Merge remote-tracking branch 'origin/master' into fix/user-protected-…

…urls
rommapp · Dec 27, 2024 · 3af51f3 · 3af51f3
2 parents df240ce + 48f3a09
commit 3af51f3
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/backend/config/__init__.py b/backend/config/__init__.py
@@ -79,6 +79,7 @@ def str_to_bool(value: str) -> bool:
 # OIDC
 OIDC_ENABLED: Final = str_to_bool(os.environ.get("OIDC_ENABLED", "false"))
 OIDC_PROVIDER: Final = os.environ.get("OIDC_PROVIDER", "")
+OIDC_CREATE_USER: Final = str_to_bool(os.environ.get("OIDC_CREATE_USER", "false"))
 OIDC_CLIENT_ID: Final = os.environ.get("OIDC_CLIENT_ID", "")
 OIDC_CLIENT_SECRET: Final = os.environ.get("OIDC_CLIENT_SECRET", "")
 OIDC_REDIRECT_URI: Final = os.environ.get("OIDC_REDIRECT_URI", "")

diff --git a/backend/handler/auth/base_handler.py b/backend/handler/auth/base_handler.py
@@ -4,7 +4,12 @@
 from typing import Any, Final, Optional
 
 import httpx
-from config import OIDC_ENABLED, OIDC_SERVER_APPLICATION_URL, ROMM_AUTH_SECRET_KEY
+from config import (
+    OIDC_CREATE_USER,
+    OIDC_ENABLED,
+    OIDC_SERVER_APPLICATION_URL,
+    ROMM_AUTH_SECRET_KEY,
+)
 from exceptions.auth_exceptions import OAuthCredentialsException, UserDisabledException
 from fastapi import HTTPException, status
 from joserfc import jwt
@@ -247,6 +252,7 @@ async def validate_token(self, token: str) -> jwt.Token:
 
     async def get_current_active_user_from_openid_token(self, token: Any):
         from handler.database import db_user_handler
+        from models.user import Role, User
 
         if not OIDC_ENABLED:
             return None, None
@@ -279,11 +285,21 @@ async def get_current_active_user_from_openid_token(self, token: Any):
 
         user = db_user_handler.get_user_by_email(email)
         if user is None:
-            log.error("User with email '%s' not found", email)
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail="User not found",
-            )
+            if OIDC_CREATE_USER:
+                log.info("User with email '%s' not found, creating new user", email)
+                user = User(
+                    username=email.split("@")[0],
+                    email=email,
+                    enabled=True,
+                    role=Role.VIEWER,
+                )
+                db_user_handler.add_user(user)
+            else:
+                log.error("User with email '%s' not found", email)
+                raise HTTPException(
+                    status_code=status.HTTP_404_NOT_FOUND,
+                    detail="User not found",
+                )
 
         if not user.enabled:
             raise UserDisabledException

diff --git a/env.template b/env.template
@@ -37,6 +37,7 @@ AUTHENTIK_BOOTSTRAP_PASSWORD=
 ROMM_AUTH_SECRET_KEY=
 OIDC_ENABLED=
 OIDC_PROVIDER=
+OIDC_CREATE_USER=false
 OIDC_CLIENT_ID=
 OIDC_CLIENT_SECRET=
 OIDC_REDIRECT_URI=