import flask from flask import g, request from crc import app, db from crc.api.common import ApiError from crc.models.user import UserModel, UserModelSchema from crc.services.ldap_service import LdapService, LdapUserInfo """ .. module:: crc.api.user :synopsis: Single Sign On (SSO) user login and session handlers """ def verify_token(token): failure_error = ApiError("invalid_token", "Unable to decode the token you provided. Please re-authenticate", status_code=403) if (not 'PRODUCTION' in app.config or not app.config['PRODUCTION']) and token == app.config["SWAGGER_AUTH_KEY"]: g.user = UserModel.query.first() token = g.user.encode_auth_token() try: token_info = UserModel.decode_auth_token(token) g.user = UserModel.query.filter_by(uid=token_info['sub']).first() except: raise failure_error if g.user is not None: return token_info else: raise failure_error def get_current_user(): return UserModelSchema().dump(g.user) @app.route('/v1.0/login') def sso_login(): # This what I see coming back: # X-Remote-Cn: Daniel Harold Funk (dhf8r) # X-Remote-Sn: Funk # X-Remote-Givenname: Daniel # X-Remote-Uid: dhf8r # Eppn: dhf8r@virginia.edu # Cn: Daniel Harold Funk (dhf8r) # Sn: Funk # Givenname: Daniel # Uid: dhf8r # X-Remote-User: dhf8r@virginia.edu # X-Forwarded-For: 128.143.0.10 # X-Forwarded-Host: dev.crconnect.uvadcos.io # X-Forwarded-Server: dev.crconnect.uvadcos.io # Connection: Keep-Alive uid = request.headers.get("Uid") if not uid: uid = request.headers.get("X-Remote-Uid") if not uid: raise ApiError("invalid_sso_credentials", "'Uid' nor 'X-Remote-Uid' were present in the headers: %s" % str(request.headers)) redirect = request.args.get('redirect') app.logger.info("SSO_LOGIN: Full URL: " + request.url) app.logger.info("SSO_LOGIN: User Id: " + uid) app.logger.info("SSO_LOGIN: Will try to redirect to : " + str(redirect)) ldap_service = LdapService() info = ldap_service.user_info(uid) return _handle_login(info, redirect) @app.route('/sso') def sso(): response = "" response += "

Headers

" response += "