Add 'eduperson_entitlement' to the default scopes

Partly addresses #3

Add 'eduperson_entitlement' to the default scopes
Partly addresses #3
c94891f4 · Lukas Burgey · edeba838 · c94891f4
Commit c94891f4 authored Oct 29, 2018 by Lukas Burgey
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 10 deletions

feudal/backend/auth/v1/models.py feudal/backend/auth/v1/models.py +15 -10

No files found.
--- a/feudal/backend/auth/v1/models.py
+++ b/feudal/backend/auth/v1/models.py
@@ -16,8 +16,15 @@ LOGGER = logging.getLogger(__name__)

 OIDC_CLIENT = {}

+
 def scopes_default():
-    return ['openid', 'profile', 'email', 'credentials']
+    return [
+        'openid',
+        'profile',
+        'email',
+        'credentials',
+        'eduperson_entitlement',
+    ]


 class OIDCConfig(db_models.Model):
@@ -34,7 +41,6 @@ class OIDCConfig(db_models.Model):
        editable=True,
    )

-
    @property
    def registration_response(self):
        info = {
@@ -84,7 +90,7 @@ def default_idp():


 class OIDCTokenAuthBackend(object):
-    AuthException = Exception("Unable to authenticate user")
+    AuthException = Exception('Unable to authenticate user')

    def get_userinfo(self, oidc_client, access_token=None):
        user_info = None
@@ -101,10 +107,9 @@ class OIDCTokenAuthBackend(object):
            user_info['iss'] = oidc_client.provider_info['issuer']

        else:
-            LOGGER.error("Invalid parameters for get_userinfo")
-
+            LOGGER.error('Invalid parameters for get_userinfo')

-        #LOGGER.debug("Got user info:\n%s\n", user_info)
+        # LOGGER.debug('Got user info:\n%s\n', user_info)
        return user_info

    def authenticate(self, request, token=None, issuer_uri=None):
@@ -117,18 +122,18 @@ class OIDCTokenAuthBackend(object):
        try:

            if issuer_uri is not None:
-                LOGGER.debug("Attempting to find IdP %s", issuer_uri)
+                LOGGER.debug('Attempting to find IdP %s', issuer_uri)
                oidc_client = OIDCConfig.objects.get(issuer_uri=issuer_uri)

            elif idp_id is not None:
                oidc_client = OIDCConfig.objects.get(id=idp_id)

            if oidc_client is None:
-                LOGGER.error("Unable to determine IdP for authentication")
+                LOGGER.error('Unable to determine IdP for authentication')
                return None

        except OIDCConfig.DoesNotExist:
-            LOGGER.error("Unable to determine IdP for authentication")
+            LOGGER.error('Unable to determine IdP for authentication')
            return None

        # get the user info from the idp
@@ -138,7 +143,7 @@ class OIDCTokenAuthBackend(object):
        )

        from ...models.users import User
-        return  User.get_user(
+        return User.get_user(
            userinfo,
            oidc_client,
        )