Ejemplo n.º 1
0
    def create_client(self, userid="", **kwargs):
        """
        Do an instantiation of a client instance.

        :param userid: An identifier of the user
        :param: Keyword arguments
            Keys are ["srv_discovery_url", "client_info", "client_registration",
            "provider_info"]
        :return: client instance
        """
        _key_set = set(list(kwargs.keys()))
        try:
            _verify_ssl = kwargs["verify_ssl"]
        except KeyError:
            _verify_ssl = self.verify_ssl
        else:
            _key_set.discard("verify_ssl")

        client = self.client_cls(
            client_authn_method=CLIENT_AUTHN_METHOD,
            behaviour=kwargs["behaviour"],
            verify_ssl=_verify_ssl,
        )

        try:
            client.userinfo_request_method = kwargs["userinfo_request_method"]
        except KeyError:
            pass
        else:
            _key_set.discard("userinfo_request_method")

        # The behaviour parameter is not significant for the election process
        _key_set.discard("behaviour")
        for param in ["allow"]:
            try:
                setattr(client, param, kwargs[param])
            except KeyError:
                pass
            else:
                _key_set.discard(param)

        if _key_set == {"client_info"}:  # Everything dynamic
            # There has to be a userid
            if not userid:
                raise MissingAttribute("Missing userid specification")

            # Find the service that provides information about the OP
            issuer = client.wf.discovery_query(userid)
            # Gather OP information
            client.provider_config(issuer)
            # register the client
            client.register(
                client.provider_info["registration_endpoint"], **kwargs["client_info"]
            )
            self.get_path(kwargs["client_info"]["redirect_uris"], issuer)
        elif _key_set == set(["client_info", "srv_discovery_url"]):
            # Ship the webfinger part
            # Gather OP information
            client.provider_config(kwargs["srv_discovery_url"])
            # register the client
            client.register(
                client.provider_info["registration_endpoint"], **kwargs["client_info"]
            )
            self.get_path(
                kwargs["client_info"]["redirect_uris"], kwargs["srv_discovery_url"]
            )
        elif _key_set == set(["provider_info", "client_info"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"],
            )
            client.register(
                client.provider_info["registration_endpoint"], **kwargs["client_info"]
            )

            self.get_path(
                kwargs["client_info"]["redirect_uris"],
                kwargs["provider_info"]["issuer"],
            )
        elif _key_set == set(["provider_info", "client_registration"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"],
            )
            client.store_registration_info(
                RegistrationResponse(**kwargs["client_registration"])
            )
            self.get_path(
                kwargs["client_info"]["redirect_uris"],
                kwargs["provider_info"]["issuer"],
            )
        elif _key_set == set(["srv_discovery_url", "client_registration"]):
            client.provider_config(kwargs["srv_discovery_url"])
            client.store_registration_info(
                RegistrationResponse(**kwargs["client_registration"])
            )
            self.get_path(
                kwargs["client_registration"]["redirect_uris"],
                kwargs["srv_discovery_url"],
            )
        else:
            raise Exception("Configuration error ?")

        return client
Ejemplo n.º 2
0
    def create_client(self, userid="", **kwargs):
        """
        Do an instantiation of a client instance

        :param userid: An identifier of the user
        :param: Keyword arguments
            Keys are ["srv_discovery_url", "client_info", "client_registration",
            "provider_info"]
        :return: client instance
        """
        _key_set = set(kwargs.keys())
        args = {}
        for param in ["verify_ssl"]:
            try:
                args[param] = kwargs[param]
            except KeyError:
                pass
            else:
                _key_set.discard(param)

        try:
            verify_ssl = default_ssl_check
        except:
            verify_ssl = True

        client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD,
                                 behaviour=kwargs["behaviour"],
                                 verify_ssl=verify_ssl,
                                 **args)

        # The behaviour parameter is not significant for the election process
        _key_set.discard("behaviour")
        for param in ["allow"]:
            try:
                setattr(client, param, kwargs[param])
            except KeyError:
                pass
            else:
                _key_set.discard(param)

        if _key_set == set(["client_info"]):  # Everything dynamic
            # There has to be a userid
            if not userid:
                raise MissingAttribute("Missing userid specification")

            # Find the service that provides information about the OP
            issuer = client.wf.discovery_query(userid)
            # Gather OP information
            client.provider_config(issuer)
            # register the client
            client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
        elif _key_set == set(["client_info", "srv_discovery_url"]):
            # Ship the webfinger part
            # Gather OP information
            client.provider_config(kwargs["srv_discovery_url"])
            # register the client
            client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
        elif _key_set == set(["provider_info", "client_info"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"])
            client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
        elif _key_set == set(["provider_info", "client_registration"]):
            client.handle_provider_config(
                ProviderConfigurationResponse(**kwargs["provider_info"]),
                kwargs["provider_info"]["issuer"])
            client.store_registration_info(
                RegistrationResponse(**kwargs["client_registration"]))
        elif _key_set == set(["srv_discovery_url", "client_registration"]):
            try:
                client.provider_config(kwargs["srv_discovery_url"])
                client.store_registration_info(
                    RegistrationResponse(**kwargs["client_registration"]))
            except Exception as e:
                logger.error(
                    "Provider info discovery failed for %s - assume backend unworkable",
                    kwargs["srv_discovery_url"])
                logger.exception(e)
        else:
            raise Exception("Configuration error ?")

        return client
Ejemplo n.º 3
0
    def __call__(self, userid, client_id, user_info_claims=None, **kwargs):
        """
        :param userid: The local user id
        :param user_info_claims: Possible userinfo claims (a dictionary)
        :return: A schema dependent userinfo instance
        """

        logger.info("User_info about '%s'" % userid)
        identity = copy.copy(self.db[userid])

        if user_info_claims:
            result = {}
            missing = []
            optional = []
            if "claims" in user_info_claims:
                for key, restr in user_info_claims["claims"].items():
                    try:
                        result[key] = identity[key]
                    except KeyError:
                        if restr == {"essential": True}:
                            missing.append(key)
                        else:
                            optional.append(key)

            # Check if anything asked for is somewhere else
            if (missing or optional) and "_external_" in identity:
                cpoints = {}
                remaining = missing[:]
                missing.extend(optional)
                for key in missing:
                    for _srv, what in identity["_external_"].items():
                        if key in what:
                            try:
                                cpoints[_srv].append(key)
                            except KeyError:
                                cpoints[_srv] = [key]
                            try:
                                remaining.remove(key)
                            except ValueError:
                                pass

                if remaining:
                    raise MissingAttribute("Missing properties '%s'" %
                                           remaining)

                for srv, what in cpoints.items():
                    cc = self.oidcsrv.claims_clients[srv]
                    logger.debug("srv: %s, what: %s" %
                                 (sanitize(srv), sanitize(what)))
                    _res = self._collect_distributed(srv, cc, userid, what)
                    logger.debug("Got: %s" % sanitize(_res))
                    for key, val in _res.items():
                        if key in result:
                            result[key].update(val)
                        else:
                            result[key] = val

        else:
            # default is what "openid" demands which is sub
            # result = identity
            result = {"sub": userid}

        return OpenIDSchema(**result)
Ejemplo n.º 4
0
def func_exception():
    raise MissingAttribute('foo')
Ejemplo n.º 5
0
def create_client(**kwargs):
    """
    kwargs = config.CLIENT.iteritems
    """
    _key_set = set(kwargs.keys())
    args = {}
    for param in ["verify_ssl", "client_id", "client_secret"]:
        try:
            args[param] = kwargs[param]
        except KeyError:
            try:
                args[param] = kwargs['client_registration'][param]
            except KeyError:
                pass
        else:
            _key_set.discard(param)

    client = Client(client_authn_method=CLIENT_AUTHN_METHOD,
                    behaviour=kwargs["behaviour"],
                    verify_ssl=conf.VERIFY_SSL,
                    **args)

    # The behaviour parameter is not significant for the election process
    _key_set.discard("behaviour")
    # I do not understand how this was ever working without discarding this
    # Below is not a case where _key_set includes "registration_response"
    _key_set.discard("registration_response")
    for param in ["allow"]:
        try:
            setattr(client, param, kwargs[param])
        except KeyError:
            pass
        else:
            _key_set.discard(param)

    if _key_set == set(["client_info"]):  # Everything dynamic
        # There has to be a userid
        if not userid:
            raise MissingAttribute("Missing userid specification")

        # Find the service that provides information about the OP
        issuer = client.wf.discovery_query(userid)
        # Gather OP information
        _ = client.provider_config(issuer)
        # register the client
        _ = client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
    elif _key_set == set(["client_info", "srv_discovery_url"]):
        # Ship the webfinger part
        # Gather OP information
        _ = client.provider_config(kwargs["srv_discovery_url"])
        # register the client
        _ = client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
    elif _key_set == set(["provider_info", "client_info"]):
        client.handle_provider_config(
            ProviderConfigurationResponse(**kwargs["provider_info"]),
            kwargs["provider_info"]["issuer"])
        _ = client.register(client.provider_info["registration_endpoint"],
                            **kwargs["client_info"])
    elif _key_set == set(["provider_info", "client_registration"]):
        client.handle_provider_config(
            ProviderConfigurationResponse(**kwargs["provider_info"]),
            kwargs["provider_info"]["issuer"])
        client.store_registration_info(
            RegistrationResponse(**kwargs["client_registration"]))
    elif _key_set == set(["srv_discovery_url", "client_registration"]):
        _ = client.provider_config(kwargs["srv_discovery_url"])
        client.store_registration_info(
            RegistrationResponse(**kwargs["client_registration"]))
    else:
        raise Exception("Configuration error ?")

    return client