Révision cf38fede
Ajouté par Serghei Mihai (congés, retour 15/05) il y a environ 9 ans
ckanext/ozwillo_pyoidc/oidc.py | ||
---|---|---|
63 | 63 |
""" |
64 | 64 |
authresp = self.parse_response(AuthorizationResponse, response, |
65 | 65 |
sformat="dict", keyjar=self.keyjar) |
66 |
|
|
67 |
if self.state != authresp['state']: |
|
68 |
raise OIDCError("Invalid state %s." % authresp["state"]) |
|
66 |
try: |
|
67 |
if self.state != authresp['state']: |
|
68 |
raise OIDCError("Invalid state %s." % authresp["state"]) |
|
69 |
except AttributeError: |
|
70 |
raise OIDCError("access denied") |
|
69 | 71 |
|
70 | 72 |
if isinstance(authresp, ErrorResponse): |
71 | 73 |
return OIDCError("Access denied") |
ckanext/ozwillo_pyoidc/plugin.py | ||
---|---|---|
7 | 7 |
from ckan import model |
8 | 8 |
from ckan.logic.action.create import user_create, member_create |
9 | 9 |
import ckan.lib.base as base |
10 |
from ckan.lib.helpers import flash_error |
|
10 | 11 |
|
11 | 12 |
from pylons import config |
12 | 13 |
|
13 | 14 |
import conf |
14 |
from oidc import create_client |
|
15 |
from oidc import create_client, OIDCError
|
|
15 | 16 |
|
16 | 17 |
plugin_config_prefix = 'ckanext.ozwillo_pyoidc.' |
17 | 18 |
|
... | ... | |
128 | 129 |
def callback(self): |
129 | 130 |
g = model.Group.get(session['organization_id']) |
130 | 131 |
client = Clients.get(g) |
131 |
userinfo = client.callback(request.GET) |
|
132 |
org_url = str(toolkit.url_for(controller="organization", |
|
133 |
action='read', |
|
134 |
id=g.name)) |
|
135 |
try: |
|
136 |
userinfo = client.callback(request.GET) |
|
137 |
except OIDCError, e: |
|
138 |
flash_error('Login failed') |
|
139 |
redirect_to(org_url, qualified=True) |
|
132 | 140 |
locale = None |
133 | 141 |
log.info('Received userinfo: %s' % userinfo) |
134 | 142 |
|
... | ... | |
137 | 145 |
if '-' in locale: |
138 | 146 |
locale, country = locale.split('-') |
139 | 147 |
|
140 |
org_url = str(toolkit.url_for(host=request.host, |
|
141 |
controller="organization", |
|
142 |
action='read', |
|
143 |
id=g.name, |
|
144 |
locale=locale, |
|
145 |
qualified=True)) |
|
148 |
org_url = toolkit.url_for(org_url, locale=locale, qualified=True) |
|
146 | 149 |
if 'sub' in userinfo: |
147 | 150 |
|
148 | 151 |
userobj = model.User.get(userinfo['sub']) |
Formats disponibles : Unified diff
handling unauthorized user login attempt