Add group membership reporting in userinfo endpoint

sso/directory.py

@@ -30,6 +30,7 @@ class LDAPUserProxy(object):
         self.username = re.sub(app.config["LDAP_STRIP_RE"], "", username)
         self.is_authenticated = True
         self.is_anonymous = False
+        self.groups = []
 
         if app.config.get("TESTING"):
             self.gecos = "Testing User"
@@ -56,6 +57,16 @@ class LDAPUserProxy(object):
         self.phone = data.get("mobile", [b""])[0].decode() or None
         self.personal_email = data.get("mailRoutingAddress", [b""])[0].decode() or None
 
+        self.groups = [
+            data["cn"][0].decode()
+            for dn, data in conn.search_s(
+                app.config["LDAP_GROUPS_BASEDN"],
+                ldap.SCOPE_SUBTREE,
+                app.config["LDAP_GROUP_MEMBERSHIP_FILTER"] % dn,
+                ["cn"],
+            )
+        ]
+
     def __repr__(self):
         active = "active" if self.is_active else "inactive"
         return "<LDAPUserProxy {}, {}>".format(self.username, active)

sso/settings.py

@@ -34,6 +34,13 @@ LDAP_UID_FILTER = env.str(
     "LDAP_UID_FILTER", default="(&(objectClass=hsMember)(uid=%s))"
 )
 
+LDAP_GROUPS_BASEDN = env.str(
+    "LDAP_GROUPS_BASEDN", default="ou=Group,dc=hackerspace,dc=pl"
+)
+LDAP_GROUP_MEMBERSHIP_FILTER = env.str(
+    "LDAP_GROUP_MEMBERSHIP_FILTER", default="(&(objectClass=*)(uniqueMember=%s))",
+)
+
 LDAP_BIND_DN = env.str(
     "LDAP_BIND_DN", default="cn=auth,ou=Services,dc=hackerspace,dc=pl"
 )

sso/views.py

@@ -213,6 +213,7 @@ def api_userinfo():
         email=user.email,
         preferred_username=user.username,
         nickname=user.username,
+        groups=user.groups,
     )