Dropping flask_sso library in favor of reading from the headers directly. Updating login to read from ldap once it has the user_id. Adding more information to the sso endpoint.
This commit is contained in:
parent
b3ae9ee770
commit
4627318818
1
Pipfile
1
Pipfile
|
@ -31,7 +31,6 @@ sphinx = "*"
|
|||
recommonmark = "*"
|
||||
psycopg2-binary = "*"
|
||||
docxtpl = "*"
|
||||
flask-sso = "*"
|
||||
python-dateutil = "*"
|
||||
pandas = "*"
|
||||
xlrd = "*"
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"_meta": {
|
||||
"hash": {
|
||||
"sha256": "26d23456010d3e5a559386d412cef3beacd92d5a4e474f2afdb0737ea0f20f04"
|
||||
"sha256": "1ca737db75750ea4351c15b4b0b26155d90bc5522705ed293a0c2773600b6a0a"
|
||||
},
|
||||
"pipfile-spec": 6,
|
||||
"requires": {
|
||||
"python_version": "3.7"
|
||||
"python_version": "3.6.9"
|
||||
},
|
||||
"sources": [
|
||||
{
|
||||
|
@ -96,12 +96,6 @@
|
|||
],
|
||||
"version": "==3.6.3.0"
|
||||
},
|
||||
"blinker": {
|
||||
"hashes": [
|
||||
"sha256:471aee25f3992bd325afa3772f1063dbdbbca947a041b8b89466dc00d606f8b6"
|
||||
],
|
||||
"version": "==1.4"
|
||||
},
|
||||
"celery": {
|
||||
"hashes": [
|
||||
"sha256:108a0bf9018a871620936c33a3ee9f6336a89f8ef0a0f567a9001f4aa361415f",
|
||||
|
@ -307,13 +301,6 @@
|
|||
],
|
||||
"version": "==2.4.1"
|
||||
},
|
||||
"flask-sso": {
|
||||
"hashes": [
|
||||
"sha256:541a8a2387c6eac4325c53f8f7f863a03173b37aa558a37a430010d7fc1a3633"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.4.0"
|
||||
},
|
||||
"future": {
|
||||
"hashes": [
|
||||
"sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d"
|
||||
|
@ -711,10 +698,10 @@
|
|||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
"sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
|
||||
"sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
|
||||
"sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
|
||||
"sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
|
||||
],
|
||||
"version": "==1.14.0"
|
||||
"version": "==1.15.0"
|
||||
},
|
||||
"snowballstemmer": {
|
||||
"hashes": [
|
||||
|
@ -783,7 +770,7 @@
|
|||
"spiffworkflow": {
|
||||
"editable": true,
|
||||
"git": "https://github.com/sartography/SpiffWorkflow.git",
|
||||
"ref": "2c9698894f7e526a91bf3ca8c4b9fc9b6b01e807"
|
||||
"ref": "cb098ee6d55b85bf7795997f4ad5f78c27d15381"
|
||||
},
|
||||
"sqlalchemy": {
|
||||
"hashes": [
|
||||
|
@ -955,10 +942,10 @@
|
|||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
"sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
|
||||
"sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
|
||||
"sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
|
||||
"sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
|
||||
],
|
||||
"version": "==1.14.0"
|
||||
"version": "==1.15.0"
|
||||
},
|
||||
"wcwidth": {
|
||||
"hashes": [
|
||||
|
|
|
@ -31,7 +31,6 @@ session = db.session
|
|||
|
||||
migrate = Migrate(app, db)
|
||||
ma = Marshmallow(app)
|
||||
sso = SSO(app=app)
|
||||
|
||||
from crc import models
|
||||
from crc import api
|
||||
|
|
|
@ -3,10 +3,10 @@ import json
|
|||
import connexion
|
||||
from flask import redirect, g, request
|
||||
|
||||
from crc import sso, app, db
|
||||
from crc import app, db
|
||||
from crc.api.common import ApiError
|
||||
from crc.models.user import UserModel, UserModelSchema
|
||||
|
||||
from crc.services.ldap_service import LdapService
|
||||
|
||||
"""
|
||||
.. module:: crc.api.user
|
||||
|
@ -32,21 +32,55 @@ def verify_token(token):
|
|||
def get_current_user():
|
||||
return UserModelSchema().dump(g.user)
|
||||
|
||||
def sso_login():
|
||||
# This what I see coming back:
|
||||
# X-Remote-Cn: Daniel Harold Funk (dhf8r)
|
||||
# X-Remote-Sn: Funk
|
||||
# X-Remote-Givenname: Daniel
|
||||
# X-Remote-Uid: dhf8r
|
||||
# Eppn: dhf8r@virginia.edu
|
||||
# Cn: Daniel Harold Funk (dhf8r)
|
||||
# Sn: Funk
|
||||
# Givenname: Daniel
|
||||
# Uid: dhf8r
|
||||
# X-Remote-User: dhf8r@virginia.edu
|
||||
# X-Forwarded-For: 128.143.0.10
|
||||
# X-Forwarded-Host: dev.crconnect.uvadcos.io
|
||||
# X-Forwarded-Server: dev.crconnect.uvadcos.io
|
||||
# Connection: Keep-Alive
|
||||
uid = request.headers.get("Uid")
|
||||
if not uid:
|
||||
uid = request.headers.get("X-Remote-Uid")
|
||||
|
||||
if not uid:
|
||||
raise ApiError("invalid_sso_credentials", "'Uid' nor 'X-Remote-Uid' were present in the headers: %s"
|
||||
% str(request.headers))
|
||||
|
||||
@sso.login_handler
|
||||
def sso_login(user_info):
|
||||
redirect = request.args.get('redirect')
|
||||
app.logger.info("SSO_LOGIN: Full URL: " + request.url)
|
||||
app.logger.info("SSO_LOGIN: User Details: " + json.dump(user_info))
|
||||
app.logger.info("SSO_LOGIN: User Id: " + uid)
|
||||
app.logger.info("SSO_LOGIN: Will try to redirect to : " + redirect)
|
||||
|
||||
ldap_service = LdapService()
|
||||
info = ldap_service.user_info(uid)
|
||||
|
||||
user = UserModel(uid=uid, email_address=info.email, display_name=info.display_name,
|
||||
affiliation=info.affiliation, title=info.title)
|
||||
|
||||
# TODO: Get redirect URL from Shibboleth request header
|
||||
_handle_login(user_info, redirect)
|
||||
_handle_login(user, redirect)
|
||||
|
||||
@app.route('/sso')
|
||||
def index():
|
||||
return str(request.headers)
|
||||
def sso():
|
||||
response = ""
|
||||
response += "<h1>Headers</h1>"
|
||||
response += str(request.headers)
|
||||
response += "<h1>Environment</h1>"
|
||||
response += str(request.environ)
|
||||
return response
|
||||
|
||||
|
||||
@app.route('/login')
|
||||
def _handle_login(user_info, redirect_url=app.config['FRONTEND_AUTH_CALLBACK']):
|
||||
"""On successful login, adds user to database if the user is not already in the system,
|
||||
then returns the frontend auth callback URL, with auth token appended.
|
||||
|
|
Loading…
Reference in New Issue