core: add attributes. avatar method to allow custom uploaded avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2631
This commit is contained in:
parent
55739ee982
commit
de26c65fa0
|
@ -26,7 +26,7 @@ from structlog.stdlib import get_logger
|
|||
from authentik.core.exceptions import PropertyMappingExpressionException
|
||||
from authentik.core.signals import password_changed
|
||||
from authentik.core.types import UILoginButton, UserSettingSerializer
|
||||
from authentik.lib.config import CONFIG
|
||||
from authentik.lib.config import CONFIG, get_path_from_dict
|
||||
from authentik.lib.generators import generate_id
|
||||
from authentik.lib.models import CreatedUpdatedModel, DomainlessURLValidator, SerializerModel
|
||||
from authentik.lib.utils.http import get_client_ip
|
||||
|
@ -213,9 +213,11 @@ class User(GuardianUserMixin, AbstractUser):
|
|||
mode: str = CONFIG.y("avatars", "none")
|
||||
if mode == "none":
|
||||
return DEFAULT_AVATAR
|
||||
# gravatar uses md5 for their URLs, so md5 can't be avoided
|
||||
if mode.startswith("attributes."):
|
||||
return get_path_from_dict(self.attributes, mode[11:], default=DEFAULT_AVATAR)
|
||||
mail_hash = md5(self.email.lower().encode("utf-8")).hexdigest() # nosec
|
||||
if mode == "gravatar":
|
||||
# gravatar uses md5 for their URLs, so md5 can't be avoided
|
||||
parameters = [
|
||||
("s", "158"),
|
||||
("r", "g"),
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
"""Test Users API"""
|
||||
from json import loads
|
||||
|
||||
from django.urls.base import reverse
|
||||
from rest_framework.test import APITestCase
|
||||
|
||||
from authentik.core.models import User
|
||||
from authentik.core.tests.utils import create_test_admin_user, create_test_flow, create_test_tenant
|
||||
from authentik.flows.models import FlowDesignation
|
||||
from authentik.lib.config import CONFIG
|
||||
from authentik.lib.generators import generate_id, generate_key
|
||||
from authentik.stages.email.models import EmailStage
|
||||
from authentik.tenants.models import Tenant
|
||||
|
@ -211,3 +214,47 @@ class TestUsersAPI(APITestCase):
|
|||
self.assertJSONEqual(
|
||||
response.content.decode(), {"path": ["No empty segments in user path allowed."]}
|
||||
)
|
||||
|
||||
def test_me(self):
|
||||
"""Test user's me endpoint"""
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.get(reverse("authentik_api:user-me"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
@CONFIG.patch("avatars", "none")
|
||||
def test_avatars_none(self):
|
||||
"""Test avatars none"""
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.get(reverse("authentik_api:user-me"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["user"]["avatar"], "/static/dist/assets/images/user_default.png")
|
||||
|
||||
@CONFIG.patch("avatars", "gravatar")
|
||||
def test_avatars_gravatar(self):
|
||||
"""Test avatars gravatar"""
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.get(reverse("authentik_api:user-me"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertIn("gravatar", body["user"]["avatar"])
|
||||
|
||||
@CONFIG.patch("avatars", "foo-%(username)s")
|
||||
def test_avatars_custom(self):
|
||||
"""Test avatars custom"""
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.get(reverse("authentik_api:user-me"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["user"]["avatar"], f"foo-{self.admin.username}")
|
||||
|
||||
@CONFIG.patch("avatars", "attributes.foo.avatar")
|
||||
def test_avatars_attributes(self):
|
||||
"""Test avatars attributes"""
|
||||
self.admin.attributes = {"foo": {"avatar": "bar"}}
|
||||
self.admin.save()
|
||||
self.client.force_login(self.admin)
|
||||
response = self.client.get(reverse("authentik_api:user-me"))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
body = loads(response.content.decode())
|
||||
self.assertEqual(body["user"]["avatar"], "bar")
|
||||
|
|
|
@ -20,6 +20,17 @@ ENV_PREFIX = "AUTHENTIK"
|
|||
ENVIRONMENT = os.getenv(f"{ENV_PREFIX}_ENV", "local")
|
||||
|
||||
|
||||
def get_path_from_dict(root: dict, path: str, sep=".", default=None):
|
||||
"""Recursively walk through `root`, checking each part of `path` split by `sep`.
|
||||
If at any point a dict does not exist, return default"""
|
||||
for comp in path.split(sep):
|
||||
if root and comp in root:
|
||||
root = root.get(comp)
|
||||
else:
|
||||
return default
|
||||
return root
|
||||
|
||||
|
||||
class ConfigLoader:
|
||||
"""Search through SEARCH_PATHS and load configuration. Environment variables starting with
|
||||
`ENV_PREFIX` are also applied.
|
||||
|
@ -155,12 +166,7 @@ class ConfigLoader:
|
|||
# Walk sub_dicts before parsing path
|
||||
root = self.raw
|
||||
# Walk each component of the path
|
||||
for comp in path.split(sep):
|
||||
if root and comp in root:
|
||||
root = root.get(comp)
|
||||
else:
|
||||
return default
|
||||
return root
|
||||
return get_path_from_dict(root, path, sep=sep, default=default)
|
||||
|
||||
def y_set(self, path: str, value: Any, sep="."):
|
||||
"""Set value using same syntax as y()"""
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
"""prompt models"""
|
||||
from base64 import b64decode
|
||||
from binascii import Error
|
||||
from typing import Any, Optional
|
||||
from urllib.parse import urlparse
|
||||
from uuid import uuid4
|
||||
|
@ -87,16 +85,11 @@ class InlineFileField(CharField):
|
|||
uri = urlparse(data)
|
||||
if uri.scheme != "data":
|
||||
raise ValidationError("Invalid scheme")
|
||||
header, encoded = uri.path.split(",", 1)
|
||||
header, _encoded = uri.path.split(",", 1)
|
||||
_mime, _, enc = header.partition(";")
|
||||
if enc != "base64":
|
||||
raise ValidationError("Invalid encoding")
|
||||
try:
|
||||
data = b64decode(encoded.encode()).decode()
|
||||
except (UnicodeDecodeError, UnicodeEncodeError, ValueError, Error):
|
||||
LOGGER.info("failed to decode base64 of file field, keeping base64")
|
||||
data = encoded
|
||||
return super().to_internal_value(data)
|
||||
return super().to_internal_value(uri)
|
||||
|
||||
|
||||
class Prompt(SerializerModel):
|
||||
|
|
|
@ -149,6 +149,9 @@ Configure how authentik should show avatars for users. Following values can be s
|
|||
- `%(mail_hash)s`: The email address, md5 hashed
|
||||
- `%(upn)s`: The user's UPN, if set (otherwise an empty string)
|
||||
|
||||
Starting with authentik 2022.8, you can also use an attribute path like `attributes.something.avatar`,
|
||||
which can be used in combination with the file field to allow users to upload custom avatars for themselves.
|
||||
|
||||
### `AUTHENTIK_DEFAULT_USER_CHANGE_NAME`
|
||||
|
||||
:::info
|
||||
|
|
Reference in a new issue