def _get_user_name_and_groups(nexus_host, token, nexus_ca=None):
"""
Contact globus online to get username and groups of the user who
owns the token. Raises an error if the token is expired or invalid.
"""
token_dict = dict(field.split("=")
for field in token.split("|"))
username = token_dict["un"]
path = "/users/%s?fields=username,groups" % username
headers = dict(
Authorization="%s %s" % (AUTHORIZATION_METHOD, token),
)
# If connection fails, let the exception go through and hit the
# web.py handler unless the application has setup special handling.
c = VerifiedHTTPSConnection(host=nexus_host, port=443)
if nexus_ca:
c.set_cert(cert_reqs='CERT_REQUIRED', ca_certs=nexus_ca)
else:
c.set_cert(cert_reqs='CERT_NONE', ca_certs=None)
c.request("GET", path, headers=headers)
r = c.getresponse()
body = r.read()
c.close()
if r.status == 403:
raise exc.AuthnFailed("Authentication failed")
elif r.status != 200:
raise exc.InvalidCredentials("Invalid token")
parsed = json.loads(body)
groups = [x["id"] for x in parsed["groups"]]
groups.append("admin")
groups.append("g:admin")
return username, groups
