def home(): if not oidc_blueprint.session.authorized: return redirect(url_for('login')) try: account_info = oidc_blueprint.session.get( urlparse(settings.oidcUrl)[2] + "/userinfo") except (InvalidTokenError, TokenExpiredError): flash("Token expired.", 'warning') return redirect(url_for('login')) if account_info.ok: account_info_json = account_info.json() session["vos"] = None if 'eduperson_entitlement' in account_info_json: session["vos"] = utils.getUserVOs( account_info_json['eduperson_entitlement']) if settings.oidcGroups: user_groups = [] if 'groups' in account_info_json: user_groups = account_info_json['groups'] elif 'eduperson_entitlement' in account_info_json: user_groups = account_info_json['eduperson_entitlement'] if not set(settings.oidcGroups).issubset(user_groups): app.logger.debug( "No match on group membership. User group membership: " + json.dumps(user_groups)) message = Markup( 'You need to be a member of the following groups: {0}. <br>' ' Please, visit <a href="{1}">{1}</a> and apply for the requested ' 'membership.'.format(json.dumps(settings.oidcGroups), settings.oidcUrl)) raise Forbidden(description=message) session['userid'] = account_info_json['sub'] if 'name' in account_info_json: session['username'] = account_info_json['name'] else: session['username'] = "" if 'given_name' in account_info_json: session['username'] = account_info_json['given_name'] if 'family_name' in account_info_json: session[ 'username'] += " " + account_info_json['family_name'] if session['username'] == "": session['username'] = account_info_json['sub'] if 'email' in account_info_json: session['gravatar'] = utils.avatar(account_info_json['email'], 26) else: session['gravatar'] = utils.avatar(account_info_json['sub'], 26) return render_template('portfolio.html', templates=toscaInfo) else: flash("Error getting User info: \n" + account_info.text, 'error') return render_template('home.html', oidc_name=settings.oidcName)
def decorated_function(*args, **kwargs): if not iam_blueprint.session.authorized or 'username' not in session: account_info = iam_blueprint.session.get("/userinfo") if account_info.ok: account_info_json = account_info.json() if settings.iamGroups: user_groups = account_info_json['groups'] if not set(settings.iamGroups).issubset(user_groups): app.logger.debug( "No match on group membership. User group membership: " + json.dumps(user_groups)) message = Markup(''' You need to be a member of the following IAM groups: {0}. <br> Please, visit <a href="{1}">{1}</a> and apply for the requested membership. '''.format(json.dumps(settings.iamGroups), settings.iamUrl)) raise Forbidden(description=message) session['username'] = account_info_json['name'] session['gravatar'] = utils.avatar(account_info_json['email'], 26) session['organisation_name'] = account_info_json[ 'organisation_name'] else: return redirect( url_for('login', next=url_for(f.__name__, **kwargs), _external=True)) elif iam_blueprint.session.token['expires_in'] < 20: app.logger.debug("Force refresh token") iam_blueprint.session.get('/userinfo') validate_configuration() return f(*args, **kwargs)
def home(): if not iam_blueprint.session.authorized: return redirect(url_for('login')) account_info = iam_blueprint.session.get("/userinfo") if account_info.ok: account_info_json = account_info.json() user_groups = account_info_json['groups'] if settings.iamGroups: if not set(settings.iamGroups).issubset(user_groups): app.logger.debug("No match on group membership. User group membership: " + json.dumps(user_groups)) message = Markup('You need to be a member of the following IAM groups: {0}. <br> Please, visit <a href="{1}">{1}</a> and apply for the requested membership.'.format(json.dumps(settings.iamGroups), settings.iamUrl)) raise Forbidden(description=message) session['username'] = account_info_json['name'] session['gravatar'] = utils.avatar(account_info_json['email'], 26) session['organisation_name'] = account_info_json['organisation_name'] access_token = iam_blueprint.token['access_token'] templates = { k:v for (k,v) in toscaInfo.items() if check_template_access(v.get("metadata").get("allowed_groups"),user_groups) } return render_template('portfolio.html', templates=templates)