def save_authorization_code(self, client_id, code, request, *args, **kwargs): """Save the code to the storage and remove the state as it is persisted in the "code" argument """ openid = request._params["openid.claimed_id"] email = request._params["openid.sreg.email"] full_name = request._params["openid.sreg.fullname"] last_login = datetime.datetime.now(pytz.utc) user = user_api.user_get_by_openid(openid) user_dict = {"full_name": full_name, "email": email, "last_login": last_login} if not user: user_dict.update({"openid": openid}) user = user_api.user_create(user_dict) else: user = user_api.user_update(user.id, user_dict) # def save_authorization_code(self, authorization_code, user_id): values = { "code": code["code"], "state": code["state"], "user_id": user.id, "expires_in": CONF.oauth.authorization_code_ttl } auth_api.authorization_code_save(values)
def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): """Scopes are not supported in OpenId-connect The "user" value is hardcoded here to fill the difference between the protocols. """ # Verify that the claimed user is allowed to log in. openid = request._params["openid.claimed_id"] user = user_api.user_get_by_openid(openid) if user and not user.enable_login: return False return scopes == "user"