From 0a5946242ffb2c443c5122bcfd4d48c823a0442d Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Thu, 5 Sep 2019 14:43:19 -0500
Subject: [PATCH] ligoauth: bugfix update users from LDAP command
Better handling of case where a certificate already exists, but is
assigned to a different user.
---
.../update_user_accounts_from_ligo_ldap.py | 24 +++++++++++++++----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/gracedb/ligoauth/management/commands/update_user_accounts_from_ligo_ldap.py b/gracedb/ligoauth/management/commands/update_user_accounts_from_ligo_ldap.py
index 1ed0b09bc..a40514997 100644
--- a/gracedb/ligoauth/management/commands/update_user_accounts_from_ligo_ldap.py
+++ b/gracedb/ligoauth/management/commands/update_user_accounts_from_ligo_ldap.py
@@ -169,11 +169,25 @@ class LdapPersonResultProcessor(object):
def add_certs(self, certs):
# Add new certificates to user
for subject in certs:
- if self.verbose:
- self.write('Creating certificate with subject {0} for {1}'
- .format(subject, self.ligoldapuser.username))
- cert, _ = X509Cert.objects.get_or_create(subject=subject,
- user=self.ligoldapuser)
+ # Check if certificate already exists (sometimes certificates
+ # are assigned to different users); if so, we just change the
+ # user rather than creating a new certificate
+ cert = X509Cert.objects.filter(subject=subject)
+ if cert.exists():
+ cert = cert.first()
+ if self.verbose:
+ msg = ('Reassigning certificate with subject {0} from '
+ '{1} to {2}').format(subject,
+ cert.user, self.ligoldapuser.username)
+ self.write(msg)
+ cert.user = self.ligoldapuser
+ cert.save()
+ else:
+ if self.verbose:
+ self.write('Creating certificate with subject {0} for {1}'
+ .format(subject, self.ligoldapuser.username))
+ cert, _ = X509Cert.objects.get_or_create(subject=subject,
+ user=self.ligoldapuser)
def remove_certs(self, certs):
# Remove old certificates from user
--
GitLab