diff options
author | Simo Sorce <simo@redhat.com> | 2014-10-10 13:26:34 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-10-24 18:03:28 +0200 |
commit | 107379dfafd8d245c61df63ff8cc0391addc9e20 (patch) | |
tree | c6a1a9ba9ef6e73f8f3a5b05dbe4087e03e90b10 /ipsilon | |
parent | 3d3583f81e78600a37d518a5f8c814c6b4c99b91 (diff) | |
download | ipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.tar.gz ipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.tar.xz ipsilon-107379dfafd8d245c61df63ff8cc0391addc9e20.zip |
Add group and CLA support to FAS login plugin
Add support for returning groups and other information from the FAS
login plugin.
If the openid module is available also split out cla group information
into a spearate item so the openid CLA extension can make use of it
and cla groups are not regarded as real groups.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/login/authfas.py | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py index a571dd4..36918ec 100755 --- a/ipsilon/login/authfas.py +++ b/ipsilon/login/authfas.py @@ -12,6 +12,23 @@ from fedora.client.fasproxy import FasProxyClient from fedora.client import AuthError +try: + import openid_cla.cla as cla + + CLA_GROUPS = { + 'cla_click': cla.CLA_URI_FEDORA_CLICK, + 'cla_dell': cla.CLA_URI_FEDORA_DELL, + 'cla_done': cla.CLA_URI_FEDORA_DONE, + 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA, + 'cla_fpca': cla.CLA_URI_FEDORA_FPCA, + 'cla_ibm': cla.CLA_URI_FEDORA_IBM, + 'cla_intel': cla.CLA_URI_FEDORA_INTEL, + 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT, + } +except ImportError: + CLA_GROUPS = dict() + + class FAS(LoginFormBase): def POST(self, *args, **kwargs): @@ -28,9 +45,10 @@ class FAS(LoginFormBase): except Exception, e: # pylint: disable=broad-except cherrypy.log.error("Unknown Error [%s]" % str(e)) if data and data.user: + userdata = self.make_userdata(data.user) return self.lm.auth_successful(self.trans, data.user['username'], - userdata={'fas': data.user}) + userdata=userdata) else: error = "Authentication failed" cherrypy.log.error(error) @@ -47,6 +65,26 @@ class FAS(LoginFormBase): # pylint: disable=star-args return self._template(self.formtemplate, **context) + def make_userdata(self, fas_data): + userdata = dict() + userdata['fas'] = fas_data + + # compute and store groups and cla groups + userdata['groups'] = [] + userdata['extras'] = {'cla': []} + for group in fas_data.get('approved_memberships', {}): + if 'name' not in group: + continue + if group.get('group_type') == 'cla': + if group['name'] in CLA_GROUPS: + userdata['extras']['cla'].append(CLA_GROUPS[group['name']]) + else: + userdata['extras']['cla'].append(group['name']) + else: + userdata['groups'].append(group['name']) + + return userdata + class LoginManager(LoginManagerBase): |