def home():
if not oidc_blueprint.session.authorized:
return redirect(url_for('login'))
try:
account_info = oidc_blueprint.session.get(
urlparse(settings.oidcUrl)[2] + "/userinfo")
except (InvalidTokenError, TokenExpiredError):
flash("Token expired.", 'warning')
return redirect(url_for('login'))
if account_info.ok:
account_info_json = account_info.json()
session["vos"] = None
if 'eduperson_entitlement' in account_info_json:
session["vos"] = utils.getUserVOs(
account_info_json['eduperson_entitlement'])
if settings.oidcGroups:
user_groups = []
if 'groups' in account_info_json:
user_groups = account_info_json['groups']
elif 'eduperson_entitlement' in account_info_json:
user_groups = account_info_json['eduperson_entitlement']
if not set(settings.oidcGroups).issubset(user_groups):
app.logger.debug(
"No match on group membership. User group membership: "
+ json.dumps(user_groups))
message = Markup(
'You need to be a member of the following groups: {0}. <br>'
' Please, visit <a href="{1}">{1}</a> and apply for the requested '
'membership.'.format(json.dumps(settings.oidcGroups),
settings.oidcUrl))
raise Forbidden(description=message)
session['userid'] = account_info_json['sub']
if 'name' in account_info_json:
session['username'] = account_info_json['name']
else:
session['username'] = ""
if 'given_name' in account_info_json:
session['username'] = account_info_json['given_name']
if 'family_name' in account_info_json:
session[
'username'] += " " + account_info_json['family_name']
if session['username'] == "":
session['username'] = account_info_json['sub']
if 'email' in account_info_json:
session['gravatar'] = utils.avatar(account_info_json['email'],
26)
else:
session['gravatar'] = utils.avatar(account_info_json['sub'],
26)
return render_template('portfolio.html', templates=toscaInfo)
else:
flash("Error getting User info: \n" + account_info.text, 'error')
return render_template('home.html', oidc_name=settings.oidcName)
def decorated_function(*args, **kwargs):
if not iam_blueprint.session.authorized or 'username' not in session:
account_info = iam_blueprint.session.get("/userinfo")
if account_info.ok:
account_info_json = account_info.json()
if settings.iamGroups:
user_groups = account_info_json['groups']
if not set(settings.iamGroups).issubset(user_groups):
app.logger.debug(
"No match on group membership. User group membership: "
+ json.dumps(user_groups))
message = Markup('''
You need to be a member of the following IAM groups: {0}. <br>
Please, visit <a href="{1}">{1}</a> and apply for the requested membership.
'''.format(json.dumps(settings.iamGroups),
settings.iamUrl))
raise Forbidden(description=message)
session['username'] = account_info_json['name']
session['gravatar'] = utils.avatar(account_info_json['email'],
26)
session['organisation_name'] = account_info_json[
'organisation_name']
else:
return redirect(
url_for('login',
next=url_for(f.__name__, **kwargs),
_external=True))
elif iam_blueprint.session.token['expires_in'] < 20:
app.logger.debug("Force refresh token")
iam_blueprint.session.get('/userinfo')
validate_configuration()
return f(*args, **kwargs)
def home():
if not iam_blueprint.session.authorized:
return redirect(url_for('login'))
account_info = iam_blueprint.session.get("/userinfo")
if account_info.ok:
account_info_json = account_info.json()
user_groups = account_info_json['groups']
if settings.iamGroups:
if not set(settings.iamGroups).issubset(user_groups):
app.logger.debug("No match on group membership. User group membership: " + json.dumps(user_groups))
message = Markup('You need to be a member of the following IAM groups: {0}. <br> Please, visit <a href="{1}">{1}</a> and apply for the requested membership.'.format(json.dumps(settings.iamGroups), settings.iamUrl))
raise Forbidden(description=message)
session['username'] = account_info_json['name']
session['gravatar'] = utils.avatar(account_info_json['email'], 26)
session['organisation_name'] = account_info_json['organisation_name']
access_token = iam_blueprint.token['access_token']
templates = { k:v for (k,v) in toscaInfo.items() if check_template_access(v.get("metadata").get("allowed_groups"),user_groups) }
return render_template('portfolio.html', templates=templates)