Backend functionality for getting current logged in user's information from canonical directory, and storing it in users table upon login

webapp/helper.py

@@ -1,6 +1,9 @@
+from os import environ
 from webapp.models import JiraTask, User, Project, Webpage, db, get_or_create
 from enum import Enum
 
+import requests
+
 
 class RequestType(Enum):
     COPY_UPDATE = 0
@@ -205,3 +208,34 @@ def get_tree_struct(session, webpages):
         return tree
 
     return None
+
+
+def get_user_from_directory_by_key(key, value):
+    query = f"""
+    query($value: String!) {{
+        employees(filter: {{ contains: {{ {key}: $value }} }}) {{
+            id
+            name
+            email
+            team
+            department
+            jobTitle
+        }}
+    }}
+    """
+
+    headers = {"Authorization": "token " + environ.get("DIRECTORY_API_TOKEN")}
+
+    # Currently directory-api only supports strict comparison of field values,
+    # so we have to send two requests instead of one for first and last names
+    response = requests.post(
+        "https://directory.wpe.internal/graphql/",
+        json={
+            "query": query,
+            "variables": {"value": value.strip()},
+        },
+        headers=headers,
+        verify=False,
+    )
+
+    return response

webapp/routes/user.py

@@ -1,15 +1,13 @@
-from os import environ
-
-import requests
-from flask import jsonify, request, Blueprint, current_app
+from flask import jsonify, request, Blueprint, current_app, session
 
 from webapp.site_repository import SiteRepository
 from webapp.sso import login_required
 from webapp.tasks import LOCKS
-from webapp.helper import get_or_create_user_id
+from webapp.helper import get_or_create_user_id, get_user_from_directory_by_key
 from webapp.models import (
     Project,
     Reviewer,
+    User,
     Webpage,
     db,
     get_or_create,
@@ -21,32 +19,7 @@
 @user_blueprint.route("/get-users/<username>", methods=["GET"])
 @login_required
 def get_users(username: str):
-    query = """
-    query($name: String!) {
-        employees(filter: { contains: { name: $name }}) {
-            id
-            name
-            email
-            team
-            department
-            jobTitle
-        }
-    }
-    """
-
-    headers = {"Authorization": "token " + environ.get("DIRECTORY_API_TOKEN")}
-
-    # Currently directory-api only supports strict comparison of field values,
-    # so we have to send two requests instead of one for first and last names
-    response = requests.post(
-        "https://directory.wpe.internal/graphql/",
-        json={
-            "query": query,
-            "variables": {"name": username.strip()},
-        },
-        headers=headers,
-        verify=False,
-    )
+    response = get_user_from_directory_by_key("name", username)
 
     if response.status_code == 200:
         users = response.json().get("data", {}).get("employees", [])
@@ -113,3 +86,27 @@ def set_owner():
         site_repository.invalidate_cache()
 
     return jsonify({"message": "Successfully set owner"}), 200
+
+
+@user_blueprint.route("/current-user", methods=["GET"])
+@login_required
+def current_user():
+    user_id = session["openid"]["user_id"]
+    if not user_id:
+        return jsonify({"error": "Currently logged in user not found"}), 404
+    user = User.query.filter_by(id=user_id).first()
+    if not user:
+        return jsonify({"error": "Currently logged in user not found"}), 404
+    return (
+        jsonify(
+            {
+                "id": user.id,
+                "name": user.name,
+                "email": user.email,
+                "team": user.team,
+                "department": user.department,
+                "jobTitle": user.job_title,
+            }
+        ),
+        200,
+    )

webapp/sso.py

@@ -1,9 +1,10 @@
 import functools
 import os
-
 import flask
 from django_openid_auth.teams import TeamsRequest, TeamsResponse
 from flask_openid import OpenID
+from webapp.helper import get_or_create_user_id, get_user_from_directory_by_key
+from webapp.models import User
 
 SSO_LOGIN_URL = "https://login.ubuntu.com"
 SSO_TEAM = "canonical-webmonkeys"
@@ -33,9 +34,24 @@ def after_login(resp):
         if SSO_TEAM not in resp.extensions["lp"].is_member:
             flask.abort(403)
 
+        # find the user in database
+        user = User.query.filter_by(email=resp.email).first()
+        user_id = None
+        if user:
+            user_id = user.id
+        else:
+            # fetch user record from directory
+            response = get_user_from_directory_by_key("email", resp.email)
+
+            if response.status_code == 200:
+                user = response.json().get("data", {}).get("employees", [])[0]
+                # save user in users table
+                user_id = get_or_create_user_id(user)
+
         flask.session["openid"] = {
             "identity_url": resp.identity_url,
             "email": resp.email,
+            "user_id": user_id,
         }
 
         return flask.redirect(open_id.get_next_url())