Add config validator for OIDC logins

2017-02-28 16:18:19 -05:00 · 2017-02-28 16:18:19 -05:00 · 157640e696
commit 157640e696
parent a13359c10c
5 changed files with 74 additions and 4 deletions
--- a/util/config/validators/validate_oidc.py
+++ b/util/config/validators/validate_oidc.py
@ -0,0 +1,27 @@
+from app import app
+from oauth.loginmanager import OAuthLoginManager
+from oauth.oidc import OIDCLoginService, DiscoveryFailureException
+from util.config.validators import BaseValidator, ConfigValidationException
+
+class OIDCLoginValidator(BaseValidator):
+  name = "oidc-login"
+
+  @classmethod
+  def validate(cls, config, user, user_password):
+    client = app.config['HTTPCLIENT']
+    login_manager = OAuthLoginManager(config, client=client)
+    for service in login_manager.services:
+      if not isinstance(service, OIDCLoginService):
+        continue
+
+      if service.config.get('OIDC_SERVER') is None:
+        msg = 'Missing OIDC_SERVER on OIDC service %s' % service.service_id()
+        raise ConfigValidationException(msg)
+
+      try:
+        if not service.validate():
+          msg = 'Could not validate OIDC service %s' % service.service_id()
+          raise ConfigValidationException(msg)
+      except DiscoveryFailureException as dfe:
+        msg = 'Could not validate OIDC service %s: %s' % (service.service_id(), dfe.message)
+        raise ConfigValidationException(msg)