Release v1.0.0

services/backend/hotpocket_backend/apps/accounts/social.py

@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+import logging
+
+from social_core.backends.open_id_connect import OpenIdConnectAuth
+
+LOGGER = logging.getLogger(__name__)
+
+
+class HotPocketOpenIdConnectAuth(OpenIdConnectAuth):
+    name = 'hotpocket_oidc'
+
+
+def _get_roles_from_response(response) -> list[str]:
+    from hotpocket_backend.apps.core.conf import settings
+    return response.\
+        get('resource_access', {}).\
+        get(settings.SECRETS.OIDC.key, {}).\
+        get('roles', [])
+
+
+def set_user_is_staff(strategy, details, response, user=None, *args, **kwargs):
+    if user is None:
+        return None
+
+    roles = _get_roles_from_response(response)
+    user.is_staff = 'staff' in roles
+
+    strategy.storage.user.changed(user)
+
+
+def set_user_is_superuser(strategy, details, response, user=None, *args, **kwargs):
+    if user is None:
+        return None
+
+    roles = _get_roles_from_response(response)
+    user.is_superuser = 'superuser' in roles
+
+    strategy.storage.user.changed(user)