Infrastructure/ipsilon-fedora
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Update the OpenID API extension to work with IPA

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2021-03-26 12:07:59 +01:00
parent 0bd1e309ac
commit 75dd1b934c
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 27 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

42
ipsilon/providers/openid/extensions/api.py
View file

@ -2,10 +2,8 @@
from __future__ import absolute_import from __future__ import absolute_import
try: from python_freeipa.client_meta import ClientMeta as IPAClient
from ipsilon.info.infofas import fas_make_userdata
except ImportError:
fas_make_userdata = None
from ipsilon.providers.openid.extensions.common import OpenidExtensionBase from ipsilon.providers.openid.extensions.common import OpenidExtensionBase
import ipsilon.root import ipsilon.root
from ipsilon.util.page import Page from ipsilon.util.page import Page
@ -13,6 +11,7 @@ from ipsilon.util.user import User
import json import json
import inspect import inspect
from configparser import ConfigParser
class OpenidExtension(OpenidExtensionBase): class OpenidExtension(OpenidExtensionBase):
@ -57,7 +56,6 @@ class APIV1Page(Page):
'message': 'Missing argument: %s' % arg 'message': 'Missing argument: %s' % arg
} }
fas = self.root_obj.login.fas.lm
openid = self.root_obj.openid openid = self.root_obj.openid
openid_request = None openid_request = None
@ -85,15 +83,30 @@ class APIV1Page(Page):
password = arguments['password'] password = arguments['password']
user = None user = None
userdata = None userdata = None
try:
_, user = fas.fpc.login(username, password) # Check auth with IPA directly
if fas_make_userdata is None: ipa_config = ConfigParser()
userdata = fas.page.make_userdata(user.user) ipa_config.read("/etc/ipa/default.conf")
else: ipa_server = ipa_config.get("global", "server", fallback=None)
userdata = fas_make_userdata(user.user) ipa = IPAClient(ipa_server, verify_ssl="/etc/ipa/ca.crt")
except Exception as ex: auth = ipa.login(username, password)
print('Error during auth: %s' % ex) if auth and auth.logged_in:
pass user = ipa.user_find(whoami=True)["result"][0]
userdata = {
"nickname": user["uid"][0],
"fullname": user["displayname"][0],
"_groups": user["memberof_group"],
"email": user["mail"][0],
"givenname": user["givenname"], # It's not a list? WTF?
"surname": user["sn"][0],
"zoneinfo": user["fastimezone"][0],
}
userdata["human_name"] = userdata["fullname"]
userdata["name"] = userdata["fullname"]
userdata["preferred_username"] = userdata["nickname"]
userdata["_username"] = userdata["nickname"]
else:
print('Error during auth: %s' % auth.login_exception)
if user is None or userdata is None: if user is None or userdata is None:
print('No user or data: %s, %s' % (user, userdata)) print('No user or data: %s, %s' % (user, userdata))
@ -110,4 +123,3 @@ class APIV1Page(Page):
openid_response = openid.cfg.server.signatory.sign(openid_response).fields.toPostArgs() openid_response = openid.cfg.server.signatory.sign(openid_response).fields.toPostArgs()
return {'success': True, return {'success': True,
'response': openid_response} 'response': openid_response}