summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2014-10-10 13:26:34 -0400
committerPatrick Uiterwijk <puiterwijk@redhat.com>2014-10-24 18:03:28 +0200
commit107379dfafd8d245c61df63ff8cc0391addc9e20 (patch)
treec6a1a9ba9ef6e73f8f3a5b05dbe4087e03e90b10
parent3d3583f81e78600a37d518a5f8c814c6b4c99b91 (diff)
downloadipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.tar.gz
ipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.tar.xz
ipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.zip
Add group and CLA support to FAS login plugin
Add support for returning groups and other information from the FAS login plugin. If the openid module is available also split out cla group information into a spearate item so the openid CLA extension can make use of it and cla groups are not regarded as real groups. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat
-rwxr-xr-xipsilon/login/authfas.py40
1 files changed, 39 insertions, 1 deletions
diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py
index a571dd4..36918ec 100755
--- a/ipsilon/login/authfas.py
+++ b/ipsilon/login/authfas.py
@@ -12,6 +12,23 @@ from fedora.client.fasproxy import FasProxyClient
from fedora.client import AuthError
+try:
+ import openid_cla.cla as cla
+
+ CLA_GROUPS = {
+ 'cla_click': cla.CLA_URI_FEDORA_CLICK,
+ 'cla_dell': cla.CLA_URI_FEDORA_DELL,
+ 'cla_done': cla.CLA_URI_FEDORA_DONE,
+ 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA,
+ 'cla_fpca': cla.CLA_URI_FEDORA_FPCA,
+ 'cla_ibm': cla.CLA_URI_FEDORA_IBM,
+ 'cla_intel': cla.CLA_URI_FEDORA_INTEL,
+ 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT,
+ }
+except ImportError:
+ CLA_GROUPS = dict()
+
+
class FAS(LoginFormBase):
def POST(self, *args, **kwargs):
@@ -28,9 +45,10 @@ class FAS(LoginFormBase):
except Exception, e: # pylint: disable=broad-except
cherrypy.log.error("Unknown Error [%s]" % str(e))
if data and data.user:
+ userdata = self.make_userdata(data.user)
return self.lm.auth_successful(self.trans,
data.user['username'],
- userdata={'fas': data.user})
+ userdata=userdata)
else:
error = "Authentication failed"
cherrypy.log.error(error)
@@ -47,6 +65,26 @@ class FAS(LoginFormBase):
# pylint: disable=star-args
return self._template(self.formtemplate, **context)
+ def make_userdata(self, fas_data):
+ userdata = dict()
+ userdata['fas'] = fas_data
+
+ # compute and store groups and cla groups
+ userdata['groups'] = []
+ userdata['extras'] = {'cla': []}
+ for group in fas_data.get('approved_memberships', {}):
+ if 'name' not in group:
+ continue
+ if group.get('group_type') == 'cla':
+ if group['name'] in CLA_GROUPS:
+ userdata['extras']['cla'].append(CLA_GROUPS[group['name']])
+ else:
+ userdata['extras']['cla'].append(group['name'])
+ else:
+ userdata['groups'].append(group['name'])
+
+ return userdata
+
class LoginManager(LoginManagerBase):
generated by cgit (git 2.34.1) at 2024-04-27 15:45:47 +0000