger.warning(
|
||||||
|
"NODEDC OIDC subject is already linked to another user: "
|
||||||
|
"provider=%s user_id=%s subject_hash=%s",
|
||||||
|
OIDC_PROVIDER,
|
||||||
|
conflicting_link.user_id,
|
||||||
|
hash_subject(subject),
|
||||||
|
)
|
||||||
|
return None
|
||||||
|
|
||||||
|
if user_link:
|
||||||
|
if user_link.status != ExternalIdentityLink.Status.ACTIVE:
|
||||||
|
logger.warning(
|
||||||
|
"NODEDC OIDC denied disabled external identity link during email auto-link: "
|
||||||
|
"provider=%s user_id=%s subject_hash=%s",
|
||||||
|
OIDC_PROVIDER,
|
||||||
|
user.id,
|
||||||
|
hash_subject(subject),
|
||||||
|
)
|
||||||
|
return None
|
||||||
|
|
||||||
|
user_link.subject = subject
|
||||||
|
user_link.email = email
|
||||||
|
user_link.groups = groups
|
||||||
|
user_link.save(update_fields=["subject", "email", "groups", "updated_at"])
|
||||||
|
return user_link
|
||||||
|
|
||||||
|
link, _ = ExternalIdentityLink.objects.get_or_create(
|
||||||
|
provider=OIDC_PROVIDER,
|
||||||
|
subject=subject,
|
||||||
|
defaults={"user": user, "email": email, "groups": groups},
|
||||||
|
)
|
||||||
|
return link
|
||||||
|
|
||||||
|
|
||||||
def get_or_create_oidc_user(email, claims):
|
def get_or_create_oidc_user(email, claims):
|
||||||
user = User.objects.filter(email__iexact=email).first()
|
user = User.objects.filter(email__iexact=email).first()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,6 +67,15 @@ ENV VITE_SPACE_BASE_PATH=$VITE_SPACE_BASE_PATH
|
||||||
ARG VITE_WEB_BASE_URL=""
|
ARG VITE_WEB_BASE_URL=""
|
||||||
ENV VITE_WEB_BASE_URL=$VITE_WEB_BASE_URL
|
ENV VITE_WEB_BASE_URL=$VITE_WEB_BASE_URL
|
||||||
|
|
||||||
|
ARG VITE_NODEDC_OIDC_LOGIN_ENABLED=""
|
||||||
|
ENV VITE_NODEDC_OIDC_LOGIN_ENABLED=$VITE_NODEDC_OIDC_LOGIN_ENABLED
|
||||||
|
|
||||||
|
ARG VITE_NODEDC_OIDC_LOGIN_URL=""
|
||||||
|
ENV VITE_NODEDC_OIDC_LOGIN_URL=$VITE_NODEDC_OIDC_LOGIN_URL
|
||||||
|
|
||||||
|
ARG VITE_NODEDC_LAUNCHER_URL=""
|
||||||
|
ENV VITE_NODEDC_LAUNCHER_URL=$VITE_NODEDC_LAUNCHER_URL
|
||||||
|
|
||||||
ENV NEXT_TELEMETRY_DISABLED=1
|
ENV NEXT_TELEMETRY_DISABLED=1
|
||||||
ENV TURBO_TELEMETRY_DISABLED=1
|
ENV TURBO_TELEMETRY_DISABLED=1
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,28 @@ export function buildNodeDCOIDCLoginUrl(nextPath?: string | null): string {
|
||||||
}
|
}
|
||||||
|
|
||||||
export function buildNodeDCLauncherUrl(): string {
|
export function buildNodeDCLauncherUrl(): string {
|
||||||
return process.env.VITE_NODEDC_LAUNCHER_URL || "http://launcher.local.nodedc/";
|
const configuredUrl = process.env.VITE_NODEDC_LAUNCHER_URL;
|
||||||
|
|
||||||
|
if (configuredUrl) {
|
||||||
|
return configuredUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof window === "undefined") {
|
||||||
|
return "http://launcher.local.nodedc/";
|
||||||
|
}
|
||||||
|
|
||||||
|
const hostname = window.location.hostname.toLowerCase();
|
||||||
|
|
||||||
|
if (hostname.endsWith(".nodedc.ru")) {
|
||||||
|
return "https://hub.nodedc.ru/";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hostname.endsWith(".nas.nodedc")) {
|
||||||
|
const port = window.location.port ? `:${window.location.port}` : "";
|
||||||
|
return `${window.location.protocol}//launcher.nas.nodedc${port}/`;
|
||||||
|
}
|
||||||
|
|
||||||
|
return "http://launcher.local.nodedc/";
|
||||||
}
|
}
|
||||||
|
|
||||||
export function buildNodeDCBrandConfigUrl(): string {
|
export function buildNodeDCBrandConfigUrl(): string {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue