Commit c94891f4 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Add 'eduperson_entitlement' to the default scopes

Partly addresses #3
parent edeba838
...@@ -16,8 +16,15 @@ LOGGER = logging.getLogger(__name__) ...@@ -16,8 +16,15 @@ LOGGER = logging.getLogger(__name__)
OIDC_CLIENT = {} OIDC_CLIENT = {}
def scopes_default(): def scopes_default():
return ['openid', 'profile', 'email', 'credentials'] return [
'openid',
'profile',
'email',
'credentials',
'eduperson_entitlement',
]
class OIDCConfig(db_models.Model): class OIDCConfig(db_models.Model):
...@@ -34,7 +41,6 @@ class OIDCConfig(db_models.Model): ...@@ -34,7 +41,6 @@ class OIDCConfig(db_models.Model):
editable=True, editable=True,
) )
@property @property
def registration_response(self): def registration_response(self):
info = { info = {
...@@ -84,7 +90,7 @@ def default_idp(): ...@@ -84,7 +90,7 @@ def default_idp():
class OIDCTokenAuthBackend(object): class OIDCTokenAuthBackend(object):
AuthException = Exception("Unable to authenticate user") AuthException = Exception('Unable to authenticate user')
def get_userinfo(self, oidc_client, access_token=None): def get_userinfo(self, oidc_client, access_token=None):
user_info = None user_info = None
...@@ -101,10 +107,9 @@ class OIDCTokenAuthBackend(object): ...@@ -101,10 +107,9 @@ class OIDCTokenAuthBackend(object):
user_info['iss'] = oidc_client.provider_info['issuer'] user_info['iss'] = oidc_client.provider_info['issuer']
else: else:
LOGGER.error("Invalid parameters for get_userinfo") LOGGER.error('Invalid parameters for get_userinfo')
#LOGGER.debug("Got user info:\n%s\n", user_info) # LOGGER.debug('Got user info:\n%s\n', user_info)
return user_info return user_info
def authenticate(self, request, token=None, issuer_uri=None): def authenticate(self, request, token=None, issuer_uri=None):
...@@ -117,18 +122,18 @@ class OIDCTokenAuthBackend(object): ...@@ -117,18 +122,18 @@ class OIDCTokenAuthBackend(object):
try: try:
if issuer_uri is not None: if issuer_uri is not None:
LOGGER.debug("Attempting to find IdP %s", issuer_uri) LOGGER.debug('Attempting to find IdP %s', issuer_uri)
oidc_client = OIDCConfig.objects.get(issuer_uri=issuer_uri) oidc_client = OIDCConfig.objects.get(issuer_uri=issuer_uri)
elif idp_id is not None: elif idp_id is not None:
oidc_client = OIDCConfig.objects.get(id=idp_id) oidc_client = OIDCConfig.objects.get(id=idp_id)
if oidc_client is None: if oidc_client is None:
LOGGER.error("Unable to determine IdP for authentication") LOGGER.error('Unable to determine IdP for authentication')
return None return None
except OIDCConfig.DoesNotExist: except OIDCConfig.DoesNotExist:
LOGGER.error("Unable to determine IdP for authentication") LOGGER.error('Unable to determine IdP for authentication')
return None return None
# get the user info from the idp # get the user info from the idp
...@@ -138,7 +143,7 @@ class OIDCTokenAuthBackend(object): ...@@ -138,7 +143,7 @@ class OIDCTokenAuthBackend(object):
) )
from ...models.users import User from ...models.users import User
return User.get_user( return User.get_user(
userinfo, userinfo,
oidc_client, oidc_client,
) )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment