Added support for OpenID Connect with mozilla-django-oidc==1.2.4. Minor... (d9ecf80a) · Commits · ExaCT / Rosetta

services/webapp/code/rosetta/auth.py

0 → 100644

+26 −0

Original line number	Diff line number	Diff line
		from mozilla_django_oidc.auth import OIDCAuthenticationBackend
		from .core_app.utils import finalize_user_creation

		# Setup logging
		import logging
		logger = logging.getLogger(__name__)


		class RosettaOIDCAuthenticationBackend(OIDCAuthenticationBackend):

		def create_user(self, claims):

		# Call parent user creation function
		user = super(RosettaOIDCAuthenticationBackend, self).create_user(claims)

		# Add profile, keys etc.
		finalize_user_creation(user)

		return user


		def get_userinfo(self, access_token, id_token, payload):

		# Payload must contain the "email" key
		return payload

0 → 100644

+9 −0

Original line number	Diff line number	Diff line
		import os
		from django.conf import settings
		def export_vars(request):
		data = {}
		if settings.OIDC_RP_CLIENT_ID:
		data['OPENID_ENABLED'] = True
		else:
		data['OPENID_ENABLED'] = False
		return data
		No newline at end of file

+15 −2

Original line number	Diff line number	Diff line
		@@ -22,7 +22,7 @@
		<b>Account ID</b>
		</td>
		<td>
		{{data.user.username}} \| <a href="/logout/">Logout</a>
		{{data.user.username}}
		</td>
		</tr>

		@@ -99,8 +99,21 @@
		</tr>

		</table>
		</form>

		<div style="margin-left:10px; margin-top:40px">
		{% if OPENID_ENABLED %}
		<form action="{% url 'oidc_logout' %}" method="post">
		{% csrf_token %}
		<input type="submit" value="logout">
		</form>
		{% else %}
		<form action="/logout/" method="get">
		<input type="submit" value="logout">
		</form>
		{% endif %}
		</div>


		<br/>
		<br/>

+18 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,8 @@
		<input type="password" class="form-control" placeholder="Password" name='password'>
		<input type='submit' class="btn btn-lg ha-btn-lg" value='Login' />
		</form>
		{% if OPENID %}
		{% endif %}
		</center>
		</li>
		<center>
		@@ -54,6 +56,22 @@
		</center>
		{% endif %}

		{% if OPENID_ENABLED %}

		<li>
		{% if not user.is_authenticated %}
		<a href="{% url 'oidc_authentication_init' %}">Login with OpenID Conn.  </a>
		{% endif %}
		</li>
		{% endif %}


		</ul>






		</nav>
		{% endif %}

+28 −0

Original line number	Diff line number	Diff line
		@@ -134,6 +134,34 @@ def random_username():
		return username


		def finalize_user_creation(user):

		from .models import Profile, KeyPair

		# Create profile
		logger.debug('Creating user profile for user "{}"'.format(user.email))
		Profile.objects.create(user=user)

		# Generate user keys
		out = os_shell('mkdir -p /data/resources/keys/', capture=True)
		if not out.exit_code == 0:
		logger.error(out)
		raise ErrorMessage('Something went wrong in creating user keys folder. Please contact support')

		command= "/bin/bash -c \"ssh-keygen -q -t rsa -N '' -f /data/resources/keys/{}_id_rsa 2>/dev/null <<< y >/dev/null\"".format(user.username)
		out = os_shell(command, capture=True)
		if not out.exit_code == 0:
		logger.error(out)
		raise ErrorMessage('Something went wrong in creating user keys. Please contact support')


		# Create key objects
		KeyPair.objects.create(user = user,
		default = True,
		private_key_file = '/data/resources/keys/{}_id_rsa'.format(user.username),
		public_key_file = '/data/resources/keys/{}_id_rsa.pub'.format(user.username))


		def sanitize_shell_encoding(text):
		return text.encode("utf-8", errors="ignore")