auth: user info -> principal
This commit is contained in:
parent
35cf8884bf
commit
2a52d8a481
2 changed files with 34 additions and 2 deletions
|
@ -9,6 +9,7 @@ from urllib.parse import urlencode
|
|||
from zope.authentication.interfaces import IAuthentication, IPrincipal
|
||||
from zope.interface import implementer
|
||||
from zope.publisher.interfaces import Unauthorized
|
||||
from zope.security.interfaces import IGroupAwarePrincipal
|
||||
|
||||
from scopes.server.browser import DefaultView, register
|
||||
from scopes.storage.folder import DummyFolder, Root
|
||||
|
@ -51,13 +52,21 @@ JwtAuthentication = OidcAuthentication # old name - still used?
|
|||
authentication = OidcAuthentication(None)
|
||||
|
||||
|
||||
@implementer(IPrincipal)
|
||||
@implementer(IGroupAwarePrincipal)
|
||||
class Principal:
|
||||
|
||||
def __init__(self, id, data):
|
||||
self.id = id
|
||||
self.data = data
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
return self.data['name']
|
||||
|
||||
@property
|
||||
def groups(self):
|
||||
return self.data.get('groups', [])
|
||||
|
||||
def asDict(self):
|
||||
data = self.data.copy()
|
||||
data['id'] = self.id
|
||||
|
@ -85,7 +94,7 @@ class Authenticator(DummyFolder):
|
|||
data = self.loadSession()
|
||||
print('*** authenticate', data)
|
||||
if data and 'userid' in data:
|
||||
id = data.pop('userid')
|
||||
id = self.params['principal_prefix'] + data.pop('userid')
|
||||
return Principal(id, data)
|
||||
return None
|
||||
|
||||
|
@ -133,10 +142,14 @@ class Authenticator(DummyFolder):
|
|||
userInfo = requests.get(self.params['userinfo_url'], headers=headers)
|
||||
userData = userInfo.json()
|
||||
print('*** user data', userData)
|
||||
groupInfo = userData.get('urn:zitadel:iam:org:project:roles', {})
|
||||
print('*** group info', groupInfo)
|
||||
groupInfo = userData.get('urn:zitadel:iam:org:project:roles')
|
||||
ndata = dict(
|
||||
userid=userData['preferred_username'],
|
||||
name=userData['name'],
|
||||
email=userData['email'],
|
||||
groups=groupInfo.keys(),
|
||||
access_token=tdata['access_token'],
|
||||
)
|
||||
self.storeSession(ndata)
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
# py-scopes/tests/config.py
|
||||
|
||||
from os import getenv
|
||||
|
||||
#from scopes.server.app import demo_app, zope_app
|
||||
|
||||
# server / app settings
|
||||
server_port = '8999'
|
||||
base_url = 'testing:'
|
||||
#app = zope_app
|
||||
|
||||
# storage settings
|
||||
|
@ -15,3 +18,19 @@ dbuser = None
|
|||
dbpassword = None
|
||||
dbschema = None
|
||||
|
||||
# authentication settings
|
||||
oidc_provider = 'testing:'
|
||||
oidc_client_id = getenv('OIDC_CLIENT_ID', '12345')
|
||||
oidc_params = dict(
|
||||
auth_url=getenv('OIDC_PROVIDER_URL', oidc_provider + '/oauth/v2/authorize'),
|
||||
token_url=getenv('OIDC_TOKEN_URL', oidc_provider + '/oauth/v2/token'),
|
||||
userinfo_url=getenv('OIDC_USERINFO_URL', oidc_provider + '/oidc/v1/userinfo'),
|
||||
callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth_callback'),
|
||||
client_id=oidc_client_id,
|
||||
principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'),
|
||||
cookie_name=getenv('OIDC_COOKIE_NAME', 'oidc_' + oidc_client_id),
|
||||
cookie_domain=getenv('OIDC_COOKIE_DOMAIN', None),
|
||||
cookie_lifetime=getenv('OIDC_COOKIE_LIFETIME', '86400'),
|
||||
cookie_crypt=getenv('OIDC_COOKIE_CRYPT', None)
|
||||
)
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue