From 7a796825d013461fb4ba27b0a9d4ed3bb11c6eec Mon Sep 17 00:00:00 2001 From: TuxCoder Date: Sat, 30 May 2020 23:33:59 +0200 Subject: [PATCH] use hydra userinfo and id_token info --- lenticular_cloud/views/api.py | 26 -------------------------- lenticular_cloud/views/auth.py | 19 ++++++++++++------- 2 files changed, 12 insertions(+), 33 deletions(-) diff --git a/lenticular_cloud/views/api.py b/lenticular_cloud/views/api.py index 3e00f85..3846f99 100644 --- a/lenticular_cloud/views/api.py +++ b/lenticular_cloud/views/api.py @@ -16,32 +16,6 @@ from ..auth_providers import LdapAuthProvider api_views = Blueprint('api', __name__, url_prefix='/api') -@api_views.route('/userinfo', methods=['GET', 'POST']) -def userinfo(): - if 'authorization' not in request.headers: - return 'not token found', 400 - token = request.headers['authorization'].replace('Bearer ', '') - token_info = current_app.hydra_api.introspect_o_auth2_token(token=token) - if not token_info.active: - return 'token not valid', 403 - - user_db = User.query.get(token_info.sub) - user = User.query_().by_username(user_db.username) - - public_url = current_app.config.get('HYDRA_PUBLIC_URL') - r = requests.get( - f"{public_url}/userinfo", - headers={ - 'authorization': request.headers['authorization']}) - userinfo = r.json() - scopes = token_info.scope.split(' ') - if 'email' in scopes: - userinfo['email'] = str(user.email) - if 'profile' in scopes: - userinfo['username'] = str(user.username) - print(userinfo) - return jsonify(userinfo) - @api_views.route('/users', methods=['GET']) def user_list(): diff --git a/lenticular_cloud/views/auth.py b/lenticular_cloud/views/auth.py index 98bc8be..cc6265b 100644 --- a/lenticular_cloud/views/auth.py +++ b/lenticular_cloud/views/auth.py @@ -8,7 +8,7 @@ from flask.templating import render_template from flask_babel import gettext from flask import request, url_for -from flask_login import login_required, login_user, logout_user +from flask_login import login_required, login_user, logout_user, current_user import logging from urllib.parse import urlparse from base64 import b64decode, b64encode @@ -36,9 +36,16 @@ def consent(): requested_scope = consent_request.requested_scope requested_audiences = consent_request.requested_access_token_audience - user = User.query.get(consent_request.subject) if form.validate_on_submit() or consent_request.skip: + token_data = { + 'preferred_username': str(current_user.username), + 'email': str(current_user.email), + 'email_verified': True, + } + id_token_data = {} + if 'openid' in requested_scope: + id_token_data = token_data resp = current_app.hydra_api.accept_consent_request( consent_request.challenge, body={ 'grant_scope': requested_scope, @@ -46,11 +53,9 @@ def consent(): 'remember': form.data['remember'], 'remember_for': remember_for, 'session': { - 'access_token': {}, - 'id_token': { - 'preferred_username': user.username - } - } + 'access_token': token_data, + 'id_token': id_token_data + } }) return redirect(resp.redirect_to) return render_template(