Ozwillo » Modules CKAN Ozwillo

import logging

import ckan.plugins.toolkit as toolkit

from oidc import create_client

plugin_config_prefix = 'ckanext.ozwillo_pyoidc.'

log = logging.getLogger(__name__)

class Clients(object):

    @classmethod

    def get(cls, g):

        global _CLIENTS

        if g.id in _CLIENTS:

            return _CLIENTS.get(g.id)

        client = cls().get_client(g)

        _CLIENTS.update({g.id: client})

        return client

    def get_client(self, g):

        params = conf.CLIENT.copy()

        params['client_registration'].update({

            'client_id': g._extras['client_id'].value,

            'client_secret': g._extras['client_secret'].value,

                                      controller=plugin_controller,

                                      action='callback',

                                      id=g.name,

                                      qualified=True)]

        return create_client(**params)

class OzwilloPyoidcPlugin(plugins.SingletonPlugin):

    plugins.implements(plugins.IConfigurer)

    plugins.implements(plugins.IAuthenticator, inherit=True)

                    controller=plugin_controller,

                    action='sso')

        map.connect('/organization/{id:.*}/callback',

                    controller=plugin_controller,

                    action='callback')

                    action='logout')

                    controller=plugin_controller,

                    conditions={'method': ['POST']})

    def after_map(self, map):

        return map

    def identify(self):

        if user and not toolkit.c.userobj:

            userobj = model.User.get(user)

            toolkit.c.user = userobj.name

            toolkit.c.userobj = userobj

    def login(self):

            value = request.cookies.get(cookie)

            response.set_cookie(cookie, value, secure=True, httponly=True)

            g = model.Group.get(session['organization_id'])

                toolkit.request.headers.update(ht_args)

    def logout(self):

        g = model.Group.get(session['organization_id'])

        if g:

                                      controller='organization',

                                      action='read',

                                      id=g.name,

                                      qualified=True)

    def update_config(self, config_):

        toolkit.add_template_directory(config_, 'templates')

        toolkit.add_public_directory(config_, 'public')

        toolkit.add_resource('fanstatic', 'ozwillo_pyoidc')

class OpenidController(base.BaseController):

        log.info('SSO for organization "%s"' % id)

        session['organization_id'] = id

        session.save()

        log.info('redirecting to login page')

        login_url = toolkit.url_for(host=request.host,

                                    controller='user',

                                    action='login',

                                    qualified=True)

    def callback(self):

        client = Clients.get(g)

        userinfo = client.callback(request.GET)

            locale = userinfo.get('locale', '')

            if '-' in locale:

                locale, country = locale.split('-')

            userobj = model.User.get(userinfo['sub'])

                userobj.fullname = userinfo['given_name']

            if 'family_name' in userinfo:

                userobj.fullname += userinfo['family_name']

            userobj.save()

            session['user'] = userobj.id

            session.save()

        org_url = toolkit.url_for(host=request.host,

                                  controller="organization",

                                  action='read',

        toolkit.c.slo_url = toolkit.url_for(host=request.host,

                                            controller=plugin_controller,

                                            action="slo",

                                            qualified=True)

        return base.render('logout_confirm.html')

        """

        Revokes the delivered access token. Logs out the user

        """

                                  controller='organization',

                                  action='read',

        if toolkit.c.user and request.method == 'POST':

            client = Clients.get(g)

            logout_url = client.end_session_endpoint

            redirect_uri = org_url + '/logout'

                self.sso(g.name)

            headers = {'Content-Type': 'application/x-www-form-urlencoded'}

            data = 'token=' + client.access_token

            data += '&token_type_hint=access_token'

            client.http_request(client.revocation_endpoint, 'POST',

                                data=data, headers=headers)

            # redirect to IDP logout

            logout_url += '?id_token_hint=%s&' % client.id_token

            logout_url += 'post_logout_redirect_uri=%s' % redirect_uri

                response.delete_cookie(cookie)