/ckanext/ozwillo_pyoidc/plugin.py - Annoter - Modules CKAN Ozwillo - Redmine Entr’ouvert

oidc / ckanext / ozwillo_pyoidc / plugin.py @ a893339e

1	c8204b73	Serghei Mihai	import logging
2
3	b169c797	Serghei MIHAI	import ckan.plugins as plugins
4			import ckan.plugins.toolkit as toolkit
5	a5f39ab1	Serghei MIHAI	from ckan.common import session, c, request
6			from ckan import model
7	c8204b73	Serghei Mihai	import ckan.lib.base as base
8
9			from pylons import config, request
10
11	b71e8531	Serghei MIHAI	import conf
12			from oidc import create_client
13	c8204b73	Serghei Mihai
14			plugin_config_prefix = 'ckanext.ozwillo_pyoidc.'
15
16			log = logging.getLogger(__name__)
17	a5f39ab1	Serghei MIHAI	plugin_controller = 'ckanext.ozwillo_pyoidc.plugin:OpenidController'
18	c8204b73	Serghei Mihai
19	b699aa44	Serghei MIHAI	_CLIENTS = {}
20
21			class Clients(object):
22
23			@classmethod
24			def get(cls, g):
25			global _CLIENTS
26			if g.id in _CLIENTS:
27			return _CLIENTS.get(g.id)
28			client = cls().get_client(g)
29			_CLIENTS.update({g.id: client})
30			return client
31
32			def get_client(self, g):
33			params = conf.CLIENT.copy()
34			params['client_registration'].update({
35			'client_id': g._extras['client_id'].value,
36			'client_secret': g._extras['client_secret'].value,
37			'redirect_uris': [toolkit.url_for(host=request.host,
38			controller=plugin_controller,
39			action='callback',
40			id=g.name,
41			qualified=True)]
42			})
43			return create_client(**params)
44
45	b169c797	Serghei MIHAI
46			class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
47			plugins.implements(plugins.IConfigurer)
48	c8204b73	Serghei Mihai	plugins.implements(plugins.IRoutes)
49			plugins.implements(plugins.IAuthenticator, inherit=True)
50	b169c797	Serghei MIHAI
51	c8204b73	Serghei Mihai	def before_map(self, map):
52	a5f39ab1	Serghei MIHAI	map.connect('/organization/{id:.*}/sso',
53			controller=plugin_controller,
54			action='sso')
55			map.connect('/organization/{id:.*}/callback',
56			controller=plugin_controller,
57			action='callback')
58	1ae62674	Serghei MIHAI	map.connect('/user/slo',
59			controller=plugin_controller,
60			action='slo')
61			map.redirect('/organization/{id:.*}/logout', '/user/_logout')
62
63	c8204b73	Serghei Mihai	return map
64
65			def after_map(self, map):
66			return map
67
68			def identify(self):
69	a5f39ab1	Serghei MIHAI	user = session.get('user')
70			if user and not toolkit.c.userobj:
71			userobj = model.User.get(user)
72			toolkit.c.user = userobj.name
73			toolkit.c.userobj = userobj
74	c8204b73	Serghei Mihai
75			def login(self):
76	a5f39ab1	Serghei MIHAI	if 'organization_id' in session:
77			g = model.Group.get(session['organization_id'])
78	b699aa44	Serghei MIHAI	client = Clients.get(g)
79			url, ht_args = client.create_authn_request(session, conf.ACR_VALUES)
80	a5f39ab1	Serghei MIHAI	if ht_args:
81			toolkit.request.headers.update(ht_args)
82			toolkit.redirect_to(url)
83			else:
84			toolkit.redirect_to('/')
85	c8204b73	Serghei Mihai
86			def logout(self):
87	b87c1c93	Serghei MIHAI	log.info('Logging out user: %s' % session['user'])
88	7400c5df	Serghei MIHAI	session['user'] = None
89	b87c1c93	Serghei MIHAI	session.save()
90			g = model.Group.get(session['organization_id'])
91			if g:
92	84922cdf	Serghei MIHAI	org_url = toolkit.url_for(host=request.host,
93			controller='organization',
94			action='read',
95			id=g.name,
96			qualified=True)
97
98	b87c1c93	Serghei MIHAI	toolkit.redirect_to(str(org_url))
99			else:
100			toolkit.redirect_to('/')
101	b169c797	Serghei MIHAI
102			def update_config(self, config_):
103			toolkit.add_template_directory(config_, 'templates')
104			toolkit.add_public_directory(config_, 'public')
105			toolkit.add_resource('fanstatic', 'ozwillo_pyoidc')
106	c8204b73	Serghei Mihai
107			class OpenidController(base.BaseController):
108
109	a5f39ab1	Serghei MIHAI	def sso(self, id):
110			log.info('SSO for organization "%s"' % id)
111			session['organization_id'] = id
112			session.save()
113			log.info('redirecting to login page')
114			login_url = toolkit.url_for(host=request.host,
115			controller='user',
116			action='login',
117			qualified=True)
118			toolkit.redirect_to(login_url)
119
120			def callback(self):
121	b699aa44	Serghei MIHAI	g = model.Group.get(session['organization_id'])
122			client = Clients.get(g)
123			userinfo = client.callback(request.GET)
124			log.info('Received userinfo: %s' % userinfo)
125	e7b8bf5b	Serghei MIHAI	userobj = model.User.get(userinfo['sub'])
126	b699aa44	Serghei MIHAI	if userobj:
127			if 'given_name' in userinfo:
128			userobj.fullname = userinfo['given_name']
129			if 'family_name' in userinfo:
130			userobj.fullname += userinfo['family_name']
131			userobj.save()
132			session['user'] = userobj.id
133			session.save()
134
135			org_url = toolkit.url_for(host=request.host,
136			controller="organization",
137			action='read',
138	cdd21e6f	Serghei MIHAI	id=g.name,
139	b013655e	Serghei MIHAI	locale=userinfo.get('locale'),
140	b699aa44	Serghei MIHAI	qualified=True)
141	b013655e	Serghei MIHAI	toolkit.redirect_to(str(org_url))
142	1ae62674	Serghei MIHAI
143			def slo(self):
144			"""
145			Revokes the delivered access token. Logs out the user
146			"""
147	b699aa44	Serghei MIHAI	g = model.Group.get(session['organization_id'])
148			client = Clients.get(g)
149			logout_url = client.end_session_endpoint
150	1ae62674	Serghei MIHAI	org_url = toolkit.url_for(host=request.host,
151			controller='organization',
152			action='read',
153	cdd21e6f	Serghei MIHAI	id=g.name,
154	1ae62674	Serghei MIHAI	qualified=True)
155			redirect_uri = org_url + '/logout'
156
157			# revoke the access token
158			headers = {'Content-Type': 'application/x-www-form-urlencoded'}
159	b699aa44	Serghei MIHAI	data = 'token=%s&token_type_hint=access_token' % client.access_token
160			client.http_request(client.revocation_endpoint, 'POST',
161	1ae62674	Serghei MIHAI	data=data, headers=headers)
162
163			# redirect to IDP logout
164	b699aa44	Serghei MIHAI	logout_url += '?id_token_hint=%s&' % client.id_token
165	1ae62674	Serghei MIHAI	logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
166	880b5def	Serghei MIHAI	toolkit.redirect_to(str(logout_url))

Projet

Général

Profil

Ozwillo » Modules CKAN Ozwillo

oidc / ckanext / ozwillo_pyoidc / plugin.py @ a893339e