Commit a8bbd23b authored by janis.streib's avatar janis.streib 🦉
Browse files

FMT

parent ff93ed77
Pipeline #94801 passed with stages
in 7 minutes and 23 seconds
...@@ -18,6 +18,7 @@ def get_client(): ...@@ -18,6 +18,7 @@ def get_client():
oic_client.store_registration_info(client_reg) oic_client.store_registration_info(client_reg)
return oic_client return oic_client
def get_authorization_response(client): def get_authorization_response(client):
authorization_response = client.parse_response( authorization_response = client.parse_response(
AuthorizationResponse, AuthorizationResponse,
...@@ -25,6 +26,7 @@ def get_authorization_response(client): ...@@ -25,6 +26,7 @@ def get_authorization_response(client):
sformat='dict') sformat='dict')
return authorization_response return authorization_response
@login_oic.route('/api/login', methods=['POST']) @login_oic.route('/api/login', methods=['POST'])
def api_login(): def api_login():
s = request.environ['beaker.session'] s = request.environ['beaker.session']
...@@ -39,25 +41,29 @@ def api_login(): ...@@ -39,25 +41,29 @@ def api_login():
"response_type": "code", "response_type": "code",
"scope": ["openid", 'profile', 'email'], "scope": ["openid", 'profile', 'email'],
"nonce": s["nonce"], "nonce": s["nonce"],
"redirect_uri": app.config.get('DEBUG_OIC_REDIR')+'/'+debug_t_host.split('//',1)[1] if db.host_omdl.OP_ENV_IS_DEVEL and request.host.split(':')[0] == 'localhost' else app.config.get('OIC_REDIR'), "redirect_uri": app.config.get('DEBUG_OIC_REDIR') + '/' + debug_t_host.split('//', 1)[
1] if db.host_omdl.OP_ENV_IS_DEVEL and request.host.split(':')[0] == 'localhost' else app.config.get(
'OIC_REDIR'),
"state": s["state"] "state": s["state"]
} }
auth_req = oic_client.construct_AuthorizationRequest(request_args=args) auth_req = oic_client.construct_AuthorizationRequest(request_args=args)
login_url = auth_req.request(oic_client.authorization_endpoint) login_url = auth_req.request(oic_client.authorization_endpoint)
return jsonify({'status': 'usr_redir', 'url': login_url}) return jsonify({'status': 'usr_redir', 'url': login_url})
if not 'login_token' in s and not isinstance(s['login'], SimpleKITUser): if not 'login_token' in s and not isinstance(s['login'], SimpleKITUser):
s['login_token'] = s['login'].create_session_token(db, get_db_conn(), False) s['login_token'] = s['login'].create_session_token(db, get_db_conn(), False)
s.save() s.save()
return jsonify({'login': s['login'], 'token': s.get('login_token', None)}) return jsonify({'login': s['login'], 'token': s.get('login_token', None)})
def user_from_userinfo(db, conn, userinfo): def user_from_userinfo(db, conn, userinfo):
user = DBMgr.get_by_login_name(db, conn, userinfo['preferred_username']) user = DBMgr.get_by_login_name(db, conn, userinfo['preferred_username'])
if user is not None: if user is not None:
return user return user
return SimpleKITUser(login_name=userinfo['preferred_username'], return SimpleKITUser(login_name=userinfo['preferred_username'],
first_name=userinfo.get('givenName', None), first_name=userinfo.get('givenName', None),
last_name=userinfo.get('sn', None), last_name=userinfo.get('sn', None),
email=userinfo['email']) email=userinfo['email'])
@login_oic.route('/api/oic_responder') @login_oic.route('/api/oic_responder')
def oic_responder(t_host=None): def oic_responder(t_host=None):
...@@ -71,35 +77,36 @@ def oic_responder(t_host=None): ...@@ -71,35 +77,36 @@ def oic_responder(t_host=None):
"code": aresp['code'], "code": aresp['code'],
"redirect_uri": app.config.get('OIC_REDIR'), "redirect_uri": app.config.get('OIC_REDIR'),
} }
resp = oic_client.do_access_token_request(state=aresp['state'], resp = oic_client.do_access_token_request(state=aresp['state'],
request_args=args, request_args=args,
authn_method='client_secret_basic') authn_method='client_secret_basic')
userinfo = oic_client.do_user_info_request(state=s["state"]) userinfo = oic_client.do_user_info_request(state=s["state"])
s['login'] = user_from_userinfo(db, get_db_conn(), userinfo) s['login'] = user_from_userinfo(db, get_db_conn(), userinfo)
s.save() s.save()
return redirect('/oic_login') return redirect('/oic_login')
@login_oic.route('/api/debug_oic_responder/<t_host>') @login_oic.route('/api/debug_oic_responder/<t_host>')
def debug_oic_responder(t_host=None): def debug_oic_responder(t_host=None):
if not (db.host_omdl.OP_ENV_IS_DEVEL and t_host is not None and t_host.split(':')[0] == 'localhost'): if not (db.host_omdl.OP_ENV_IS_DEVEL and t_host is not None and t_host.split(':')[0] == 'localhost'):
abort(404) abort(404)
oic_client = get_client() oic_client = get_client()
aresp = get_authorization_response(oic_client) aresp = get_authorization_response(oic_client)
code = aresp["code"] code = aresp["code"]
args = { args = {
"code": aresp['code'], "code": aresp['code'],
"redirect_uri": app.config.get('DEBUG_OIC_REDIR') + '/'+t_host, "redirect_uri": app.config.get('DEBUG_OIC_REDIR') + '/' + t_host,
} }
resp = oic_client.do_access_token_request(state=aresp['state'], resp = oic_client.do_access_token_request(state=aresp['state'],
request_args=args, request_args=args,
authn_method='client_secret_basic') authn_method='client_secret_basic')
print(resp) print(resp)
userinfo = oic_client.do_user_info_request(state=aresp["state"]) userinfo = oic_client.do_user_info_request(state=aresp["state"])
new_target = 'http://'+t_host+'/api/debug_oic_receiver' new_target = 'http://' + t_host + '/api/debug_oic_receiver'
return render_template('debug_forward.html', **{'redir':t_host,'new_target': new_target, 'userinfo': userinfo}) return render_template('debug_forward.html', **{'redir': t_host, 'new_target': new_target, 'userinfo': userinfo})
@login_oic.route('/api/debug_oic_receiver', methods=['POST']) @login_oic.route('/api/debug_oic_receiver', methods=['POST'])
...@@ -109,8 +116,8 @@ def debug_oic_receiver(): ...@@ -109,8 +116,8 @@ def debug_oic_receiver():
s = request.environ['beaker.session'] s = request.environ['beaker.session']
s['login'] = user_from_userinfo(db, get_db_conn(), request.form) s['login'] = user_from_userinfo(db, get_db_conn(), request.form)
s.save() s.save()
return redirect('http://'+request.form['redir']+'/oic_login') return redirect('http://' + request.form['redir'] + '/oic_login')
@login_oic.route('/api/logout', methods=['POST']) @login_oic.route('/api/logout', methods=['POST'])
def api_logout(): def api_logout():
...@@ -121,4 +128,3 @@ def api_logout(): ...@@ -121,4 +128,3 @@ def api_logout():
s.delete() s.delete()
s.save() s.save()
return jsonify({'logout': 'success'}) return jsonify({'logout': 'success'})
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment