Dropping flask_sso library in favor of reading from the headers directly. Updating login to read from ldap once it has the user_id. Adding more information to the sso endpoint.

2020-05-22 07:55:58 -04:00 · 2020-05-22 07:55:58 -04:00 · 4627318818
parent b3ae9ee770
commit 4627318818
4 changed files with 51 additions and 32 deletions
--- a/1
+++ b/1
@ -31,7 +31,6 @@ sphinx = "*"
 recommonmark = "*"
 psycopg2-binary = "*"
 docxtpl = "*"
-flask-sso = "*"
 python-dateutil = "*"
 pandas = "*"
 xlrd = "*"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,11 +1,11 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "26d23456010d3e5a559386d412cef3beacd92d5a4e474f2afdb0737ea0f20f04"
+            "sha256": "1ca737db75750ea4351c15b4b0b26155d90bc5522705ed293a0c2773600b6a0a"
        },
        "pipfile-spec": 6,
        "requires": {
-            "python_version": "3.7"
+            "python_version": "3.6.9"
        },
        "sources": [
            {
@ -96,12 +96,6 @@
            ],
            "version": "==3.6.3.0"
        },
-        "blinker": {
-            "hashes": [
-                "sha256:471aee25f3992bd325afa3772f1063dbdbbca947a041b8b89466dc00d606f8b6"
-            ],
-            "version": "==1.4"
-        },
        "celery": {
            "hashes": [
                "sha256:108a0bf9018a871620936c33a3ee9f6336a89f8ef0a0f567a9001f4aa361415f",
@ -307,13 +301,6 @@
            ],
            "version": "==2.4.1"
        },
-        "flask-sso": {
-            "hashes": [
-                "sha256:541a8a2387c6eac4325c53f8f7f863a03173b37aa558a37a430010d7fc1a3633"
-            ],
-            "index": "pypi",
-            "version": "==0.4.0"
-        },
        "future": {
            "hashes": [
                "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d"
@ -711,10 +698,10 @@
        },
        "six": {
            "hashes": [
-                "sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
-                "sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
+                "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
+                "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
            ],
-            "version": "==1.14.0"
+            "version": "==1.15.0"
        },
        "snowballstemmer": {
            "hashes": [
@ -783,7 +770,7 @@
        "spiffworkflow": {
            "editable": true,
            "git": "https://github.com/sartography/SpiffWorkflow.git",
-            "ref": "2c9698894f7e526a91bf3ca8c4b9fc9b6b01e807"
+            "ref": "cb098ee6d55b85bf7795997f4ad5f78c27d15381"
        },
        "sqlalchemy": {
            "hashes": [
@ -955,10 +942,10 @@
        },
        "six": {
            "hashes": [
-                "sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
-                "sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
+                "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
+                "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
            ],
-            "version": "==1.14.0"
+            "version": "==1.15.0"
        },
        "wcwidth": {
            "hashes": [
--- a/crc/init.py
+++ b/crc/init.py
@ -31,7 +31,6 @@ session = db.session

 migrate = Migrate(app, db)
 ma = Marshmallow(app)
-sso = SSO(app=app)

 from crc import models
 from crc import api
--- a/crc/api/user.py
+++ b/crc/api/user.py
@ -3,10 +3,10 @@ import json
 import connexion
 from flask import redirect, g, request

-from crc import sso, app, db
+from crc import app, db
 from crc.api.common import ApiError
 from crc.models.user import UserModel, UserModelSchema
-
+from crc.services.ldap_service import LdapService

 """
 .. module:: crc.api.user
@ -32,21 +32,55 @@ def verify_token(token):
 def get_current_user():
    return UserModelSchema().dump(g.user)

+def sso_login():
+    # This what I see coming back:
+    # X-Remote-Cn: Daniel Harold Funk (dhf8r)
+    # X-Remote-Sn: Funk
+    # X-Remote-Givenname: Daniel
+    # X-Remote-Uid: dhf8r
+    # Eppn: dhf8r@virginia.edu
+    # Cn: Daniel Harold Funk (dhf8r)
+    # Sn: Funk
+    # Givenname: Daniel
+    # Uid: dhf8r
+    # X-Remote-User: dhf8r@virginia.edu
+    # X-Forwarded-For: 128.143.0.10
+    # X-Forwarded-Host: dev.crconnect.uvadcos.io
+    # X-Forwarded-Server: dev.crconnect.uvadcos.io
+    # Connection: Keep-Alive
+    uid = request.headers.get("Uid")
+    if not uid:
+        uid = request.headers.get("X-Remote-Uid")
+
+    if not uid:
+        raise ApiError("invalid_sso_credentials", "'Uid' nor 'X-Remote-Uid' were present in the headers: %s"
+                       % str(request.headers))

-@sso.login_handler
-def sso_login(user_info):
    redirect = request.args.get('redirect')
    app.logger.info("SSO_LOGIN: Full URL: " + request.url)
-    app.logger.info("SSO_LOGIN: User Details: " + json.dump(user_info))
+    app.logger.info("SSO_LOGIN: User Id: " + uid)
    app.logger.info("SSO_LOGIN: Will try to redirect to : " + redirect)
+
+    ldap_service = LdapService()
+    info = ldap_service.user_info(uid)
+
+    user = UserModel(uid=uid, email_address=info.email, display_name=info.display_name,
+                     affiliation=info.affiliation, title=info.title)
+
    # TODO: Get redirect URL from Shibboleth request header
-    _handle_login(user_info, redirect)
+    _handle_login(user, redirect)

@app.route('/sso')
-def index():
-    return str(request.headers)
+def sso():
+    response = ""
+    response += "<h1>Headers</h1>"
+    response += str(request.headers)
+    response += "<h1>Environment</h1>"
+    response += str(request.environ)
+    return response


+@app.route('/login')
 def _handle_login(user_info, redirect_url=app.config['FRONTEND_AUTH_CALLBACK']):
    """On successful login, adds user to database if the user is not already in the system,
       then returns the frontend auth callback URL, with auth token appended.