1 |
c8204b73
|
Serghei Mihai
|
import logging
|
2 |
|
|
|
3 |
b169c797
|
Serghei MIHAI
|
import ckan.plugins as plugins
|
4 |
|
|
import ckan.plugins.toolkit as toolkit
|
5 |
c8204b73
|
Serghei Mihai
|
from ckan.common import session
|
6 |
|
|
import ckan.lib.base as base
|
7 |
|
|
|
8 |
|
|
from pylons import config, request
|
9 |
|
|
|
10 |
|
|
from oidc import OIDCClients
|
11 |
|
|
|
12 |
|
|
import conf
|
13 |
|
|
|
14 |
|
|
from oic.oic import Client, AuthorizationRequest
|
15 |
|
|
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
|
16 |
|
|
|
17 |
|
|
plugin_config_prefix = 'ckanext.ozwillo_pyoidc.'
|
18 |
|
|
|
19 |
|
|
log = logging.getLogger(__name__)
|
20 |
|
|
|
21 |
|
|
Client = OIDCClients(conf)['ozwillo']
|
22 |
b169c797
|
Serghei MIHAI
|
|
23 |
c8204b73
|
Serghei Mihai
|
def openid_callback(context, data):
|
24 |
|
|
print context
|
25 |
|
|
print data
|
26 |
b169c797
|
Serghei MIHAI
|
|
27 |
|
|
class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
|
28 |
|
|
plugins.implements(plugins.IConfigurer)
|
29 |
c8204b73
|
Serghei Mihai
|
plugins.implements(plugins.IRoutes)
|
30 |
|
|
plugins.implements(plugins.IAuthenticator, inherit=True)
|
31 |
b169c797
|
Serghei MIHAI
|
|
32 |
c8204b73
|
Serghei Mihai
|
def __init__(self, name=None):
|
33 |
|
|
self.client = Client
|
34 |
|
|
|
35 |
|
|
def before_map(self, map):
|
36 |
|
|
map.redirect('/organization/{id:.*}/sso', '/user/login')
|
37 |
|
|
map.connect('/openid/callback',
|
38 |
|
|
controller='ckanext.ozwillo_pyoidc.plugin:OpenidController',
|
39 |
|
|
action='openid_callback')
|
40 |
|
|
return map
|
41 |
|
|
|
42 |
|
|
def after_map(self, map):
|
43 |
|
|
return map
|
44 |
|
|
|
45 |
|
|
def identify(self):
|
46 |
|
|
# must set toolkit.c.user
|
47 |
|
|
pass
|
48 |
|
|
|
49 |
|
|
def login(self):
|
50 |
|
|
url, ht_args = self.client.create_authn_request(session, conf.ACR_VALUES)
|
51 |
|
|
if ht_args:
|
52 |
|
|
toolkit.request.headers.update(ht_args)
|
53 |
|
|
toolkit.redirect_to(url)
|
54 |
|
|
|
55 |
|
|
def logout(self):
|
56 |
|
|
# revoke all auth tokens
|
57 |
|
|
# redirect to logout in ozwillo
|
58 |
|
|
revoke_endpoint = 'https://portal.ozwillo-preprod.eu/a/revoke'
|
59 |
|
|
toolkit.redirect('/user/_logout')
|
60 |
b169c797
|
Serghei MIHAI
|
|
61 |
|
|
def update_config(self, config_):
|
62 |
|
|
toolkit.add_template_directory(config_, 'templates')
|
63 |
|
|
toolkit.add_public_directory(config_, 'public')
|
64 |
|
|
toolkit.add_resource('fanstatic', 'ozwillo_pyoidc')
|
65 |
c8204b73
|
Serghei Mihai
|
|
66 |
|
|
class OpenidController(base.BaseController):
|
67 |
|
|
|
68 |
|
|
def openid_callback(self):
|
69 |
|
|
userinfo = Client.callback(request.GET)
|
70 |
|
|
return "userinfo: %s" % userinfo
|