/ckanext/ozwillo_pyoidc/plugin.py - Diff - Modules CKAN Ozwillo - Redmine Entr’ouvert

« Précédent | Suivant »

Révision b699aa44

Ajouté par Serghei Mihai (congés, retour 15/05) il y a environ 9 ans

ID b699aa4449862ebc54016f6222025e5a89804594
Parent 880b5def
Enfant e7b8bf5b

OIDC client computed for each organization

     log = logging.getLogger(__name__)
     plugin_controller = 'ckanext.ozwillo_pyoidc.plugin:OpenidController'
     CLIENT = None
     _CLIENTS = {}
     class Clients(object):
         @classmethod
         def get(cls, g):
             global _CLIENTS
             if g.id in _CLIENTS:
                 return _CLIENTS.get(g.id)
             client = cls().get_client(g)
             _CLIENTS.update({g.id: client})
             return client
         def get_client(self, g):
             params = conf.CLIENT.copy()
             params['client_registration'].update({
                 'client_id': g._extras['client_id'].value,
                 'client_secret': g._extras['client_secret'].value,
                 'redirect_uris': [toolkit.url_for(host=request.host,
                                                   controller=plugin_controller,
                                                   action='callback',
                                                   id=g.name,
                                                   qualified=True)]
             })
             return create_client(**params)
     class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
         plugins.implements(plugins.IConfigurer)
-...
                 toolkit.c.userobj = userobj
         def login(self):
             global CLIENT
             if 'organization_id' in session:
                 g = model.Group.get(session['organization_id'])
                 conf.CLIENT['client_registration'].update({
                     'client_id': g._extras['client_id'].value,
                     'client_secret': g._extras['client_secret'].value,
                     'redirect_uris': [toolkit.url_for(host=request.host,
                                                       controller=plugin_controller,
                                                       action='callback',
                                                       id=g.name,
                                                       qualified=True)]
                     })
                 log.info('registration info for organization "%s" set' % g.name)
                 CLIENT = create_client(**conf.CLIENT)
                 url, ht_args = CLIENT.create_authn_request(session, conf.ACR_VALUES)
                 client = Clients.get(g)
                 url, ht_args = client.create_authn_request(session, conf.ACR_VALUES)
                 if ht_args:
                     toolkit.request.headers.update(ht_args)
                 toolkit.redirect_to(url)
-...
             toolkit.redirect_to(login_url)
         def callback(self):
             global CLIENT
             if CLIENT:
                 userinfo = CLIENT.callback(request.GET)
                 log.info('Received userinfo: %s' % userinfo)
                 userobj = model.User.get(userinfo['nickname'])
                 if userobj:
                     userobj.email = userinfo['email']
                     if 'given_name' in userinfo:
                         userobj.fullname = userinfo['given_name']
                     if 'family_name' in userinfo:
                         userobj.fullname += userinfo['family_name']
                     userobj.save()
                     session['user'] = userobj.id
                     session.save()
                 org_url = toolkit.url_for(host=request.host,
                                           controller="organization",
                                           action='read',
                                           id=session['organization_id'],
                                           qualified=True)
                 toolkit.redirect_to(org_url)
             g = model.Group.get(session['organization_id'])
             client = Clients.get(g)
             userinfo = client.callback(request.GET)
             log.info('Received userinfo: %s' % userinfo)
             userobj = model.User.get(userinfo['nickname'])
             if userobj:
                 userobj.email = userinfo['email']
                 if 'given_name' in userinfo:
                     userobj.fullname = userinfo['given_name']
                 if 'family_name' in userinfo:
                     userobj.fullname += userinfo['family_name']
                 userobj.save()
                 session['user'] = userobj.id
                 session.save()
             org_url = toolkit.url_for(host=request.host,
                                       controller="organization",
                                       action='read',
                                       id=g.id,
                                       qualified=True)
             toolkit.redirect_to(org_url)
         def slo(self):
             """
             Revokes the delivered access token. Logs out the user
             """
             global CLIENT
             logout_url = CLIENT.end_session_endpoint
             g = model.Group.get(session['organization_id'])
             client = Clients.get(g)
             logout_url = client.end_session_endpoint
             org_url = toolkit.url_for(host=request.host,
                                       controller='organization',
                                       action='read',
-...
             # revoke the access token
             headers = {'Content-Type': 'application/x-www-form-urlencoded'}
             data = 'token=%s&token_type_hint=access_token' % CLIENT.access_token
             CLIENT.http_request(CLIENT.revocation_endpoint, 'POST',
             data = 'token=%s&token_type_hint=access_token' % client.access_token
             client.http_request(client.revocation_endpoint, 'POST',
                                 data=data, headers=headers)
             # redirect to IDP logout
             logout_url += '?id_token_hint=%s&' % CLIENT.id_token
             logout_url += '?id_token_hint=%s&' % client.id_token
             logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
             toolkit.redirect_to(str(logout_url))

Formats disponibles : Unified diff

Projet

Général

Profil

Ozwillo » Modules CKAN Ozwillo

Révision b699aa44

Ajouté par Serghei Mihai (congés, retour 15/05) il y a environ 9 ans