use hydra userinfo and id_token info

2020-05-30 23:33:59 +02:00 · 2020-05-30 23:33:59 +02:00 · 7a796825d0
parent 2a349d132a
commit 7a796825d0
2 changed files with 12 additions and 33 deletions
--- a/lenticular_cloud/views/api.py
+++ b/lenticular_cloud/views/api.py
@ -16,32 +16,6 @@ from ..auth_providers import LdapAuthProvider

 api_views = Blueprint('api', __name__, url_prefix='/api')

-@api_views.route('/userinfo', methods=['GET', 'POST'])
-def userinfo():
-    if 'authorization' not in request.headers:
-        return 'not token found', 400
-    token = request.headers['authorization'].replace('Bearer ', '')
-    token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
-    if not token_info.active:
-        return 'token not valid', 403
-
-    user_db = User.query.get(token_info.sub)
-    user = User.query_().by_username(user_db.username)
-
-    public_url = current_app.config.get('HYDRA_PUBLIC_URL')
-    r = requests.get(
-            f"{public_url}/userinfo",
-            headers={
-                'authorization': request.headers['authorization']})
-    userinfo = r.json()
-    scopes = token_info.scope.split(' ')
-    if 'email' in scopes:
-        userinfo['email'] = str(user.email)
-    if 'profile' in scopes:
-        userinfo['username'] = str(user.username)
-    print(userinfo)
-    return jsonify(userinfo)
-

@api_views.route('/users', methods=['GET'])
 def user_list():
--- a/lenticular_cloud/views/auth.py
+++ b/lenticular_cloud/views/auth.py
@ -8,7 +8,7 @@ from flask.templating import render_template
 from flask_babel import gettext

 from flask import request, url_for
-from flask_login import login_required, login_user, logout_user
+from flask_login import login_required, login_user, logout_user, current_user
 import logging
 from urllib.parse import urlparse
 from base64 import b64decode, b64encode
@ -36,9 +36,16 @@ def consent():

    requested_scope = consent_request.requested_scope
    requested_audiences = consent_request.requested_access_token_audience
-    user = User.query.get(consent_request.subject)

    if form.validate_on_submit() or consent_request.skip:
+        token_data = {
+            'preferred_username': str(current_user.username),
+            'email': str(current_user.email),
+            'email_verified': True,
+        }
+        id_token_data = {}
+        if 'openid' in requested_scope:
+            id_token_data = token_data
        resp = current_app.hydra_api.accept_consent_request(
            consent_request.challenge, body={
                'grant_scope': requested_scope,
@ -46,11 +53,9 @@ def consent():
                'remember': form.data['remember'],
                'remember_for': remember_for,
                'session': {
-                    'access_token': {},
-                    'id_token': {
-                        'preferred_username': user.username
-                        }
-                    }
+                    'access_token': token_data,
+                    'id_token': id_token_data
+                }
            })
        return redirect(resp.redirect_to)
    return render_template(