diff --git a/authentic2_idp_oauth2/admin.py b/authentic2_idp_oauth2/admin.py index bb924b2..4b66a3f 100644 --- a/authentic2_idp_oauth2/admin.py +++ b/authentic2_idp_oauth2/admin.py @@ -1,12 +1,34 @@ +from django.utils.translation import ugettext_lazy as _ from django.contrib import admin from provider.oauth2.admin import ClientAdmin from . import models -admin.site.register(models.A2Client, ClientAdmin) - class WebServiceAdmin(admin.ModelAdmin): prepopulated_fields = {'slug': ('name',)} +class AttributeReleaseInline(admin.TabularInline): + model = models.AttributeRelease + +class A2ClientAdmin(ClientAdmin): + inlines = [AttributeReleaseInline] + fieldsets = ( + (None, {'fields': ( + 'name', + 'user', + ) }), + (_('Location'), {'fields': ( + 'url', + 'redirect_uri', + ) }), + (_('Credentials'), {'fields': ( + 'client_id', + 'client_type', + 'client_secret', + ) }), + (_('Logout'), + {'fields': ('logout_url', 'logout_use_iframe', 'logout_use_iframe_timeout'),}),) + admin.site.register(models.WebService, WebServiceAdmin) +admin.site.register(models.A2Client, A2ClientAdmin) diff --git a/authentic2_idp_oauth2/migrations/0003_auto__add_attributerelease.py b/authentic2_idp_oauth2/migrations/0003_auto__add_attributerelease.py new file mode 100644 index 0000000..f9264e3 --- /dev/null +++ b/authentic2_idp_oauth2/migrations/0003_auto__add_attributerelease.py @@ -0,0 +1,102 @@ +# -*- coding: utf-8 -*- +from south.utils import datetime_utils as datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + + +class Migration(SchemaMigration): + + def forwards(self, orm): + # Adding model 'AttributeRelease' + db.create_table(u'authentic2_idp_oauth2_attributerelease', ( + (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), + ('client', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['authentic2_idp_oauth2.A2Client'])), + ('name', self.gf('django.db.models.fields.CharField')(max_length=64)), + ('attribute_name', self.gf('django.db.models.fields.CharField')(max_length=64)), + )) + db.send_create_signal(u'authentic2_idp_oauth2', ['AttributeRelease']) + + + def backwards(self, orm): + # Deleting model 'AttributeRelease' + db.delete_table(u'authentic2_idp_oauth2_attributerelease') + + + models = { + u'auth.group': { + 'Meta': {'object_name': 'Group'}, + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), + 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) + }, + u'auth.permission': { + 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'}, + 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) + }, + u'auth.user': { + 'Meta': {'object_name': 'User'}, + 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), + 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), + 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'}) + }, + u'authentic2_idp_oauth2.a2client': { + 'Meta': {'object_name': 'A2Client', '_ormbases': [u'oauth2.Client']}, + u'client_ptr': ('django.db.models.fields.related.OneToOneField', [], {'to': u"orm['oauth2.Client']", 'unique': 'True', 'primary_key': 'True'}), + 'logout_url': ('django.db.models.fields.URLField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + 'logout_use_iframe': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'logout_use_iframe_timeout': ('django.db.models.fields.PositiveIntegerField', [], {'default': '300'}) + }, + u'authentic2_idp_oauth2.attributerelease': { + 'Meta': {'object_name': 'AttributeRelease'}, + 'attribute_name': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'client': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['authentic2_idp_oauth2.A2Client']"}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '64'}) + }, + u'authentic2_idp_oauth2.webservice': { + 'Meta': {'object_name': 'WebService'}, + 'allow_redirects': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'auth_mech': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '16', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '32'}), + 'signature_key': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '128', 'blank': 'True'}), + 'slug': ('django.db.models.fields.SlugField', [], {'max_length': '32'}), + 'timeout': ('django.db.models.fields.IntegerField', [], {'default': '10'}), + 'url': ('django.db.models.fields.CharField', [], {'max_length': '1024'}), + 'verify_certificate': ('django.db.models.fields.BooleanField', [], {'default': 'True'}) + }, + u'contenttypes.contenttype': { + 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, + 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + }, + u'oauth2.client': { + 'Meta': {'object_name': 'Client'}, + 'client_id': ('django.db.models.fields.CharField', [], {'default': "'cf9fa9fcc8e786008f9a'", 'max_length': '255'}), + 'client_secret': ('django.db.models.fields.CharField', [], {'default': "'a033d904a82ffb7c186e9ca264e572ae8a4afb90'", 'max_length': '255'}), + 'client_type': ('django.db.models.fields.IntegerField', [], {}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}), + 'redirect_uri': ('django.db.models.fields.URLField', [], {'max_length': '200'}), + 'url': ('django.db.models.fields.URLField', [], {'max_length': '200'}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'oauth2_client'", 'null': 'True', 'to': u"orm['auth.User']"}) + } + } + + complete_apps = ['authentic2_idp_oauth2'] \ No newline at end of file diff --git a/authentic2_idp_oauth2/models.py b/authentic2_idp_oauth2/models.py index ec28b62..5bd2ff7 100644 --- a/authentic2_idp_oauth2/models.py +++ b/authentic2_idp_oauth2/models.py @@ -7,12 +7,27 @@ from provider.oauth2.models import Client from authentic2.models import LogoutUrlAbstract from authentic2.managers import GetBySlugManager +from authentic2.decorators import to_iter +from authentic2.attributes_ng.engine import get_attribute_names class A2Client(LogoutUrlAbstract, Client): class Meta: verbose_name = _('client') verbose_name_plural = _('clients') + +class AttributeRelease(models.Model): + client = models.ForeignKey(A2Client, verbose_name=_('client')) + name = models.CharField(verbose_name=_('name'), max_length=64) + attribute_name = models.CharField(max_length=64, + verbose_name=_('attribute name'), + choices=to_iter(get_attribute_names)({'user': None, 'request': None})) + + class Meta: + verbose_name = _('OAuth2 attribute release') + verbose_name_plural = _('oauth2 attribute releases') + + class WebService(models.Model): AUTH_MECH = ( ('', 'None'), diff --git a/authentic2_idp_oauth2/views.py b/authentic2_idp_oauth2/views.py index 1e626a8..4dfdb28 100644 --- a/authentic2_idp_oauth2/views.py +++ b/authentic2_idp_oauth2/views.py @@ -13,6 +13,7 @@ from provider.oauth2.views import Authorize from provider import scope from authentic2.models import FederatedId +from authentic2.attributes_ng.engine import get_attributes from . import forms, app_settings, models, signature @@ -52,16 +53,32 @@ def user_info(request): data = {} if request.user and request.user.is_authenticated(): if request.method == 'GET': - user = request.user data = { - 'username': user.username, - 'first_name': user.first_name, - 'last_name': user.last_name, - 'email': user.email, - 'display_name': user.get_full_name(), - 'role': user.groups.values_list('name', flat=True), } - add_targeted_id(request, data) + if request.auth is None: + ctx = get_attributes({ + 'request': request, + 'user': request.user, + }) + for key, value in ctx.iteritems(): + if isinstance(value, (str, unicode)): + data[key] = value + elif isinstance(value, (list, tuple)) and value and isinstance(value[0], (str, unicode)): + data[key] = value + else: + client = request.auth.client + qs = models.AttributeRelease.objects.filter(client=client) + wanted_attributes = [a.attribute_name for a in qs] + ctx = get_attributes({ + 'request': request, + 'user': request.user, + 'provider': client, + '__wanted_attributes': wanted_attributes, + }) + for a in qs: + if a.attribute_name in ctx: + data[a.name] = ctx[a.attribute_name] + add_targeted_id(request, data) elif request.method == 'DELETE': delete_targeted_id(request, data) return Response(data)