fix: LDAP - check each email in list before creating user

(cherry picked from commit 86dc33c) # Conflicts: # frappe/integrations/doctype/ldap_settings/ldap_settings.py
frappe · Dec 6, 2022 · f935383 · f935383
1 parent 1a67a41
commit f935383
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/frappe/integrations/doctype/ldap_settings/ldap_settings.json b/frappe/integrations/doctype/ldap_settings/ldap_settings.json
@@ -24,6 +24,7 @@
   "ldap_email_field",
   "ldap_username_field",
   "ldap_first_name_field",
+  "do_not_create_new_user",
   "column_break_19",
   "ldap_middle_name_field",
   "ldap_last_name_field",
@@ -289,12 +290,19 @@
    "fieldname": "section_break_40",
    "fieldtype": "Section Break",
    "hide_border": 1
+  },
+  {
+   "default": "0",
+   "description": "Do not create new user if user with email does not exist in the system",
+   "fieldname": "do_not_create_new_user",
+   "fieldtype": "Check",
+   "label": "Do Not Create New User "
   }
  ],
  "in_create": 1,
  "issingle": 1,
  "links": [],
- "modified": "2022-07-07 16:51:46.230793",
+ "modified": "2022-12-05 21:52:31.146035",
  "modified_by": "Administrator",
  "module": "Integrations",
  "name": "LDAP Settings",

diff --git a/frappe/integrations/doctype/ldap_settings/ldap_settings.py b/frappe/integrations/doctype/ldap_settings/ldap_settings.py
@@ -175,6 +175,7 @@ def create_or_update_user(self, user_data: dict, groups: list = None):
 		if frappe.db.exists("User", user_data["email"]):
 			user = frappe.get_doc("User", user_data["email"])
 			LDAPSettings.update_user_fields(user=user, user_data=user_data)
+<<<<<<< HEAD
 		else:
 			doc = user_data
 			doc.update(
@@ -185,8 +186,23 @@ def create_or_update_user(self, user_data: dict, groups: list = None):
 					"user_type": self.default_user_type,
 				}
 			)
+=======
+		elif not self.do_not_create_new_user:
+			doc = user_data | {
+				"doctype": "User",
+				"send_welcome_email": 0,
+				"language": "",
+				"user_type": self.default_user_type,
+			}
+>>>>>>> 86dc33c1f1 (fix: LDAP - check each email in list before creating user)
 			user = frappe.get_doc(doc)
 			user.insert(ignore_permissions=True)
+		else:
+			frappe.throw(
+				_(
+					"User with email: {0} does not exist in the system. Please ask 'System Administrator' to create the user for you."
+				).format(user_data["email"])
+			)
 
 		if self.default_user_type == "System User":
 			role = self.default_role
@@ -330,11 +346,21 @@ def reset_password(self, user, password, logout_sessions=False):
 
 	def convert_ldap_entry_to_dict(self, user_entry: Entry):
 		# support multiple email values
-		email = user_entry[self.ldap_email_field]
+		email = user_entry[self.ldap_email_field].value
+
+		if isinstance(email, list):
+			# check if any of the email in the list already exist
+			for e in email:
+				if frappe.db.exists("User", e):
+					email = e
+					break
+			else:
+				# if none of the email exist, use the first email
+				email = email[0]
 
 		data = {
 			"username": user_entry[self.ldap_username_field].value,
-			"email": str(email.value[0] if isinstance(email.value, list) else email.value),
+			"email": email,
 			"first_name": user_entry[self.ldap_first_name_field].value,
 		}