From f22ce77aba9bd2574c3faeb5821d6dad223eafb5 Mon Sep 17 00:00:00 2001 From: Serghei MIHAI Date: Fri, 13 Mar 2015 15:46:38 +0100 Subject: [PATCH] user provisionning (#6718) user create or update on sso --- ckanext/ozwillo_pyoidc/conf.py | 2 +- ckanext/ozwillo_pyoidc/oidc.py | 3 ++ ckanext/ozwillo_pyoidc/plugin.py | 55 ++++++++++++++++++++++++++------ 3 files changed, 50 insertions(+), 10 deletions(-) diff --git a/ckanext/ozwillo_pyoidc/conf.py b/ckanext/ozwillo_pyoidc/conf.py index bb75f0b..9dcc3ad 100644 --- a/ckanext/ozwillo_pyoidc/conf.py +++ b/ckanext/ozwillo_pyoidc/conf.py @@ -32,7 +32,7 @@ CLIENT = { }, "behaviour": { "response_type": "code", - "scope": ["openid", "profile"] + "scope": ["openid", "profile", "email"] }, "allow": { "issuer_mismatch": True diff --git a/ckanext/ozwillo_pyoidc/oidc.py b/ckanext/ozwillo_pyoidc/oidc.py index bb6218f..384a59d 100755 --- a/ckanext/ozwillo_pyoidc/oidc.py +++ b/ckanext/ozwillo_pyoidc/oidc.py @@ -90,6 +90,9 @@ class Client(oic.Client): atresp = self.do_access_token_request( scope="openid", state=authresp["state"], request_args=args, authn_method=self.registration_response["token_endpoint_auth_method"]) + id_token = atresp['id_token'] + self.app_admin = 'app_admin' in id_token and id_token['app_admin'] + self.app_user = 'app_user' in id_token and id_token['app_user'] except Exception as err: logger.error("%s" % err) raise diff --git a/ckanext/ozwillo_pyoidc/plugin.py b/ckanext/ozwillo_pyoidc/plugin.py index ea4206a..2f280d3 100755 --- a/ckanext/ozwillo_pyoidc/plugin.py +++ b/ckanext/ozwillo_pyoidc/plugin.py @@ -5,6 +5,7 @@ import ckan.plugins as plugins import ckan.plugins.toolkit as toolkit from ckan.common import session, c, request, response from ckan import model +from ckan.logic.action.create import user_create, member_create import ckan.lib.base as base from pylons import config @@ -134,27 +135,63 @@ class OpenidController(base.BaseController): locale = None log.info('Received userinfo: %s' % userinfo) - if 'sub' in userinfo: + if 'locale' in userinfo: locale = userinfo.get('locale', '') if '-' in locale: locale, country = locale.split('-') + org_url = str(toolkit.url_for(host=request.host, + controller="organization", + action='read', + id=g.name, + locale=locale, + qualified=True)) + if 'sub' in userinfo: + userobj = model.User.get(userinfo['sub']) + if not userobj: + user_dict = {'id': userinfo['sub'], + 'name': userinfo['sub'].replace('-', ''), + 'email': userinfo['email'], + 'password': userinfo['sub'] + } + context = {'ignore_auth': True, 'model': model, + 'session': model.Session} + user_create(context, user_dict) + userobj = model.User.get(userinfo['sub']) + if client.app_admin or client.app_user: + member_dict = { + 'id': g.id, + 'object': userinfo['sub'], + 'object_type': 'user', + 'capacity': 'admin', + } + + member_create_context = { + 'model': model, + 'user': userobj.name, + 'ignore_auth': True, + 'session': session + } + + member_create(member_create_context, member_dict) + + if 'nickname' in userinfo: + userobj.name = userinfo['nickname'] + try: + userobj.save() + except Exception, e: + log.warning('Error while saving user name: %s' % e) + if 'given_name' in userinfo: userobj.fullname = userinfo['given_name'] if 'family_name' in userinfo: - userobj.fullname += userinfo['family_name'] + userobj.fullname += ' ' + userinfo['family_name'] userobj.save() session['user'] = userobj.id session.save() - org_url = toolkit.url_for(host=request.host, - controller="organization", - action='read', - id=g.name, - locale=locale, - qualified=True) - redirect_to(str(org_url)) + redirect_to(org_url) def logout(self): toolkit.c.slo_url = toolkit.url_for(host=request.host,