def _populate_test_identity(session, **kwargs):
"""
Add test information to db if it doesn't already exist
for the IdentityProvider of the default test user
"""
instance = session.query(IdentityProvider).filter_by(**kwargs).first()
if not instance:
instance = IdentityProvider(**kwargs)
session.add(instance)
session.commit()
return instance
def login_user(username, provider, fence_idp=None, shib_idp=None):
"""
Login a user with the given username and provider. Set values in Flask
session to indicate the user being logged in. In addition, commit the user
and associated idp information to the db.
Args:
username (str): specific username of user to be logged in
provider (str): specfic idp of user to be logged in
"""
def set_flask_session_values(user):
"""
Helper fuction to set user values in the session.
Args:
user (User): User object
"""
flask.session["username"] = user.username
flask.session["user_id"] = str(user.id)
flask.session["provider"] = user.identity_provider.name
if fence_idp:
flask.session["fence_idp"] = fence_idp
if shib_idp:
flask.session["shib_idp"] = shib_idp
flask.g.user = user
flask.g.scopes = ["_all"]
flask.g.token = None
user = query_for_user(session=current_session, username=username)
if user:
# This expression is relevant to those users who already have user and
# idp info persisted to the database. We return early to avoid
# unnecessarily re-saving that user and idp info.
if user.identity_provider and user.identity_provider.name == provider:
set_flask_session_values(user)
return
else:
user = User(username=username)
idp = (current_session.query(IdentityProvider).filter(
IdentityProvider.name == provider).first())
if not idp:
idp = IdentityProvider(name=provider)
user.identity_provider = idp
current_session.add(user)
current_session.commit()
set_flask_session_values(user)
def login_user(request, username, provider):
user = current_session.query(
User).filter(User.username == username).first()
if not user:
user = User(username=username)
idp = (
current_session.query(IdentityProvider)
.filter(IdentityProvider.name == provider).first()
)
if not idp:
idp = IdentityProvider(name=provider)
user.identity_provider = idp
current_session.add(user)
current_session.commit()
flask.g.user = user
flask.g.scopes = ["_all"]
flask.g.token = None
def login_user(request, username, provider):
user = query_for_user(session=current_session, username=username)
if not user:
user = User(username=username)
idp = (current_session.query(IdentityProvider).filter(
IdentityProvider.name == provider).first())
if not idp:
idp = IdentityProvider(name=provider)
user.identity_provider = idp
current_session.add(user)
current_session.commit()
flask.session["username"] = username
flask.session["provider"] = provider
flask.session["user_id"] = str(user.id)
flask.g.user = user
flask.g.scopes = ["_all"]
flask.g.token = None
def test_login_user_with_idp_already_in_db(db_session):
"""
Test that if a user is already in the database, has identity_provider
configured, and logs in, the session will contain the user's information.
"""
email = "*****@*****.**"
provider = "Test Provider"
test_user = User(username=email, is_admin=False)
test_idp = IdentityProvider(name=provider)
test_user.identity_provider = test_idp
db_session.add(test_user)
db_session.commit()
user_id = str(test_user.id)
login_user(email, provider)
assert test_user.identity_provider.name == provider
assert flask.session["username"] == email
assert flask.session["provider"] == provider
assert flask.session["user_id"] == user_id
assert flask.g.user == test_user
def login_user(username,
provider,
fence_idp=None,
shib_idp=None,
email=None,
id_from_idp=None):
"""
Login a user with the given username and provider. Set values in Flask
session to indicate the user being logged in. In addition, commit the user
and associated idp information to the db.
Args:
username (str): specific username of user to be logged in
provider (str): specfic idp of user to be logged in
fence_idp (str, optional): Downstreawm fence IdP
shib_idp (str, optional): Downstreawm shibboleth IdP
email (str, optional): email of user (may or may not match username depending
on the IdP)
id_from_idp (str, optional): id from the IDP (which may be different than
the username)
"""
def set_flask_session_values(user):
"""
Helper fuction to set user values in the session.
Args:
user (User): User object
"""
flask.session["username"] = user.username
flask.session["user_id"] = str(user.id)
flask.session["provider"] = user.identity_provider.name
if fence_idp:
flask.session["fence_idp"] = fence_idp
if shib_idp:
flask.session["shib_idp"] = shib_idp
flask.g.user = user
flask.g.scopes = ["_all"]
flask.g.token = None
user = query_for_user(session=current_session, username=username)
if user:
_update_users_email(user, email)
_update_users_id_from_idp(user, id_from_idp)
# This expression is relevant to those users who already have user and
# idp info persisted to the database. We return early to avoid
# unnecessarily re-saving that user and idp info.
if user.identity_provider and user.identity_provider.name == provider:
set_flask_session_values(user)
return
else:
# we need a new user
user = User(username=username)
if email:
user.email = email
if id_from_idp:
user.id_from_idp = id_from_idp
# TODO: update iss_sub mapping table?
# setup idp connection for new user (or existing user w/o it setup)
idp = (current_session.query(IdentityProvider).filter(
IdentityProvider.name == provider).first())
if not idp:
idp = IdentityProvider(name=provider)
user.identity_provider = idp
current_session.add(user)
current_session.commit()
set_flask_session_values(user)