feat: set username from claims (#5)

castlecraft · Feb 23, 2024 · c8a660d · c8a660d
1 parent 1dc4b88
commit c8a660d
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -49,6 +49,7 @@ Make following changes in `site_config.json` as per your setup:
  "castlecraft_email_key": "preferred_username",
  "castlecraft_first_name_key": "given_name",
  "castlecraft_full_name_key": "name",
+ "castlecraft_username_key": "employee_id",
  "castlecraft_default_roles": ["Blogger"]
  ...
 }
@@ -77,7 +78,9 @@ Make following changes in `site_config.json` as per your setup:
 - `castlecraft_email_key`: OIDC Claim or key to use for getting user's email. Default is `email`.
 - `castlecraft_first_name_key`: OIDC Claim or key to use for getting user's first name. Default is `given_name`.
 - `castlecraft_full_name_key`: OIDC Claim or key to use for getting user's full name. Default is `name`.
+- `castlecraft_username_key`: OIDC Claim or key to use for setting user's `username`. Default is not set.
 - `castlecraft_default_roles`: Array of roles to add to user on creation. Default is `[]`.
+- `castlecraft_enable_log`: If set to `1`, `Error Log` will be created on auth errors.
 
 Note: Either set `castlecraft_auth_introspect_bearer_enabled` or `castlecraft_auth_jwt_verify_bearer_enabled`, NOT both. In case both are set, auth `castlecraft_auth_introspect_bearer_enabled` will be considered.
 

diff --git a/castlecraft/auth.py b/castlecraft/auth.py
@@ -162,10 +162,11 @@ def validate_bearer_with_introspection(token):
             frappe.local.form_dict = form_dict
 
     except Exception:
-        frappe.log_error(
-            traceback.format_exc(),
-            "castlecraft_bearer_auth_failed",
-        )
+        if frappe.get_conf().get("castlecraft_enable_log"):
+            frappe.log_error(
+                traceback.format_exc(),
+                "castlecraft_bearer_auth_failed",
+            )
 
 
 def validate_bearer_with_jwt_verification(token):
@@ -233,7 +234,11 @@ def validate_bearer_with_jwt_verification(token):
             frappe.local.form_dict = form_dict
 
     except Exception:
-        frappe.log_error(traceback.format_exc(), "castlecraft_jwt_auth_failed")
+        if frappe.get_conf().get("castlecraft_enable_log"):
+            frappe.log_error(
+                traceback.format_exc(),
+                "castlecraft_jwt_auth_failed",
+            )
 
 
 def create_and_save_user(body):
@@ -264,6 +269,10 @@ def create_and_save_user(body):
     if body.get("phone_number_verified"):
         user.phone = body.get("phone_number")
 
+    username = body.get(frappe.get_conf().get("castlecraft_username_key"))  # noqa: E501
+    if username:
+        user.username = username
+
     for role in frappe.get_conf().get("castlecraft_default_roles", []):
         if frappe.db.get_value("Role", role, "name"):
             user.append("roles", {"role": role})