views: add federation support by generating a pseudonymous federation identifier

This commit is contained in:
Benjamin Dauvergne 2014-03-10 09:25:54 +01:00
parent 7d5a3f1356
commit 4b3ec93fb3
1 changed files with 52 additions and 13 deletions

View File

@ -1,32 +1,71 @@
from django.conf import settings
import uuid
from rest_framework.decorators import (api_view, authentication_classes,
permission_classes)
from rest_framework.authentication import (OAuth2Authentication,
SessionAuthentication)
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from provider.oauth2.views import Authorize
from provider import scope
from authentic2.models import FederatedId
from . import forms, app_settings
@api_view(['GET'])
__ALL_ = [ 'user_info', 'Authorize' ]
def add_targeted_id(request, data):
'''Retrieve a targeted id for the user and this client, if none exist
create one using a random UUID.
'''
if request.auth is not None:
if hasattr(request.auth, 'client'):
client = request.auth.client
user = request.user
fedid = FederatedId.objects.get_or_create_for_local_user_and_service(
user, client,
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'urn:uuid:%s' % uuid.uuid4())
data['targeted_id'] = fedid.id_value
return data
def delete_targeted_id(request, data):
'''Delete the targeted id'''
if request.auth is not None:
if hasattr(request.auth, 'client'):
client = request.auth.client
user = request.user
qs = FederatedId.objects.for_local_user_and_service(
user, client)
qs.delete()
@api_view(['GET', 'DELETE'])
@authentication_classes([OAuth2Authentication, SessionAuthentication])
@permission_classes([IsAuthenticated])
def user_info(request):
user = request.user
return Response({
'username': user.username,
'first_name': user.first_name,
'last_name': user.last_name,
'email': user.email,
'display_name': user.get_full_name(),
'role': user.groups.values_list('name', flat=True),
})
'''User info endpoint'''
data = {}
if request.user and request.user.is_authenticated():
if request.method == 'GET':
user = request.user
data = {
'username': user.username,
'first_name': user.first_name,
'last_name': user.last_name,
'email': user.email,
'display_name': user.get_full_name(),
'role': user.groups.values_list('name', flat=True),
}
add_targeted_id(request, data)
elif request.method == 'DELETE':
delete_targeted_id(request, data)
return Response(data)
class Authorize(Authorize):
'''Overload the default Authorize view of django-oauth2-provider to permit
automatic grant for some scopes and some clients
'''
def get_authorization_form(self, request, client, data, client_data):
for url_prefix, scopes in app_settings.AUTOMATIC_GRANT:
if client.url.startswith(url_prefix) and \