From 40db697f657a86ebf73d029c49e1827e5295f202 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 17 Oct 2013 15:59:48 +0200 Subject: [PATCH] Add teams support to the OpenID provider --- setup.py | 1 + velruse/providers/openid.py | 21 ++++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 2bf6aec..83ced22 100644 --- a/setup.py +++ b/setup.py @@ -10,6 +10,7 @@ 'requests', 'requests-oauthlib', 'anykeystore', + 'python-openid-teams', ] if PY3: diff --git a/velruse/providers/openid.py b/velruse/providers/openid.py index ae35bfa..f139c78 100644 --- a/velruse/providers/openid.py +++ b/velruse/providers/openid.py @@ -7,6 +7,8 @@ from openid.extensions import ax from openid.extensions import sreg +from openid_teams import teams + from pyramid.request import Response from pyramid.httpexceptions import HTTPFound from pyramid.security import NO_PERMISSION_REQUIRED @@ -83,6 +85,7 @@ def includeme(config): def add_openid_login(config, realm=None, storage=None, + teams=None, login_path='/login/openid', callback_path='/login/openid/callback', name='openid'): @@ -93,7 +96,7 @@ def add_openid_login(config, `openid.store.interface.OpenIDStore` protocol. If left as `None` then the provider will run in a stateless mode. """ - provider = OpenIDConsumer(name, 'openid', realm=realm, storage=storage) + provider = OpenIDConsumer(name, 'openid', realm=realm, storage=storage, teams=teams) config.add_route(provider.login_route, login_path) config.add_view(provider, attr='login', route_name=provider.login_route, @@ -117,12 +120,14 @@ def __init__(self, _type, realm=None, storage=None, + teams=None, context=OpenIDAuthenticationComplete): self.openid_store = storage self.name = name self.type = _type self.context = context self.realm_override = realm + self.requested_teams = teams self.login_route = 'velruse.%s-url' % name self.callback_route = 'velruse.%s-callback' % name @@ -158,6 +163,11 @@ def _update_authrequest(self, request, authrequest): ) authrequest.addExtension(sreg_request) + # Add the Teams extension request + if self.requested_teams: + teams_request = teams.TeamsRequest(requested=self.requested_teams) + authrequest.addExtension(teams_request) + def _get_access_token(self, request_token): """Called to exchange a request token for the access token @@ -251,7 +261,8 @@ def callback(self, request): user_data = extract_openid_data( identifier=openid_identity, sreg_resp=sreg.SRegResponse.fromSuccessResponse(info), - ax_resp=ax.FetchResponse.fromSuccessResponse(info) + ax_resp=ax.FetchResponse.fromSuccessResponse(info), + teams=teams.TeamsResponse.fromSuccessResponse(info) ) # Did we get any OAuth info? oauth = info.extensionResponse( @@ -301,7 +312,7 @@ def get(self, key, ax_only=False): return self.sreg_resp.get(key) -def extract_openid_data(identifier, sreg_resp, ax_resp): +def extract_openid_data(identifier, sreg_resp, ax_resp, teams_resp): """Extract the OpenID Data from Simple Reg and AX data This normalizes the data to the appropriate format. @@ -323,6 +334,10 @@ def extract_openid_data(identifier, sreg_resp, ax_resp): account['domain'] = 'openid.net' account['username'] = identifier + # Extract the teams the user is a member of + if teams_resp: + ud['teams'] = teams_resp.teams + # Sort out the display name and preferred username if account['domain'] == 'google.com': # Extract the first bit as the username since Google doesn't return