Project

General

Profile

« Previous | Next » 

Revision b699aa44

Added by Serghei Mihai about 9 years ago

OIDC client computed for each organization

View differences:

ckanext/ozwillo_pyoidc/plugin.py
17 17
log = logging.getLogger(__name__)
18 18
plugin_controller = 'ckanext.ozwillo_pyoidc.plugin:OpenidController'
19 19

  
20
CLIENT = None
20
_CLIENTS = {}
21

  
22
class Clients(object):
23

  
24
    @classmethod
25
    def get(cls, g):
26
        global _CLIENTS
27
        if g.id in _CLIENTS:
28
            return _CLIENTS.get(g.id)
29
        client = cls().get_client(g)
30
        _CLIENTS.update({g.id: client})
31
        return client
32

  
33
    def get_client(self, g):
34
        params = conf.CLIENT.copy()
35
        params['client_registration'].update({
36
            'client_id': g._extras['client_id'].value,
37
            'client_secret': g._extras['client_secret'].value,
38
            'redirect_uris': [toolkit.url_for(host=request.host,
39
                                              controller=plugin_controller,
40
                                              action='callback',
41
                                              id=g.name,
42
                                              qualified=True)]
43
        })
44
        return create_client(**params)
45

  
21 46

  
22 47
class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
23 48
    plugins.implements(plugins.IConfigurer)
......
49 74
            toolkit.c.userobj = userobj
50 75

  
51 76
    def login(self):
52
        global CLIENT
53 77
        if 'organization_id' in session:
54 78
            g = model.Group.get(session['organization_id'])
55
            conf.CLIENT['client_registration'].update({
56
                'client_id': g._extras['client_id'].value,
57
                'client_secret': g._extras['client_secret'].value,
58
                'redirect_uris': [toolkit.url_for(host=request.host,
59
                                                  controller=plugin_controller,
60
                                                  action='callback',
61
                                                  id=g.name,
62
                                                  qualified=True)]
63
                })
64
            log.info('registration info for organization "%s" set' % g.name)
65
            CLIENT = create_client(**conf.CLIENT)
66
            url, ht_args = CLIENT.create_authn_request(session, conf.ACR_VALUES)
79
            client = Clients.get(g)
80
            url, ht_args = client.create_authn_request(session, conf.ACR_VALUES)
67 81
            if ht_args:
68 82
                toolkit.request.headers.update(ht_args)
69 83
            toolkit.redirect_to(url)
......
92 106
        toolkit.redirect_to(login_url)
93 107

  
94 108
    def callback(self):
95
        global CLIENT
96
        if CLIENT:
97
            userinfo = CLIENT.callback(request.GET)
98
            log.info('Received userinfo: %s' % userinfo)
99
            userobj = model.User.get(userinfo['nickname'])
100
            if userobj:
101
                userobj.email = userinfo['email']
102
                if 'given_name' in userinfo:
103
                    userobj.fullname = userinfo['given_name']
104
                if 'family_name' in userinfo:
105
                    userobj.fullname += userinfo['family_name']
106
                userobj.save()
107
                session['user'] = userobj.id
108
                session.save()
109

  
110
            org_url = toolkit.url_for(host=request.host,
111
                                      controller="organization",
112
                                      action='read',
113
                                      id=session['organization_id'],
114
                                      qualified=True)
115
            toolkit.redirect_to(org_url)
109
        g = model.Group.get(session['organization_id'])
110
        client = Clients.get(g)
111
        userinfo = client.callback(request.GET)
112
        log.info('Received userinfo: %s' % userinfo)
113
        userobj = model.User.get(userinfo['nickname'])
114
        if userobj:
115
            userobj.email = userinfo['email']
116
            if 'given_name' in userinfo:
117
                userobj.fullname = userinfo['given_name']
118
            if 'family_name' in userinfo:
119
                userobj.fullname += userinfo['family_name']
120
            userobj.save()
121
            session['user'] = userobj.id
122
            session.save()
123

  
124
        org_url = toolkit.url_for(host=request.host,
125
                                  controller="organization",
126
                                  action='read',
127
                                  id=g.id,
128
                                  qualified=True)
129
        toolkit.redirect_to(org_url)
116 130

  
117 131
    def slo(self):
118 132
        """
119 133
        Revokes the delivered access token. Logs out the user
120 134
        """
121
        global CLIENT
122
        logout_url = CLIENT.end_session_endpoint
135
        g = model.Group.get(session['organization_id'])
136
        client = Clients.get(g)
137
        logout_url = client.end_session_endpoint
123 138
        org_url = toolkit.url_for(host=request.host,
124 139
                                  controller='organization',
125 140
                                  action='read',
......
129 144

  
130 145
        # revoke the access token
131 146
        headers = {'Content-Type': 'application/x-www-form-urlencoded'}
132
        data = 'token=%s&token_type_hint=access_token' % CLIENT.access_token
133
        CLIENT.http_request(CLIENT.revocation_endpoint, 'POST',
147
        data = 'token=%s&token_type_hint=access_token' % client.access_token
148
        client.http_request(client.revocation_endpoint, 'POST',
134 149
                            data=data, headers=headers)
135 150

  
136 151
        # redirect to IDP logout
137
        logout_url += '?id_token_hint=%s&' % CLIENT.id_token
152
        logout_url += '?id_token_hint=%s&' % client.id_token
138 153
        logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
139 154
        toolkit.redirect_to(str(logout_url))

Also available in: Unified diff