Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #798 +/- ##
===========================================
+ Coverage 87.90% 88.10% +0.19%
===========================================
Files 280 281 +1
Lines 17424 17423 -1
===========================================
+ Hits 15317 15350 +33
+ Misses 2107 2073 -34 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| flash("Benutzername und/oder Passwort falsch", "error") | ||
| if oidc.user_loggedin: | ||
| info = flask_session["oidc_auth_profile"] | ||
| username = info.get("preferred_username") |
There was a problem hiding this comment.
Unfortunately I have no idea what the shape of oidc_auth_profile is.
Our current mappings in keycloak are like this:
I am not sure if preferred_username is some special thing always provided by keycloak or flask-oidc.
In any case, the intended functionality is:
- if
pycroft_loginis set, use that. If the corresponding user does not exist, abort with an error and do not attempt to fall back. - if not set, use the
username.
| username = info.get("preferred_username") | ||
| user = User.get(username) | ||
| if info is not None and username is not None and user is not None: | ||
| login_user(user) |
There was a problem hiding this comment.
Also, you need to verify the condition that the user has the Mitgliederverwalter role set: Not all users of the internal realm (i.e., all active members) are allowed to log in to pycroft.
this is mapped in keycloak, but I do not know how it is exposed in the user profile.
2 participants
This PR adds the ability to login using OpenID connect
new dependency: https://pypi.org/project/flask-oidc/