Merge pull request #2300 from coreos-inc/openid-connect

OpenID Connect support and OAuth login refactoring
2017-01-31 18:14:44 -05:00 · 2017-01-31 18:14:44 -05:00 · 01ec22b362
commit 01ec22b362
parent 1b6f30cd98 f5dbc350f8
36 changed files with 1623 additions and 983 deletions
--- a/data/model/user.py
+++ b/data/model/user.py
@ -369,7 +369,7 @@ def update_user_metadata(user, given_name=None, family_name=None, company=None):
    remove_user_prompt(user, UserPromptTypes.ENTER_COMPANY)


-def create_federated_user(username, email, service_name, service_ident,
+def create_federated_user(username, email, service_id, service_ident,
                          set_password_notification, metadata={},
                          email_required=True, prompts=tuple()):
  prompts = set(prompts)
@ -379,7 +379,11 @@ def create_federated_user(username, email, service_name, service_ident,
  new_user.verified = True
  new_user.save()

-  service = LoginService.get(LoginService.name == service_name)
+  try:
+    service = LoginService.get(LoginService.name == service_id)
+  except LoginService.DoesNotExist:
+    service = LoginService.create(name=service_id)
+
  FederatedLogin.create(user=new_user, service=service,
                        service_ident=service_ident,
                        metadata_json=json.dumps(metadata))
@ -390,20 +394,20 @@ def create_federated_user(username, email, service_name, service_ident,
  return new_user


-def attach_federated_login(user, service_name, service_ident, metadata={}):
-  service = LoginService.get(LoginService.name == service_name)
+def attach_federated_login(user, service_id, service_ident, metadata={}):
+  service = LoginService.get(LoginService.name == service_id)
  FederatedLogin.create(user=user, service=service, service_ident=service_ident,
                        metadata_json=json.dumps(metadata))
  return user


-def verify_federated_login(service_name, service_ident):
+def verify_federated_login(service_id, service_ident):
  try:
    found = (FederatedLogin
             .select(FederatedLogin, User)
             .join(LoginService)
             .switch(FederatedLogin).join(User)
-             .where(FederatedLogin.service_ident == service_ident, LoginService.name == service_name)
+             .where(FederatedLogin.service_ident == service_ident, LoginService.name == service_id)
             .get())
    return found.user
  except FederatedLogin.DoesNotExist: