5
5
from django .contrib .auth import get_user_model
6
6
from django .contrib .auth .backends import ModelBackend
7
7
from django .contrib .auth .hashers import check_password
8
+ from django .contrib .auth .models import AbstractUser
8
9
from django .urls import reverse , reverse_lazy
9
10
10
11
from axes .backends import AxesBackend
11
12
from digid_eherkenning .oidc .backends import BaseBackend
12
13
from mozilla_django_oidc_db .backends import OIDCAuthenticationBackend
13
14
from mozilla_django_oidc_db .config import dynamic_setting
15
+ from mozilla_django_oidc_db .typing import JSONObject
14
16
from oath import accept_totp
15
17
16
18
from open_inwoner .configurations .models import SiteConfiguration
19
+ from open_inwoner .kvk .branches import KVK_BRANCH_SESSION_VARIABLE
17
20
from open_inwoner .utils .hash import generate_email_from_string
21
+ from open_inwoner .utils .views import LogMixin
18
22
19
23
from .choices import LoginTypeChoices
20
24
from .models import OpenIDDigiDConfig , OpenIDEHerkenningConfig
@@ -147,7 +151,7 @@ def filter_users_by_claims(self, claims):
147
151
return self .UserModel .objects .filter (** {"oidc_id__iexact" : unique_id })
148
152
149
153
150
- class DigiDEHerkenningOIDCBackend (BaseBackend ):
154
+ class DigiDEHerkenningOIDCBackend (LogMixin , BaseBackend ):
151
155
OIP_UNIQUE_ID_USER_FIELDNAME = dynamic_setting [Literal ["bsn" , "kvk" ]]()
152
156
OIP_LOGIN_TYPE = dynamic_setting [LoginTypeChoices ]()
153
157
@@ -158,6 +162,26 @@ def _check_candidate_backend(self) -> bool:
158
162
OpenIDEHerkenningConfig ,
159
163
)
160
164
165
+ def _store_vestigingsnummer_in_session (self , claims : JSONObject ):
166
+ """Get company vestigingsnummer from OIDC claims & store in session"""
167
+
168
+ eherkenning_config = self .config_class .get_solo ()
169
+
170
+ branch_number_claim = eherkenning_config .branch_number_claim [0 ]
171
+ if not (vestigingsnummer := claims .get (branch_number_claim )):
172
+ return
173
+
174
+ self .request .session [KVK_BRANCH_SESSION_VARIABLE ] = vestigingsnummer
175
+ self .request .session .save ()
176
+
177
+ identifier_claim = eherkenning_config .identifier_type_claim [0 ]
178
+ kvk_or_rsin = claims .get (identifier_claim )
179
+
180
+ self .log_system_action (
181
+ f"Vestigingsnummer { vestigingsnummer } retrieved from IdP for "
182
+ f"eHerkenning user (KVK/RSIN: { kvk_or_rsin } )"
183
+ )
184
+
161
185
def filter_users_by_claims (self , claims ):
162
186
"""Return all users matching the specified subject."""
163
187
unique_id = self ._extract_username (claims )
@@ -169,7 +193,11 @@ def filter_users_by_claims(self, claims):
169
193
)
170
194
171
195
def create_user (self , claims ):
172
- """Return object for a newly created user account."""
196
+ """
197
+ Return object for a newly created user account.
198
+
199
+ Get vestigingsnummer from OIDC claims & store in session
200
+ """
173
201
174
202
unique_id = self ._extract_username (claims )
175
203
@@ -185,4 +213,12 @@ def create_user(self, claims):
185
213
}
186
214
)
187
215
216
+ if self .config_class is OpenIDEHerkenningConfig :
217
+ self ._store_vestigingsnummer_in_session (claims )
218
+
188
219
return user
220
+
221
+ def update_user (self , user : AbstractUser , claims : JSONObject ):
222
+ if self .config_class is OpenIDEHerkenningConfig :
223
+ self ._store_vestigingsnummer_in_session (claims )
224
+ return super ().update_user (user , claims )
0 commit comments