Automatically link the superuser account to federated service for auth
When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.
This commit is contained in:
Joseph Schorr
parent
33b54218cc
commit
38a6b3621c
5 changed files with 37 additions and 5 deletions
|
|
@ -13,10 +13,12 @@ from app import app, CONFIG_PROVIDER, superusers
|
|||
from data import model
|
||||
from data.database import configure
|
||||
from auth.permissions import SuperUserPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data.database import User
|
||||
from util.config.configutil import add_enterprise_config_defaults
|
||||
from util.config.validator import validate_service_for_config, CONFIG_FILENAMES
|
||||
from data.runmigration import run_alembic_migration
|
||||
from data.users import get_federated_service_name
|
||||
|
||||
import features
|
||||
|
||||
|
|
@ -208,6 +210,13 @@ class SuperUserConfig(ApiResource):
|
|||
# Write the configuration changes to the YAML file.
|
||||
CONFIG_PROVIDER.save_yaml(config_object)
|
||||
|
||||
# If the authentication system is not the database, link the superuser account to the
|
||||
# the authentication system chosen.
|
||||
if config_object.get('AUTHENTICATION_TYPE', 'Database') != 'Database':
|
||||
service_name = get_federated_service_name(config_object['AUTHENTICATION_TYPE'])
|
||||
current_user = get_authenticated_user()
|
||||
model.user.confirm_attached_federated_login(current_user, service_name)
|
||||
|
||||
return {
|
||||
'exists': True,
|
||||
'config': config_object
|
||||
|
|
|
|||
Reference in a new issue