Add proper and tested OIDC support on the server

Note that this will still not work on the client side; the followup CL for the client side is right after this one.
2017-01-23 17:53:34 -05:00 · 2017-01-23 17:53:34 -05:00 · fda203e4d7
commit fda203e4d7
parent 19f7acf575
15 changed files with 756 additions and 180 deletions
--- a/data/model/user.py
+++ b/data/model/user.py
@ -368,7 +368,7 @@ def update_user_metadata(user, given_name=None, family_name=None, company=None):
    remove_user_prompt(user, UserPromptTypes.ENTER_COMPANY)


-def create_federated_user(username, email, service_name, service_ident,
+def create_federated_user(username, email, service_id, service_ident,
                          set_password_notification, metadata={},
                          email_required=True, prompts=tuple()):
  prompts = set(prompts)
@ -378,7 +378,11 @@ def create_federated_user(username, email, service_name, service_ident,
  new_user.verified = True
  new_user.save()

-  service = LoginService.get(LoginService.name == service_name)
+  try:
+    service = LoginService.get(LoginService.name == service_id)
+  except LoginService.DoesNotExist:
+    service = LoginService.create(name=service_id)
+
  FederatedLogin.create(user=new_user, service=service,
                        service_ident=service_ident,
                        metadata_json=json.dumps(metadata))
@ -389,20 +393,20 @@ def create_federated_user(username, email, service_name, service_ident,
  return new_user


-def attach_federated_login(user, service_name, service_ident, metadata={}):
-  service = LoginService.get(LoginService.name == service_name)
+def attach_federated_login(user, service_id, service_ident, metadata={}):
+  service = LoginService.get(LoginService.name == service_id)
  FederatedLogin.create(user=user, service=service, service_ident=service_ident,
                        metadata_json=json.dumps(metadata))
  return user


-def verify_federated_login(service_name, service_ident):
+def verify_federated_login(service_id, service_ident):
  try:
    found = (FederatedLogin
             .select(FederatedLogin, User)
             .join(LoginService)
             .switch(FederatedLogin).join(User)
-             .where(FederatedLogin.service_ident == service_ident, LoginService.name == service_name)
+             .where(FederatedLogin.service_ident == service_ident, LoginService.name == service_id)
             .get())
    return found.user
  except FederatedLogin.DoesNotExist: