fix: add logic to auto-create user for CORE POS cashier login

config can now declare two things:

- whether to auto-create users (if needed) when CORE login succeeds
- which role the auto-created users should be assigned to

this is designed for usage with WuttaPOS, so existing/active cashiers
in CORE can login to WuttaPOS with minimal friction

rattail_corepos/auth.py

@@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2023 Lance Edgar
+#  Copyright © 2010-2024 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@@ -50,6 +50,15 @@ class CoreAuthHandler(base.AuthHandler):
             core_employee = self.check_corepos_cashier_credentials(core_session, password)
             if core_employee:
                 user = self.get_user_from_corepos_employee(session, core_employee)
+                if not user and self.config.get_bool('rattail.auth.corepos.automake_users'):
+                    # nb. new user must be made via separate session
+                    # and then merged back into the main session.
+                    # this is because the caller cannot be responsible
+                    # for committing (persisting) the new user.
+                    with self.app.short_session() as s:
+                        user = self.make_user_from_corepos_employee(s, core_employee)
+                        s.commit()
+                        user = session.get(model.User, user.uuid)
             core_session.close()
             if user and user.active:
                 return user
@@ -67,14 +76,33 @@ class CoreAuthHandler(base.AuthHandler):
             if core_employee.active:
                 return core_employee
 
-    def get_user_from_corepos_employee(self, session, core_employee):
+    def get_rattail_employee(self, session, core_employee):
         model = self.model
         try:
-            employee = session.query(model.Employee)\
+            return session.query(model.Employee)\
                           .join(model.CoreEmployee)\
                           .filter(model.CoreEmployee.corepos_number == core_employee.number)\
                           .one()
         except orm.exc.NoResultFound:
             pass
-        else:
+
+    def get_user_from_corepos_employee(self, session, core_employee):
+        employee = self.get_rattail_employee(session, core_employee)
+        if employee:
             return self.app.get_user(employee)
+
+    def make_user_from_corepos_employee(self, session, core_employee):
+        employee = self.get_rattail_employee(session, core_employee)
+        if not employee:
+            raise ValueError(f"CORE employee not found in {self.app.get_title()}: {core_employee}")
+
+        person = self.app.get_person(employee)
+        user = self.make_user(session=session, person=person)
+
+        role = self.config.get('rattail.auth.corepos.automake_users_role')
+        if role:
+            role = self.get_role(session, role)
+            if role:
+                user.roles.append(role)
+
+        return user