def create_client(self, userid="", **kwargs):
"""
Do an instantiation of a client instance.
:param userid: An identifier of the user
:param: Keyword arguments
Keys are ["srv_discovery_url", "client_info", "client_registration",
"provider_info"]
:return: client instance
"""
_key_set = set(list(kwargs.keys()))
try:
_verify_ssl = kwargs["verify_ssl"]
except KeyError:
_verify_ssl = self.verify_ssl
else:
_key_set.discard("verify_ssl")
client = self.client_cls(
client_authn_method=CLIENT_AUTHN_METHOD,
behaviour=kwargs["behaviour"],
verify_ssl=_verify_ssl,
)
try:
client.userinfo_request_method = kwargs["userinfo_request_method"]
except KeyError:
pass
else:
_key_set.discard("userinfo_request_method")
# The behaviour parameter is not significant for the election process
_key_set.discard("behaviour")
for param in ["allow"]:
try:
setattr(client, param, kwargs[param])
except KeyError:
pass
else:
_key_set.discard(param)
if _key_set == {"client_info"}: # Everything dynamic
# There has to be a userid
if not userid:
raise MissingAttribute("Missing userid specification")
# Find the service that provides information about the OP
issuer = client.wf.discovery_query(userid)
# Gather OP information
client.provider_config(issuer)
# register the client
client.register(
client.provider_info["registration_endpoint"], **kwargs["client_info"]
)
self.get_path(kwargs["client_info"]["redirect_uris"], issuer)
elif _key_set == set(["client_info", "srv_discovery_url"]):
# Ship the webfinger part
# Gather OP information
client.provider_config(kwargs["srv_discovery_url"])
# register the client
client.register(
client.provider_info["registration_endpoint"], **kwargs["client_info"]
)
self.get_path(
kwargs["client_info"]["redirect_uris"], kwargs["srv_discovery_url"]
)
elif _key_set == set(["provider_info", "client_info"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"],
)
client.register(
client.provider_info["registration_endpoint"], **kwargs["client_info"]
)
self.get_path(
kwargs["client_info"]["redirect_uris"],
kwargs["provider_info"]["issuer"],
)
elif _key_set == set(["provider_info", "client_registration"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"],
)
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"])
)
self.get_path(
kwargs["client_info"]["redirect_uris"],
kwargs["provider_info"]["issuer"],
)
elif _key_set == set(["srv_discovery_url", "client_registration"]):
client.provider_config(kwargs["srv_discovery_url"])
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"])
)
self.get_path(
kwargs["client_registration"]["redirect_uris"],
kwargs["srv_discovery_url"],
)
else:
raise Exception("Configuration error ?")
return client
def create_client(self, userid="", **kwargs):
"""
Do an instantiation of a client instance
:param userid: An identifier of the user
:param: Keyword arguments
Keys are ["srv_discovery_url", "client_info", "client_registration",
"provider_info"]
:return: client instance
"""
_key_set = set(kwargs.keys())
args = {}
for param in ["verify_ssl"]:
try:
args[param] = kwargs[param]
except KeyError:
pass
else:
_key_set.discard(param)
try:
verify_ssl = default_ssl_check
except:
verify_ssl = True
client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD,
behaviour=kwargs["behaviour"],
verify_ssl=verify_ssl,
**args)
# The behaviour parameter is not significant for the election process
_key_set.discard("behaviour")
for param in ["allow"]:
try:
setattr(client, param, kwargs[param])
except KeyError:
pass
else:
_key_set.discard(param)
if _key_set == set(["client_info"]): # Everything dynamic
# There has to be a userid
if not userid:
raise MissingAttribute("Missing userid specification")
# Find the service that provides information about the OP
issuer = client.wf.discovery_query(userid)
# Gather OP information
client.provider_config(issuer)
# register the client
client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["client_info", "srv_discovery_url"]):
# Ship the webfinger part
# Gather OP information
client.provider_config(kwargs["srv_discovery_url"])
# register the client
client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["provider_info", "client_info"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"])
client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["provider_info", "client_registration"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"])
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"]))
elif _key_set == set(["srv_discovery_url", "client_registration"]):
try:
client.provider_config(kwargs["srv_discovery_url"])
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"]))
except Exception as e:
logger.error(
"Provider info discovery failed for %s - assume backend unworkable",
kwargs["srv_discovery_url"])
logger.exception(e)
else:
raise Exception("Configuration error ?")
return client
def __call__(self, userid, client_id, user_info_claims=None, **kwargs):
"""
:param userid: The local user id
:param user_info_claims: Possible userinfo claims (a dictionary)
:return: A schema dependent userinfo instance
"""
logger.info("User_info about '%s'" % userid)
identity = copy.copy(self.db[userid])
if user_info_claims:
result = {}
missing = []
optional = []
if "claims" in user_info_claims:
for key, restr in user_info_claims["claims"].items():
try:
result[key] = identity[key]
except KeyError:
if restr == {"essential": True}:
missing.append(key)
else:
optional.append(key)
# Check if anything asked for is somewhere else
if (missing or optional) and "_external_" in identity:
cpoints = {}
remaining = missing[:]
missing.extend(optional)
for key in missing:
for _srv, what in identity["_external_"].items():
if key in what:
try:
cpoints[_srv].append(key)
except KeyError:
cpoints[_srv] = [key]
try:
remaining.remove(key)
except ValueError:
pass
if remaining:
raise MissingAttribute("Missing properties '%s'" %
remaining)
for srv, what in cpoints.items():
cc = self.oidcsrv.claims_clients[srv]
logger.debug("srv: %s, what: %s" %
(sanitize(srv), sanitize(what)))
_res = self._collect_distributed(srv, cc, userid, what)
logger.debug("Got: %s" % sanitize(_res))
for key, val in _res.items():
if key in result:
result[key].update(val)
else:
result[key] = val
else:
# default is what "openid" demands which is sub
# result = identity
result = {"sub": userid}
return OpenIDSchema(**result)
def func_exception():
raise MissingAttribute('foo')
def create_client(**kwargs):
"""
kwargs = config.CLIENT.iteritems
"""
_key_set = set(kwargs.keys())
args = {}
for param in ["verify_ssl", "client_id", "client_secret"]:
try:
args[param] = kwargs[param]
except KeyError:
try:
args[param] = kwargs['client_registration'][param]
except KeyError:
pass
else:
_key_set.discard(param)
client = Client(client_authn_method=CLIENT_AUTHN_METHOD,
behaviour=kwargs["behaviour"],
verify_ssl=conf.VERIFY_SSL,
**args)
# The behaviour parameter is not significant for the election process
_key_set.discard("behaviour")
# I do not understand how this was ever working without discarding this
# Below is not a case where _key_set includes "registration_response"
_key_set.discard("registration_response")
for param in ["allow"]:
try:
setattr(client, param, kwargs[param])
except KeyError:
pass
else:
_key_set.discard(param)
if _key_set == set(["client_info"]): # Everything dynamic
# There has to be a userid
if not userid:
raise MissingAttribute("Missing userid specification")
# Find the service that provides information about the OP
issuer = client.wf.discovery_query(userid)
# Gather OP information
_ = client.provider_config(issuer)
# register the client
_ = client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["client_info", "srv_discovery_url"]):
# Ship the webfinger part
# Gather OP information
_ = client.provider_config(kwargs["srv_discovery_url"])
# register the client
_ = client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["provider_info", "client_info"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"])
_ = client.register(client.provider_info["registration_endpoint"],
**kwargs["client_info"])
elif _key_set == set(["provider_info", "client_registration"]):
client.handle_provider_config(
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"])
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"]))
elif _key_set == set(["srv_discovery_url", "client_registration"]):
_ = client.provider_config(kwargs["srv_discovery_url"])
client.store_registration_info(
RegistrationResponse(**kwargs["client_registration"]))
else:
raise Exception("Configuration error ?")
return client
