Add sso error sync job

2024-10-31 11:17:17 +01:00 · 2024-10-31 11:17:17 +01:00 · 1d0ee7b906
parent 014ecc31c4
commit 1d0ee7b906
5 changed files with 74 additions and 22 deletions
--- a/compose/django/supercronic_crontab
+++ b/compose/django/supercronic_crontab
@ -4,6 +4,9 @@
 # Run every 6 hours
 0 */6 * * * /usr/local/bin/python /app/manage.py simple_dummy_job

+# Run every hour at minute 11
+0 */11 * * * /usr/local/bin/python /app/manage.py handle_sso_sync_errors
+
 # Run every hour at minute 17
 17 * * * * /usr/local/bin/python /app/manage.py edoniq_import_results

--- a/server/vbv_lernwelt/sso/admin.py
+++ b/server/vbv_lernwelt/sso/admin.py
@ -23,15 +23,17 @@ def create_sso_user_from_admin(user: User, request):
    try:
        create_and_update_user(user)  # noqa
        user.save()
-        messages.add_message(
-            request, messages.SUCCESS, "Der Bentuzer wurde in Keycloak erstellt."
-        )
+        if request:
+            messages.add_message(
+                request, messages.SUCCESS, "Der Bentuzer wurde in Keycloak erstellt."
+            )
    except KeycloakPostError as e:
-        messages.add_message(
-            request,
-            messages.WARNING,
-            f"Der Benutzer {user}  konnte nicht in Keycloak erstellt werden: {e}",
-        )
+        if request:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                f"Der Benutzer {user}  konnte nicht in Keycloak erstellt werden: {e}",
+            )


 def sync_sso_roles_from_admin(user: User, request):
@ -53,21 +55,26 @@ def sync_sso_roles_from_admin(user: User, request):

    try:
        sync_roles_for_user(user, course_roles)
-        messages.add_message(
-            request, messages.SUCCESS, "Die Daten wurden mit Keycloak synchronisiert."
-        )
+        if request:
+            messages.add_message(
+                request,
+                messages.SUCCESS,
+                "Die Daten wurden mit Keycloak synchronisiert.",
+            )
    except KeycloakDeleteError as e:
-        messages.add_message(
-            request,
-            messages.WARNING,
-            f"Die bestehenden Rollen für Benutzer ({user}) konnten in Keycloak nicht gelöscht werden: {e}",
-        )
+        if request:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                f"Die bestehenden Rollen für Benutzer ({user}) konnten in Keycloak nicht gelöscht werden: {e}",
+            )
    except KeycloakPostError as e:
-        messages.add_message(
-            request,
-            messages.WARNING,
-            f"Die neuen Rollen für Benutzer ({user}) konnten in Keycloak nicht erstellt werden: {e}",
-        )
+        if request:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                f"Die neuen Rollen für Benutzer ({user}) konnten in Keycloak nicht erstellt werden: {e}",
+            )


@admin.action(description="KEYCLOAK: Sync SSO Roles")
@ -98,7 +105,14 @@ class SsoUserAdmin(auth_admin.UserAdmin):
        "sso_id",
        "intermedia_sso_id",
    ]
-    search_fields = ["first_name", "last_name", "email", "username", "sso_id"]
+    search_fields = [
+        "first_name",
+        "last_name",
+        "email",
+        "username",
+        "sso_id",
+        "additional_json_data__intermediate_sso_id",
+    ]
    actions = [sync_sso_roles, create_sso_user]

    # Make fields read-only
--- a/server/vbv_lernwelt/sso/management/init.py
+++ b/server/vbv_lernwelt/sso/management/init.py
--- a/server/vbv_lernwelt/sso/management/commands/init.py
+++ b/server/vbv_lernwelt/sso/management/commands/init.py
--- a/server/vbv_lernwelt/sso/management/commands/handle_sso_sync_errors.py
+++ b/server/vbv_lernwelt/sso/management/commands/handle_sso_sync_errors.py
@ -0,0 +1,35 @@
+import djclick as click
+import structlog
+
+from vbv_lernwelt.sso.admin import sync_sso_roles_from_admin
+from vbv_lernwelt.sso.models import SsoSyncError
+
+logger = structlog.get_logger(__name__)
+
+
+@click.command()
+@click.option(
+    "--delete-sync-errors/--no-delete-sync-errors",
+    default=True,
+    help="`delete-sync-errors` to delete the erros after sync, `no-delete-sync-errors` to keep the SyncErrors objects. Default is `delete-sync-errors`.",
+)
+def command(delete_sync_errors: bool):
+    errors = SsoSyncError.objects.all()
+    processed_users = set()
+    errors_to_delete = []
+
+    for error in errors:
+        user = error.user
+        if user.id not in processed_users:
+            sync_sso_roles_from_admin(user, None)
+            processed_users.add(user.id)
+            logger.info(
+                "sso_sync_error",
+                user=user.id,
+            )
+        if delete_sync_errors:
+            errors_to_delete.append(error.id)
+
+    # Perform the bulk delete operation
+    if errors_to_delete:
+        SsoSyncError.objects.filter(id__in=errors_to_delete).delete()