feat(api): cas is compatible with casdoor

2023-12-11 20:58:18 +08:00 · 2023-12-11 20:58:18 +08:00 · e0c8263542
parent 275e8b15f3
commit e0c8263542
3 changed files with 25 additions and 5 deletions
--- a/cmdb-api/api/flask_cas/cas_urls.py
+++ b/cmdb-api/api/flask_cas/cas_urls.py
@ -119,4 +119,4 @@ def create_cas_validate_url(cas_url, cas_route, service, ticket,
        ('service', service),
        ('ticket', ticket),
        ('renew', renew),
-        )
+        )
--- a/cmdb-api/api/flask_cas/routing.py
+++ b/cmdb-api/api/flask_cas/routing.py
@ -1,4 +1,5 @@
 # -*- coding:utf-8 -*-
+import uuid

 import bs4
 from flask import Blueprint
@ -126,6 +127,19 @@ def validate(ticket):
        current_app.logger.debug("{}: {}".format(cas_username_session_key, username))
        session[cas_username_session_key] = username
        user = UserCache.get(username)
+        if user is None:
+            current_app.logger.info("create user: {}".format(username))
+            from api.lib.perm.acl.user import UserCRUD
+            soup = bs4.BeautifulSoup(response)
+            cas_user_map = current_app.config.get('CAS_USER_MAP')
+
+            user_dict = dict()
+            for k in cas_user_map:
+                v = soup.find(cas_user_map[k]['tag'], cas_user_map[k].get('attrs', {}))
+                user_dict[k] = v and v.text or None
+            user_dict['password'] = uuid.uuid4().hex
+
+            UserCRUD.add(**user_dict)

        from api.lib.perm.acl.acl import ACLManager
        user_info = ACLManager.get_user_info(username)
--- a/cmdb-api/settings.example.py
+++ b/cmdb-api/settings.example.py
@ -70,11 +70,17 @@ ONCE = {
 # # SSO
 CAS_SERVER = "http://sso.xxx.com"
 CAS_VALIDATE_SERVER = "http://sso.xxx.com"
-CAS_LOGIN_ROUTE = "/cas/login"
-CAS_LOGOUT_ROUTE = "/cas/logout"
-CAS_VALIDATE_ROUTE = "/cas/serviceValidate"
+CAS_LOGIN_ROUTE = "/cas/built-in/cas/login"
+CAS_LOGOUT_ROUTE = "/cas/built-in/cas/logout"
+CAS_VALIDATE_ROUTE = "/cas/built-in/cas/serviceValidate"
 CAS_AFTER_LOGIN = "/"
-DEFAULT_SERVICE = "http://127.0.0.1:8000"
+CAS_USER_MAP = {
+    "username": {"tag": "cas:user"},
+    "nickname": {"tag": "cas:attribute", "attrs": {"name": "displayName"}},
+    "email": {"tag": "cas:attribute", "attrs": {"name": "email"}},
+    "mobile": {"tag": "cas:attribute", "attrs": {"name": "phone"}},
+    "avatar": {"tag": "cas:attribute", "attrs": {"name": "avatar"}},
+}

 # # ldap
 AUTH_WITH_LDAP = False