quay/util/config/validators/validate_oidc.py

from app import app
from oauth.loginmanager import OAuthLoginManager
from oauth.oidc import OIDCLoginService, DiscoveryFailureException
from util.config.validators import BaseValidator, ConfigValidationException

class OIDCLoginValidator(BaseValidator):
  name = "oidc-login"

  @classmethod
  def validate(cls, config, user, user_password):
    client = app.config['HTTPCLIENT']
    login_manager = OAuthLoginManager(config, client=client)
    for service in login_manager.services:
      if not isinstance(service, OIDCLoginService):
        continue

      if service.config.get('OIDC_SERVER') is None:
        msg = 'Missing OIDC_SERVER on OIDC service %s' % service.service_id()
        raise ConfigValidationException(msg)

      if service.config.get('CLIENT_ID') is None:
        msg = 'Missing CLIENT_ID on OIDC service %s' % service.service_id()
        raise ConfigValidationException(msg)

      if service.config.get('CLIENT_SECRET') is None:
        msg = 'Missing CLIENT_SECRET on OIDC service %s' % service.service_id()
        raise ConfigValidationException(msg)

      try:
        if not service.validate():
          msg = 'Could not validate OIDC service %s' % service.service_id()
          raise ConfigValidationException(msg)
      except DiscoveryFailureException as dfe:
        msg = 'Could not validate OIDC service %s: %s' % (service.service_id(), dfe.message)
        raise ConfigValidationException(msg)
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`from app import app`
			`from oauth.loginmanager import OAuthLoginManager`
			`from oauth.oidc import OIDCLoginService, DiscoveryFailureException`
			`from util.config.validators import BaseValidator, ConfigValidationException`

			`class OIDCLoginValidator(BaseValidator):`
			`name = "oidc-login"`

			`@classmethod`
			`def validate(cls, config, user, user_password):`
			`client = app.config['HTTPCLIENT']`
			`login_manager = OAuthLoginManager(config, client=client)`
			`for service in login_manager.services:`
			`if not isinstance(service, OIDCLoginService):`
			`continue`

			`if service.config.get('OIDC_SERVER') is None:`
			`msg = 'Missing OIDC_SERVER on OIDC service %s' % service.service_id()`
			`raise ConfigValidationException(msg)`

Add client ID and client secret to OIDC config validator 2017-04-07 15:33:02 +00:00			`if service.config.get('CLIENT_ID') is None:`
			`msg = 'Missing CLIENT_ID on OIDC service %s' % service.service_id()`
			`raise ConfigValidationException(msg)`

			`if service.config.get('CLIENT_SECRET') is None:`
			`msg = 'Missing CLIENT_SECRET on OIDC service %s' % service.service_id()`
			`raise ConfigValidationException(msg)`

Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`try:`
			`if not service.validate():`
			`msg = 'Could not validate OIDC service %s' % service.service_id()`
			`raise ConfigValidationException(msg)`
			`except DiscoveryFailureException as dfe:`
			`msg = 'Could not validate OIDC service %s: %s' % (service.service_id(), dfe.message)`
			`raise ConfigValidationException(msg)`