103 lines
3.1 KiB
Python
103 lines
3.1 KiB
Python
# scopes.server.auth
|
|
|
|
from oic import oic, rndstr
|
|
from oic.oic.message import AuthorizationResponse
|
|
|
|
from zope.authentication.interfaces import IAuthentication
|
|
from zope.interface import implementer
|
|
from zope.publisher.interfaces import Unauthorized
|
|
|
|
from scopes.server.browser import DefaultView, register
|
|
from scopes.storage.folder import DummyFolder, Root
|
|
|
|
import config
|
|
|
|
|
|
def authenticate(request):
|
|
#print('*** authenticate')
|
|
return None
|
|
|
|
|
|
@implementer(IAuthentication)
|
|
class OidcAuthentication:
|
|
|
|
def __init__(self, baseAuth):
|
|
self.baseAuth = baseAuth
|
|
|
|
def authenticate(self, request):
|
|
prc = authenticate(request)
|
|
# prc = Authenticator().authenticate(request)
|
|
if prc is None and self.baseAuth is not None:
|
|
prc = self.baseAuth.authenticate(request)
|
|
return prc
|
|
|
|
def getPrincipal(self, id):
|
|
if self.baseAuth is not None:
|
|
return self.baseAuth.getPrincipal(id)
|
|
|
|
def unauthenticatedPrincipal(self):
|
|
if self.baseAuth is not None:
|
|
return self.baseAuth.unauthenticatedPrincipal()
|
|
|
|
def unauthorized(self, id, request):
|
|
if self.baseAuth is not None:
|
|
return self.baseAuth.unauthorized(id, request)
|
|
|
|
def logout(self, request):
|
|
print('*** OidcAuthentication: logout')
|
|
|
|
JwtAuthentication = OidcAuthentication # old name - still used?
|
|
|
|
|
|
class Authenticator(DummyFolder):
|
|
|
|
prefix = 'auth'
|
|
|
|
def authenticate(request):
|
|
return None
|
|
|
|
def login(self, request):
|
|
params = config.oidc_params
|
|
print('*** login', self, request.getTraversalStack(), request['PATH_INFO'])
|
|
#print('***', dir(request))
|
|
client = oic.Client()
|
|
#providerInfo = client.provider_config(params['provider_url'])
|
|
#print('***', providerInfo)
|
|
#client.register(providerInfo['registration_endpoint'], application_type='web')
|
|
requestArgs = dict(
|
|
client_id=params['client_id'],
|
|
response_type='code', # 'code id_token token',
|
|
state=rndstr(), nonce=rndstr(),
|
|
scope=['openid', 'profile'],
|
|
redirect_uri=params['callback_url'],
|
|
)
|
|
authReq = client.construct_AuthorizationRequest(request_args=requestArgs)
|
|
#loginUrl = authReq.request(client.authorization_endpoint)
|
|
loginUrl = authReq.request(params['provider_url'])
|
|
print('***', loginUrl)
|
|
request.response.redirect(loginUrl, trusted=True)
|
|
|
|
def callback(self, request):
|
|
print('*** callback', self, request.form)
|
|
code = request.form['code']
|
|
|
|
|
|
@register('auth', Root)
|
|
def authView(context, request):
|
|
print('*** auth', context, request['PATH_INFO'])
|
|
return Authenticator()
|
|
|
|
@register('login', Authenticator)
|
|
def login(context, request):
|
|
context.login(request)
|
|
return DefaultView(context, request)
|
|
|
|
@register('callback', Authenticator)
|
|
def callback(context, request):
|
|
context.callback(request)
|
|
return DefaultView(context, request)
|
|
|
|
@register('logout', Authenticator)
|
|
def logout(context, request):
|
|
print('*** logout', context, request['PATH_INFO'], request.getTraversalStack())
|
|
return DefaultView(context, request)
|