def _authorize_callback(self):
# if authorization failed abort early
error = request.args.get('error')
if error:
raise AuthenticationFailed(error, provider=self)
try:
token_data = self.authlib_client.authorize_access_token()
authinfo_token_data = {}
if self.include_token == 'only':
return self.multipass.handle_auth_success(
AuthInfo(self, token=token_data))
elif self.include_token:
authinfo_token_data['token'] = token_data
if self.use_id_token:
id_token = self.authlib_client.parse_id_token(token_data)
for key in INTERNAL_FIELDS:
id_token.pop(key, None)
return self.multipass.handle_auth_success(
AuthInfo(self, **dict(authinfo_token_data, **id_token)))
else:
user_info = self.authlib_client.userinfo()
return self.multipass.handle_auth_success(
AuthInfo(self, **dict(authinfo_token_data, **user_info)))
except AuthlibBaseError as exc:
raise AuthenticationFailed(str(exc), provider=self)
def process_local_login(self, data):
username = data['username']
password = self.settings['identities'].get(username)
if password is None:
raise AuthenticationFailed('No such user')
if password != data['password']:
raise AuthenticationFailed('Invalid password.')
auth_info = AuthInfo(self, username=data['username'])
return self.multipass.handle_auth_success(auth_info)
def _shibboleth_callback(self):
attributes = {
k: v
for k, v in iteritems(request.environ)
if k.startswith(self.settings['attrs_prefix'])
}
if not attributes:
raise AuthenticationFailed("No valid data received")
return self.multipass.handle_auth_success(AuthInfo(self, **attributes))
def process_local_login(self, data):
username = data['username']
password = self.settings['identities'].get(username)
if password is None:
raise NoSuchUser(provider=self)
if password != data['password']:
raise InvalidCredentials(provider=self)
auth_info = AuthInfo(self, username=data['username'])
return self.multipass.handle_auth_success(auth_info)
def _authorize_callback(self):
error = request.args.get('error')
if error:
raise AuthenticationFailed(error, provider=self)
try:
token = self.oauth_app.authorize_access_token()
return self.multipass.handle_auth_success(
AuthInfo(self, token=token))
except AuthlibBaseError as exc:
raise AuthenticationFailed(str(exc), provider=self)
def _authorize_callback(self):
# if authorization failed abort early
error = request.args.get('error')
if error:
raise AuthenticationFailed(error, provider=self)
# try to get a token containing a valid oidc id token
try:
oauth_token_data = self.oauth_app.authorize_access_token()
id_token = self._parse_id_token(oauth_token_data,
session.pop(self._session_key))
return self.multipass.handle_auth_success(
AuthInfo(self, **id_token))
except AuthlibBaseError as exc:
raise AuthenticationFailed(str(exc), provider=self)
def process_local_login(self, data):
username = data['username']
password = data['password']
with ldap_context(self.ldap_settings, use_cache=False):
try:
user_dn, user_data = get_user_by_id(
username, attributes=[self.ldap_settings['uid']])
if not user_dn:
raise NoSuchUser(provider=self)
current_ldap.connection.simple_bind_s(user_dn, password)
except INVALID_CREDENTIALS:
raise InvalidCredentials(provider=self)
auth_info = AuthInfo(
self, identifier=user_data[self.ldap_settings['uid']][0])
return self.multipass.handle_auth_success(auth_info)
def _authorize_callback(self):
ticket = request.args.get('ticket')
if not ticket:
raise AuthenticationFailed('ticket is not provided')
cas_response = self.cas_client.perform_service_validate(
ticket=ticket,
service_url=self.cas_callback_url,
)
if cas_response and cas_response.success:
auth_info = cas_response.attributes
auth_info['_username'] = cas_response.user
return self.multipass.handle_auth_success(
AuthInfo(self, **auth_info))
raise AuthenticationFailed("CAS result: Access denied")
def _shibboleth_callback(self):
mapping = _lower_keys(
iteritems(
request.headers if self.from_headers else request.environ))
# get all attrs in the 'attrs' list, if empty use 'attrs_prefix'
if self.attrs is None:
attributes = {
k: _to_unicode(v)
for k, v in mapping if k.startswith(self.attrs_prefix)
}
else:
attributes = {
k: _to_unicode(v)
for k, v in mapping if k in self.attrs
}
if not attributes:
raise AuthenticationFailed("No valid data received", provider=self)
return self.multipass.handle_auth_success(AuthInfo(self, **attributes))
def _make_auth_info(self, resp):
return AuthInfo(self, token=resp[self.settings['token_field']])
