5
5
from django .contrib .auth import get_user_model
6
6
from django .contrib .auth .backends import ModelBackend
7
7
from django .contrib .auth .hashers import check_password
8
+ from django .contrib .auth .models import AbstractUser
9
+ from django .core .exceptions import SuspiciousOperation
8
10
from django .urls import reverse , reverse_lazy
9
11
10
12
from axes .backends import AxesBackend
11
13
from digid_eherkenning .oidc .backends import BaseBackend
12
14
from mozilla_django_oidc_db .backends import OIDCAuthenticationBackend
13
15
from mozilla_django_oidc_db .config import dynamic_setting
16
+ from mozilla_django_oidc_db .typing import JSONObject
14
17
from oath import accept_totp
15
18
16
19
from open_inwoner .configurations .models import SiteConfiguration
20
+ from open_inwoner .kvk .branches import KVK_BRANCH_SESSION_VARIABLE
17
21
from open_inwoner .utils .hash import generate_email_from_string
22
+ from open_inwoner .utils .views import LogMixin
18
23
19
24
from .choices import LoginTypeChoices
20
25
from .models import OpenIDDigiDConfig , OpenIDEHerkenningConfig
@@ -147,7 +152,7 @@ def filter_users_by_claims(self, claims):
147
152
return self .UserModel .objects .filter (** {"oidc_id__iexact" : unique_id })
148
153
149
154
150
- class DigiDEHerkenningOIDCBackend (BaseBackend ):
155
+ class DigiDEHerkenningOIDCBackend (LogMixin , BaseBackend ):
151
156
OIP_UNIQUE_ID_USER_FIELDNAME = dynamic_setting [Literal ["bsn" , "kvk" ]]()
152
157
OIP_LOGIN_TYPE = dynamic_setting [LoginTypeChoices ]()
153
158
@@ -158,6 +163,26 @@ def _check_candidate_backend(self) -> bool:
158
163
OpenIDEHerkenningConfig ,
159
164
)
160
165
166
+ def _store_vestigingsnummer_in_session (self , claims : JSONObject ):
167
+ """Get company vestigingsnummer from OIDC claims & store in session"""
168
+
169
+ eherkenning_config = self .config_class .get_solo ()
170
+
171
+ branch_number_claim = eherkenning_config .branch_number_claim [0 ]
172
+ if not (vestigingsnummer := claims .get (branch_number_claim )):
173
+ return
174
+
175
+ self .request .session [KVK_BRANCH_SESSION_VARIABLE ] = vestigingsnummer
176
+ self .request .session .save ()
177
+
178
+ identifier_claim = eherkenning_config .identifier_type_claim [0 ]
179
+ kvk_or_rsin = claims .get (identifier_claim )
180
+
181
+ self .log_system_action (
182
+ f"Vestigingsnummer { vestigingsnummer } retrieved from IdP for "
183
+ f"eHerkenning user (KVK/RSIN: { kvk_or_rsin } )"
184
+ )
185
+
161
186
def filter_users_by_claims (self , claims ):
162
187
"""Return all users matching the specified subject."""
163
188
unique_id = self ._extract_username (claims )
@@ -169,7 +194,11 @@ def filter_users_by_claims(self, claims):
169
194
)
170
195
171
196
def create_user (self , claims ):
172
- """Return object for a newly created user account."""
197
+ """
198
+ Return object for a newly created user account.
199
+
200
+ Get vestigingsnummer from OIDC claims & store in session
201
+ """
173
202
174
203
unique_id = self ._extract_username (claims )
175
204
@@ -185,4 +214,12 @@ def create_user(self, claims):
185
214
}
186
215
)
187
216
217
+ if self .config_class is OpenIDEHerkenningConfig :
218
+ self ._store_vestigingsnummer_in_session (claims )
219
+
188
220
return user
221
+
222
+ def update_user (self , user : AbstractUser , claims : JSONObject ):
223
+ if self .config_class is OpenIDEHerkenningConfig :
224
+ self ._store_vestigingsnummer_in_session (claims )
225
+ return super ().update_user (user , claims )
0 commit comments