Projet

Général

Profil

« Précédent | Suivant » 

Révision f22ce77a

Ajouté par Serghei Mihai il y a environ 9 ans

user provisionning (#6718)

user create or update on sso

Voir les différences:

ckanext/ozwillo_pyoidc/conf.py
32 32
    },
33 33
    "behaviour": {
34 34
        "response_type": "code",
35
        "scope": ["openid", "profile"]
35
        "scope": ["openid", "profile", "email"]
36 36
    },
37 37
    "allow": {
38 38
        "issuer_mismatch": True
ckanext/ozwillo_pyoidc/oidc.py
90 90
                atresp = self.do_access_token_request(
91 91
                    scope="openid", state=authresp["state"], request_args=args,
92 92
                    authn_method=self.registration_response["token_endpoint_auth_method"])
93
                id_token = atresp['id_token']
94
                self.app_admin = 'app_admin' in id_token and id_token['app_admin']
95
                self.app_user = 'app_user' in id_token  and id_token['app_user']
93 96
            except Exception as err:
94 97
                logger.error("%s" % err)
95 98
                raise
ckanext/ozwillo_pyoidc/plugin.py
5 5
import ckan.plugins.toolkit as toolkit
6 6
from ckan.common import session, c, request, response
7 7
from ckan import model
8
from ckan.logic.action.create import user_create, member_create
8 9
import ckan.lib.base as base
9 10

  
10 11
from pylons import config
......
134 135
        locale = None
135 136
        log.info('Received userinfo: %s' % userinfo)
136 137

  
137
        if 'sub' in userinfo:
138
        if 'locale' in userinfo:
138 139
            locale = userinfo.get('locale', '')
139 140
            if '-' in locale:
140 141
                locale, country = locale.split('-')
141 142

  
143
        org_url = str(toolkit.url_for(host=request.host,
144
                                      controller="organization",
145
                                      action='read',
146
                                      id=g.name,
147
                                      locale=locale,
148
                                      qualified=True))
149
        if 'sub' in userinfo:
150

  
142 151
            userobj = model.User.get(userinfo['sub'])
152
            if not userobj:
153
                user_dict = {'id': userinfo['sub'],
154
                             'name': userinfo['sub'].replace('-', ''),
155
                             'email': userinfo['email'],
156
                             'password': userinfo['sub']
157
                             }
158
                context = {'ignore_auth': True, 'model': model,
159
                           'session': model.Session}
160
                user_create(context, user_dict)
161
                userobj = model.User.get(userinfo['sub'])
162
                if client.app_admin or client.app_user:
163
                    member_dict = {
164
                        'id': g.id,
165
                        'object': userinfo['sub'],
166
                        'object_type': 'user',
167
                        'capacity': 'admin',
168
                    }
169

  
170
                    member_create_context = {
171
                        'model': model,
172
                        'user': userobj.name,
173
                        'ignore_auth': True,
174
                        'session': session
175
                    }
176

  
177
                    member_create(member_create_context, member_dict)
178

  
179
            if 'nickname' in userinfo:
180
                userobj.name = userinfo['nickname']
181
            try:
182
                userobj.save()
183
            except Exception, e:
184
                log.warning('Error while saving user name: %s' % e)
185

  
143 186
            if 'given_name' in userinfo:
144 187
                userobj.fullname = userinfo['given_name']
145 188
            if 'family_name' in userinfo:
146
                userobj.fullname += userinfo['family_name']
189
                userobj.fullname += ' ' + userinfo['family_name']
147 190
            userobj.save()
148 191
            session['user'] = userobj.id
149 192
            session.save()
150 193

  
151
        org_url = toolkit.url_for(host=request.host,
152
                                  controller="organization",
153
                                  action='read',
154
                                  id=g.name,
155
                                  locale=locale,
156
                                  qualified=True)
157
        redirect_to(str(org_url))
194
        redirect_to(org_url)
158 195

  
159 196
    def logout(self):
160 197
        toolkit.c.slo_url = toolkit.url_for(host=request.host,

Formats disponibles : Unified diff