/ckanext/ozwillo_pyoidc/plugin.py - Annoter - Modules CKAN Ozwillo - Redmine Entr’ouvert

oidc / ckanext / ozwillo_pyoidc / plugin.py @ cfeed898

1	c8204b73	Serghei Mihai	import logging
2	a5f39ab1	Serghei MIHAI	import conf
3	c8204b73	Serghei Mihai
4	b169c797	Serghei MIHAI	import ckan.plugins as plugins
5			import ckan.plugins.toolkit as toolkit
6	a5f39ab1	Serghei MIHAI	from ckan.common import session, c, request
7			from ckan import model
8	c8204b73	Serghei Mihai	import ckan.lib.base as base
9
10			from pylons import config, request
11
12	b71e8531	Serghei MIHAI	import conf
13			from oidc import create_client
14	c8204b73	Serghei Mihai
15			plugin_config_prefix = 'ckanext.ozwillo_pyoidc.'
16
17			log = logging.getLogger(__name__)
18	a5f39ab1	Serghei MIHAI	plugin_controller = 'ckanext.ozwillo_pyoidc.plugin:OpenidController'
19	c8204b73	Serghei Mihai
20	b699aa44	Serghei MIHAI	_CLIENTS = {}
21
22			class Clients(object):
23
24			@classmethod
25			def get(cls, g):
26			global _CLIENTS
27			if g.id in _CLIENTS:
28			return _CLIENTS.get(g.id)
29			client = cls().get_client(g)
30			_CLIENTS.update({g.id: client})
31			return client
32
33			def get_client(self, g):
34			params = conf.CLIENT.copy()
35			params['client_registration'].update({
36			'client_id': g._extras['client_id'].value,
37			'client_secret': g._extras['client_secret'].value,
38			'redirect_uris': [toolkit.url_for(host=request.host,
39			controller=plugin_controller,
40			action='callback',
41			id=g.name,
42			qualified=True)]
43			})
44			return create_client(**params)
45
46	b169c797	Serghei MIHAI
47			class OzwilloPyoidcPlugin(plugins.SingletonPlugin):
48			plugins.implements(plugins.IConfigurer)
49	c8204b73	Serghei Mihai	plugins.implements(plugins.IRoutes)
50			plugins.implements(plugins.IAuthenticator, inherit=True)
51	b169c797	Serghei MIHAI
52	c8204b73	Serghei Mihai	def before_map(self, map):
53	a5f39ab1	Serghei MIHAI	map.connect('/organization/{id:.*}/sso',
54			controller=plugin_controller,
55			action='sso')
56			map.connect('/organization/{id:.*}/callback',
57			controller=plugin_controller,
58			action='callback')
59	1ae62674	Serghei MIHAI	map.connect('/user/slo',
60			controller=plugin_controller,
61			action='slo')
62			map.redirect('/organization/{id:.*}/logout', '/user/_logout')
63
64	c8204b73	Serghei Mihai	return map
65
66			def after_map(self, map):
67			return map
68
69			def identify(self):
70	a5f39ab1	Serghei MIHAI	user = session.get('user')
71			if user and not toolkit.c.userobj:
72			userobj = model.User.get(user)
73			toolkit.c.user = userobj.name
74			toolkit.c.userobj = userobj
75	c8204b73	Serghei Mihai
76			def login(self):
77	a5f39ab1	Serghei MIHAI	if 'organization_id' in session:
78			g = model.Group.get(session['organization_id'])
79	b699aa44	Serghei MIHAI	client = Clients.get(g)
80			url, ht_args = client.create_authn_request(session, conf.ACR_VALUES)
81	a5f39ab1	Serghei MIHAI	if ht_args:
82			toolkit.request.headers.update(ht_args)
83			toolkit.redirect_to(url)
84			else:
85			toolkit.redirect_to('/')
86	c8204b73	Serghei Mihai
87			def logout(self):
88	b87c1c93	Serghei MIHAI	log.info('Logging out user: %s' % session['user'])
89	7400c5df	Serghei MIHAI	session['user'] = None
90	b87c1c93	Serghei MIHAI	session.save()
91			g = model.Group.get(session['organization_id'])
92			if g:
93	84922cdf	Serghei MIHAI	org_url = toolkit.url_for(host=request.host,
94			controller='organization',
95			action='read',
96			id=g.name,
97			qualified=True)
98
99	b87c1c93	Serghei MIHAI	toolkit.redirect_to(str(org_url))
100			else:
101			toolkit.redirect_to('/')
102	b169c797	Serghei MIHAI
103			def update_config(self, config_):
104			toolkit.add_template_directory(config_, 'templates')
105			toolkit.add_public_directory(config_, 'public')
106			toolkit.add_resource('fanstatic', 'ozwillo_pyoidc')
107	c8204b73	Serghei Mihai
108			class OpenidController(base.BaseController):
109
110	a5f39ab1	Serghei MIHAI	def sso(self, id):
111			log.info('SSO for organization "%s"' % id)
112			session['organization_id'] = id
113			session.save()
114			log.info('redirecting to login page')
115			login_url = toolkit.url_for(host=request.host,
116			controller='user',
117			action='login',
118			qualified=True)
119			toolkit.redirect_to(login_url)
120
121			def callback(self):
122	b699aa44	Serghei MIHAI	g = model.Group.get(session['organization_id'])
123			client = Clients.get(g)
124			userinfo = client.callback(request.GET)
125			log.info('Received userinfo: %s' % userinfo)
126	e7b8bf5b	Serghei MIHAI	userobj = model.User.get(userinfo['sub'])
127	b699aa44	Serghei MIHAI	if userobj:
128			if 'given_name' in userinfo:
129			userobj.fullname = userinfo['given_name']
130			if 'family_name' in userinfo:
131			userobj.fullname += userinfo['family_name']
132			userobj.save()
133			session['user'] = userobj.id
134			session.save()
135
136			org_url = toolkit.url_for(host=request.host,
137			controller="organization",
138			action='read',
139	cdd21e6f	Serghei MIHAI	id=g.name,
140	b013655e	Serghei MIHAI	locale=userinfo.get('locale'),
141	b699aa44	Serghei MIHAI	qualified=True)
142	b013655e	Serghei MIHAI	toolkit.redirect_to(str(org_url))
143	1ae62674	Serghei MIHAI
144			def slo(self):
145			"""
146			Revokes the delivered access token. Logs out the user
147			"""
148	b699aa44	Serghei MIHAI	g = model.Group.get(session['organization_id'])
149			client = Clients.get(g)
150			logout_url = client.end_session_endpoint
151	1ae62674	Serghei MIHAI	org_url = toolkit.url_for(host=request.host,
152			controller='organization',
153			action='read',
154	cdd21e6f	Serghei MIHAI	id=g.name,
155	1ae62674	Serghei MIHAI	qualified=True)
156			redirect_uri = org_url + '/logout'
157
158			# revoke the access token
159			headers = {'Content-Type': 'application/x-www-form-urlencoded'}
160	b699aa44	Serghei MIHAI	data = 'token=%s&token_type_hint=access_token' % client.access_token
161			client.http_request(client.revocation_endpoint, 'POST',
162	1ae62674	Serghei MIHAI	data=data, headers=headers)
163
164			# redirect to IDP logout
165	b699aa44	Serghei MIHAI	logout_url += '?id_token_hint=%s&' % client.id_token
166	1ae62674	Serghei MIHAI	logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
167	880b5def	Serghei MIHAI	toolkit.redirect_to(str(logout_url))

Projet

Général

Profil

Ozwillo » Modules CKAN Ozwillo

oidc / ckanext / ozwillo_pyoidc / plugin.py @ cfeed898