1
|
import logging
|
2
|
|
3
|
import ckan.plugins as plugins
|
4
|
import ckan.plugins.toolkit as toolkit
|
5
|
from ckan.common import session
|
6
|
import ckan.lib.base as base
|
7
|
|
8
|
from pylons import config, request
|
9
|
|
10
|
from oidc import OIDCClients
|
11
|
|
12
|
import conf
|
13
|
|
14
|
from oic.oic import Client, AuthorizationRequest
|
15
|
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
|
16
|
|
17
|
plugin_config_prefix = 'ckanext.ozwillo_pyoidc.'
|
18
|
|
19
|
log = logging.getLogger(__name__)
|
20
|
|
21
|
Client = OIDCClients(conf)['ozwillo']
|
22
|
|
23
|
def openid_callback(context, data):
|
24
|
print context
|
25
|
print data
|
26
|
|
27
|
class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
|
28
|
plugins.implements(plugins.IConfigurer)
|
29
|
plugins.implements(plugins.IRoutes)
|
30
|
plugins.implements(plugins.IAuthenticator, inherit=True)
|
31
|
|
32
|
def __init__(self, name=None):
|
33
|
self.client = Client
|
34
|
|
35
|
def before_map(self, map):
|
36
|
map.redirect('/organization/{id:.*}/sso', '/user/login')
|
37
|
map.connect('/openid/callback',
|
38
|
controller='ckanext.ozwillo_pyoidc.plugin:OpenidController',
|
39
|
action='openid_callback')
|
40
|
return map
|
41
|
|
42
|
def after_map(self, map):
|
43
|
return map
|
44
|
|
45
|
def identify(self):
|
46
|
# must set toolkit.c.user
|
47
|
pass
|
48
|
|
49
|
def login(self):
|
50
|
url, ht_args = self.client.create_authn_request(session, conf.ACR_VALUES)
|
51
|
if ht_args:
|
52
|
toolkit.request.headers.update(ht_args)
|
53
|
toolkit.redirect_to(url)
|
54
|
|
55
|
def logout(self):
|
56
|
# revoke all auth tokens
|
57
|
# redirect to logout in ozwillo
|
58
|
revoke_endpoint = 'https://portal.ozwillo-preprod.eu/a/revoke'
|
59
|
toolkit.redirect('/user/_logout')
|
60
|
|
61
|
def update_config(self, config_):
|
62
|
toolkit.add_template_directory(config_, 'templates')
|
63
|
toolkit.add_public_directory(config_, 'public')
|
64
|
toolkit.add_resource('fanstatic', 'ozwillo_pyoidc')
|
65
|
|
66
|
class OpenidController(base.BaseController):
|
67
|
|
68
|
def openid_callback(self):
|
69
|
userinfo = Client.callback(request.GET)
|
70
|
return "userinfo: %s" % userinfo
|