From ed6f5b98df0e717e38938ec1854aa529a88dc45c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 19 Sep 2021 15:54:22 +0200 Subject: [PATCH] sources/ldap: improve messages of sync tasks in UI Signed-off-by: Jens Langhammer --- authentik/sources/ldap/sync/base.py | 12 ++++++++++++ authentik/sources/ldap/sync/groups.py | 6 +++--- authentik/sources/ldap/sync/membership.py | 8 ++++---- authentik/sources/ldap/sync/users.py | 7 ++++--- authentik/sources/ldap/tasks.py | 2 +- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/authentik/sources/ldap/sync/base.py b/authentik/sources/ldap/sync/base.py index 66a05b9c7..6b3a00563 100644 --- a/authentik/sources/ldap/sync/base.py +++ b/authentik/sources/ldap/sync/base.py @@ -17,11 +17,18 @@ class BaseLDAPSynchronizer: _source: LDAPSource _logger: BoundLogger + _messages: list[str] def __init__(self, source: LDAPSource): self._source = source + self._messages = [] self._logger = get_logger().bind(source=source, syncer=self.__class__.__name__) + @property + def messages(self) -> list[str]: + """Get all UI messages""" + return self._messages + @property def base_dn_users(self) -> str: """Shortcut to get full base_dn for user lookups""" @@ -36,6 +43,11 @@ class BaseLDAPSynchronizer: return f"{self._source.additional_group_dn},{self._source.base_dn}" return self._source.base_dn + def message(self, *args, **kwargs): + """Add message that is later added to the System Task and shown to the user""" + self._messages.append(" ".join(args)) + self._logger.warning(*args, **kwargs) + def sync(self) -> int: """Sync function, implemented in subclass""" raise NotImplementedError() diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py index 55771fd55..2563a034c 100644 --- a/authentik/sources/ldap/sync/groups.py +++ b/authentik/sources/ldap/sync/groups.py @@ -15,7 +15,7 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): def sync(self) -> int: """Iterate over all LDAP Groups and create authentik_core.Group instances""" if not self._source.sync_groups: - self._logger.warning("Group syncing is disabled for this Source") + self.message("Group syncing is disabled for this Source") return -1 groups = self._source.connection.extend.standard.paged_search( search_base=self.base_dn_groups, @@ -28,8 +28,8 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): attributes = group.get("attributes", {}) group_dn = self._flatten(self._flatten(group.get("entryDN", group.get("dn")))) if self._source.object_uniqueness_field not in attributes: - self._logger.warning( - "Cannot find uniqueness Field in attributes", + self.message( + f"Cannot find uniqueness field in attributes: '{group_dn}", attributes=attributes.keys(), dn=group_dn, ) diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py index 1f623b651..403e47b2f 100644 --- a/authentik/sources/ldap/sync/membership.py +++ b/authentik/sources/ldap/sync/membership.py @@ -62,8 +62,8 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer): # group_uniq might be a single string or an array with (hopefully) a single string if isinstance(group_uniq, list): if len(group_uniq) < 1: - self._logger.warning( - "Group does not have a uniqueness attribute.", + self.message( + f"Group does not have a uniqueness attribute: '{group_dn}'", group=group_dn, ) return None @@ -71,8 +71,8 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer): if group_uniq not in self.group_cache: groups = Group.objects.filter(**{f"attributes__{LDAP_UNIQUENESS}": group_uniq}) if not groups.exists(): - self._logger.warning( - "Group does not exist in our DB yet, run sync_groups first.", + self.message( + f"Group does not exist in our DB yet, run sync_groups first: '{group_dn}'", group=group_dn, ) return None diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py index 6462c8483..1de08b508 100644 --- a/authentik/sources/ldap/sync/users.py +++ b/authentik/sources/ldap/sync/users.py @@ -18,7 +18,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): def sync(self) -> int: """Iterate over all LDAP Users and create authentik_core.User instances""" if not self._source.sync_users: - self._logger.warning("User syncing is disabled for this Source") + self.message("User syncing is disabled for this Source") return -1 users = self._source.connection.extend.standard.paged_search( search_base=self.base_dn_users, @@ -31,8 +31,8 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): attributes = user.get("attributes", {}) user_dn = self._flatten(user.get("entryDN", user.get("dn"))) if self._source.object_uniqueness_field not in attributes: - self._logger.warning( - "Cannot find uniqueness Field in attributes", + self.message( + f"Cannot find uniqueness field in attributes: '{user_dn}", attributes=attributes.keys(), dn=user_dn, ) @@ -66,6 +66,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now()) pwd_last_set = pwd_last_set.replace(tzinfo=UTC) if created or pwd_last_set >= ak_user.password_change_date: + self.message(f"'{ak_user.username}': Reset user's password") self._logger.debug( "Reset user's password", user=ak_user.username, diff --git a/authentik/sources/ldap/tasks.py b/authentik/sources/ldap/tasks.py index 9566f8322..8f5ca65aa 100644 --- a/authentik/sources/ldap/tasks.py +++ b/authentik/sources/ldap/tasks.py @@ -46,9 +46,9 @@ def ldap_sync(self: MonitoredTask, source_pk: str, sync_class: Optional[str] = N sync = path_to_class(sync_class) self.set_uid(f"{slugify(source.name)}-{sync.__name__}") try: - messages = [] sync_inst = sync(source) count = sync_inst.sync() + messages = sync_inst.messages messages.append(f"Synced {count} objects.") self.set_status( TaskResult(