Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-09-08 12:24:47 -04:00 · 2016-09-08 12:24:47 -04:00 · d7f56350a4
commit d7f56350a4
parent 934cdecbd6
18 changed files with 206 additions and 93 deletions
--- a/data/users/externaljwt.py
+++ b/data/users/externaljwt.py
@ -14,8 +14,8 @@ class ExternalJWTAuthN(FederatedUsers):
  PUBLIC_KEY_FILENAME = 'jwt-authn.cert'

  def __init__(self, verify_url, query_url, getuser_url, issuer, override_config_dir, http_client,
-               max_fresh_s, public_key_path=None):
-    super(ExternalJWTAuthN, self).__init__('jwtauthn')
+               max_fresh_s, public_key_path=None, requires_email=True):
+    super(ExternalJWTAuthN, self).__init__('jwtauthn', requires_email)
    self.verify_url = verify_url
    self.query_url = query_url
    self.getuser_url = getuser_url
@ -23,6 +23,7 @@ class ExternalJWTAuthN(FederatedUsers):
    self.issuer = issuer
    self.client = http_client
    self.max_fresh_s = max_fresh_s
+    self.requires_email = requires_email

    default_key_path = os.path.join(override_config_dir, ExternalJWTAuthN.PUBLIC_KEY_FILENAME)
    public_key_path = public_key_path or default_key_path
@ -48,11 +49,12 @@ class ExternalJWTAuthN(FederatedUsers):
    if not 'sub' in payload:
      raise Exception('Missing sub field in JWT')

-    if not 'email' in payload:
+    if self.requires_email and not 'email' in payload:
      raise Exception('Missing email field in JWT')

    # Parse out the username and email.
-    user_info = UserInformation(username=payload['sub'], email=payload['email'], id=payload['sub'])
+    user_info = UserInformation(username=payload['sub'], email=payload.get('email'),
+                                id=payload['sub'])
    return (user_info, None)


@ -67,7 +69,7 @@ class ExternalJWTAuthN(FederatedUsers):

    query_results = []
    for result in payload['results'][0:limit]:
-      user_info = UserInformation(username=result['username'], email=result['email'],
+      user_info = UserInformation(username=result['username'], email=result.get('email'),
                                  id=result['username'])
      query_results.append(user_info)

@ -83,10 +85,11 @@ class ExternalJWTAuthN(FederatedUsers):
    if not 'sub' in payload:
      raise Exception('Missing sub field in JWT')

-    if not 'email' in payload:
+    if self.requires_email and not 'email' in payload:
      raise Exception('Missing email field in JWT')

-    user_info = UserInformation(username=payload['sub'], email=payload['email'], id=payload['sub'])
+    user_info = UserInformation(username=payload['sub'], email=payload.get('email'),
+                                id=payload['sub'])
    return (user_info, None)