def _create_or_reuse_user(self, user_id, user_name, email, first_name, last_name, session_id): # Try finding by user id query = {'newt.id': user_id} user = User().findOne(query) set_id = not user # Existing users using NEWT for the first time will not have an user id if not user: user = User().findOne({'email': email}) # Create the user if it's still not found if not user: policy = Setting().get(SettingKey.REGISTRATION_POLICY) if policy == 'closed': ignore = Setting().get( PluginSettings.IGNORE_REGISTRATION_POLICY) if not ignore: raise RestException( 'Registration on this instance is closed. Contact an ' 'administrator to create an account for you.') user = User().createUser(login=user_name, password=None, firstName=first_name, lastName=last_name, email=email) else: # Update user data from NEWT if email != user['email']: user['email'] = email dirty = True # Don't set names to empty string if first_name != user['firstName'] and first_name: user['firstName'] = first_name dirty = True if last_name != user['lastName'] and last_name: user['lastName'] = last_name dirty = True if set_id: user.setdefault('newt', {})['id'] = user_id user.setdefault('newt', {})['sessionId'] = session_id user = User().save(user) return user
def _createOrReuseUser(cls, oauthId, email, firstName, lastName, userName=None): providerName = cls.getProviderName() # Try finding by ID first, since a user can change their email address query = { # PyMongo may not properly support full embedded document queries, # since the object order matters (and Python dicts are unordered), # so search by individual embedded fields 'oauth.provider': providerName, 'oauth.id': oauthId } if providerName == 'google': # The Google provider was previously stored as capitalized, and # legacy databases may still have these entries query['oauth.provider'] = {'$in': ['google', 'Google']} user = User().findOne(query) setId = not user # Existing users using OAuth2 for the first time will not have an ID if not user: user = User().findOne({'email': email}) dirty = False # Create the user if it's still not found if not user: policy = Setting().get(SettingKey.REGISTRATION_POLICY) if policy == 'closed': ignore = Setting().get( PluginSettings.IGNORE_REGISTRATION_POLICY) if not ignore: raise RestException( 'Registration on this instance is closed. Contact an ' 'administrator to create an account for you.') login = cls._deriveLogin(email, firstName, lastName, userName) user = User().createUser(login=login, password=None, firstName=firstName, lastName=lastName, email=email) else: # Migrate from a legacy format where only 1 provider was stored if isinstance(user.get('oauth'), dict): user['oauth'] = [user['oauth']] dirty = True # Update user data from provider if email != user['email']: user['email'] = email dirty = True # Don't set names to empty string if firstName != user['firstName'] and firstName: user['firstName'] = firstName dirty = True if lastName != user['lastName'] and lastName: user['lastName'] = lastName dirty = True if setId: user.setdefault('oauth', []).append({ 'provider': providerName, 'id': oauthId }) dirty = True if dirty: user = User().save(user) return user
def _createOrReuseUser(cls, oauthId, email, firstName, lastName, userName=None): providerName = cls.getProviderName() # Try finding by ID first, since a user can change their email address query = { # PyMongo may not properly support full embedded document queries, # since the object order matters (and Python dicts are unordered), # so search by individual embedded fields 'oauth.provider': providerName, 'oauth.id': oauthId } if providerName == 'google': # The Google provider was previously stored as capitalized, and # legacy databases may still have these entries query['oauth.provider'] = {'$in': ['google', 'Google']} user = User().findOne(query) setId = not user # Existing users using OAuth2 for the first time will not have an ID if not user: user = User().findOne({'email': email}) dirty = False # Create the user if it's still not found if not user: policy = Setting().get(SettingKey.REGISTRATION_POLICY) if policy == 'closed': ignore = Setting().get(PluginSettings.IGNORE_REGISTRATION_POLICY) if not ignore: raise RestException( 'Registration on this instance is closed. Contact an ' 'administrator to create an account for you.') login = cls._deriveLogin(email, firstName, lastName, userName) user = User().createUser( login=login, password=None, firstName=firstName, lastName=lastName, email=email) else: # Migrate from a legacy format where only 1 provider was stored if isinstance(user.get('oauth'), dict): user['oauth'] = [user['oauth']] dirty = True # Update user data from provider if email != user['email']: user['email'] = email dirty = True # Don't set names to empty string if firstName != user['firstName'] and firstName: user['firstName'] = firstName dirty = True if lastName != user['lastName'] and lastName: user['lastName'] = lastName dirty = True if setId: user.setdefault('oauth', []).append( { 'provider': providerName, 'id': oauthId }) dirty = True if dirty: user = User().save(user) return user
def cilogin(self): code = cherrypy.request.params['code'] data = { 'grant_type': 'authorization_code', 'code': code, 'client_id': 'cilogon:/client_id/' + Setting().get( 'NCIAuth.NCI_client_id'), # 21b3f7acd259afd57d80b831e4ef729d 'client_secret': Setting().get( 'NCIAuth.NCI_client_secret' ), # 'B4VhyuLEINazuL2RJFdkc6M2LTPmPmSwR-81r16udSHbLgJM_fwiPZg9MifbEACCcM44MwkhJzLHZ6Aerpk9nw', 'redirect_uri': Setting().get('NCIAuth.NCI_api_url') + '/nciLogin/CIloginCallback' } res = json.loads( requests.post('https://cilogon.org/oauth2/token', data).content) id_token = res['id_token'] access_token = res['access_token'] data = {'access_token': access_token} userinfo = requests.post('https://cilogon.org/oauth2/userinfo', data) user = json.loads(userinfo.content) NCIemail = user["email"] NCIfirstName = user["given_name"] NCIlastName = user["family_name"] user = User().findOne({'email': NCIemail}) setId = not user dirty = False if not user: policy = Setting().get(SettingKey.REGISTRATION_POLICY) if policy == 'closed': ignore = Setting().get( PluginSettings.IGNORE_REGISTRATION_POLICY) if not ignore: raise RestException( 'Registration on this instance is closed. Contact an ' 'administrator to create an account for you.') login = self._deriveLogin(NCIemail, NCIfirstName, NCIlastName, NCIemail[:NCIemail.index('@')]) user = User().createUser(login=login, password=None, firstName=NCIfirstName, lastName=NCIlastName, email=NCIemail) else: # Migrate from a legacy format where only 1 provider was stored if isinstance(user.get('oauth'), dict): user['oauth'] = [user['oauth']] dirty = True # Update user data from provider if NCIemail != user['email']: user['email'] = NCIemail dirty = True # Don't set names to empty string if NCIfirstName != user['firstName'] and NCIfirstName: user['firstName'] = NCIfirstName dirty = True if NCIlastName != user['lastName'] and NCIlastName: user['lastName'] = NCIlastName dirty = True if setId: user.setdefault('NCI_credential', []).append({'provider': 'NCI'}) dirty = True if dirty: user = User().save(user) girderToken = self.sendAuthTokenCookie(user) raise cherrypy.HTTPRedirect(Setting().get('NCIAuth.NCI_return_url'))
def callback(self): # print cherrypy.request.params['token'] token = cherrypy.request.params['token'] validation = DMSAuthentication("ncifivgSvc", "+vYg<^Y|#4w:r9)", 2) userInfo = validation.validateToken(token) #validation with service NCIemail = userInfo["email"] NCIfirstName = userInfo["first_name"] NCIlastName = userInfo["last_name"] NCIid = userInfo["userID"] user = User().findOne({'email': NCIemail}) setId = not user dirty = False if not user: policy = Setting().get(SettingKey.REGISTRATION_POLICY) if policy == 'closed': ignore = Setting().get( PluginSettings.IGNORE_REGISTRATION_POLICY) if not ignore: raise RestException( 'Registration on this instance is closed. Contact an ' 'administrator to create an account for you.') login = self._deriveLogin(NCIemail, NCIfirstName, NCIlastName, NCIid) user = User().createUser(login=login, password=None, firstName=NCIfirstName, lastName=NCIlastName, email=NCIemail) else: # Migrate from a legacy format where only 1 provider was stored if isinstance(user.get('oauth'), dict): user['oauth'] = [user['oauth']] dirty = True # Update user data from provider if NCIemail != user['email']: user['email'] = NCIemail dirty = True # Don't set names to empty string if NCIfirstName != user['firstName'] and NCIfirstName: user['firstName'] = NCIfirstName dirty = True if NCIlastName != user['lastName'] and NCIlastName: user['lastName'] = NCIlastName dirty = True if setId: user.setdefault('NCI_credential', []).append({'provider': 'NCI'}) dirty = True if dirty: user = User().save(user) girderToken = self.sendAuthTokenCookie(user) raise cherrypy.HTTPRedirect(Setting().get('NCIAuth.NCI_return_url'))