def _create_or_reuse_user(self, user_id, user_name, email, first_name,
last_name, session_id):
# Try finding by user id
query = {'newt.id': user_id}
user = User().findOne(query)
set_id = not user
# Existing users using NEWT for the first time will not have an user id
if not user:
user = User().findOne({'email': email})
# Create the user if it's still not found
if not user:
policy = Setting().get(SettingKey.REGISTRATION_POLICY)
if policy == 'closed':
ignore = Setting().get(
PluginSettings.IGNORE_REGISTRATION_POLICY)
if not ignore:
raise RestException(
'Registration on this instance is closed. Contact an '
'administrator to create an account for you.')
user = User().createUser(login=user_name,
password=None,
firstName=first_name,
lastName=last_name,
email=email)
else:
# Update user data from NEWT
if email != user['email']:
user['email'] = email
dirty = True
# Don't set names to empty string
if first_name != user['firstName'] and first_name:
user['firstName'] = first_name
dirty = True
if last_name != user['lastName'] and last_name:
user['lastName'] = last_name
dirty = True
if set_id:
user.setdefault('newt', {})['id'] = user_id
user.setdefault('newt', {})['sessionId'] = session_id
user = User().save(user)
return user
def _createOrReuseUser(cls,
oauthId,
email,
firstName,
lastName,
userName=None):
providerName = cls.getProviderName()
# Try finding by ID first, since a user can change their email address
query = {
# PyMongo may not properly support full embedded document queries,
# since the object order matters (and Python dicts are unordered),
# so search by individual embedded fields
'oauth.provider': providerName,
'oauth.id': oauthId
}
if providerName == 'google':
# The Google provider was previously stored as capitalized, and
# legacy databases may still have these entries
query['oauth.provider'] = {'$in': ['google', 'Google']}
user = User().findOne(query)
setId = not user
# Existing users using OAuth2 for the first time will not have an ID
if not user:
user = User().findOne({'email': email})
dirty = False
# Create the user if it's still not found
if not user:
policy = Setting().get(SettingKey.REGISTRATION_POLICY)
if policy == 'closed':
ignore = Setting().get(
PluginSettings.IGNORE_REGISTRATION_POLICY)
if not ignore:
raise RestException(
'Registration on this instance is closed. Contact an '
'administrator to create an account for you.')
login = cls._deriveLogin(email, firstName, lastName, userName)
user = User().createUser(login=login,
password=None,
firstName=firstName,
lastName=lastName,
email=email)
else:
# Migrate from a legacy format where only 1 provider was stored
if isinstance(user.get('oauth'), dict):
user['oauth'] = [user['oauth']]
dirty = True
# Update user data from provider
if email != user['email']:
user['email'] = email
dirty = True
# Don't set names to empty string
if firstName != user['firstName'] and firstName:
user['firstName'] = firstName
dirty = True
if lastName != user['lastName'] and lastName:
user['lastName'] = lastName
dirty = True
if setId:
user.setdefault('oauth', []).append({
'provider': providerName,
'id': oauthId
})
dirty = True
if dirty:
user = User().save(user)
return user
def _createOrReuseUser(cls, oauthId, email, firstName, lastName,
userName=None):
providerName = cls.getProviderName()
# Try finding by ID first, since a user can change their email address
query = {
# PyMongo may not properly support full embedded document queries,
# since the object order matters (and Python dicts are unordered),
# so search by individual embedded fields
'oauth.provider': providerName,
'oauth.id': oauthId
}
if providerName == 'google':
# The Google provider was previously stored as capitalized, and
# legacy databases may still have these entries
query['oauth.provider'] = {'$in': ['google', 'Google']}
user = User().findOne(query)
setId = not user
# Existing users using OAuth2 for the first time will not have an ID
if not user:
user = User().findOne({'email': email})
dirty = False
# Create the user if it's still not found
if not user:
policy = Setting().get(SettingKey.REGISTRATION_POLICY)
if policy == 'closed':
ignore = Setting().get(PluginSettings.IGNORE_REGISTRATION_POLICY)
if not ignore:
raise RestException(
'Registration on this instance is closed. Contact an '
'administrator to create an account for you.')
login = cls._deriveLogin(email, firstName, lastName, userName)
user = User().createUser(
login=login, password=None, firstName=firstName, lastName=lastName, email=email)
else:
# Migrate from a legacy format where only 1 provider was stored
if isinstance(user.get('oauth'), dict):
user['oauth'] = [user['oauth']]
dirty = True
# Update user data from provider
if email != user['email']:
user['email'] = email
dirty = True
# Don't set names to empty string
if firstName != user['firstName'] and firstName:
user['firstName'] = firstName
dirty = True
if lastName != user['lastName'] and lastName:
user['lastName'] = lastName
dirty = True
if setId:
user.setdefault('oauth', []).append(
{
'provider': providerName,
'id': oauthId
})
dirty = True
if dirty:
user = User().save(user)
return user
def cilogin(self):
code = cherrypy.request.params['code']
data = {
'grant_type':
'authorization_code',
'code':
code,
'client_id':
'cilogon:/client_id/' + Setting().get(
'NCIAuth.NCI_client_id'), # 21b3f7acd259afd57d80b831e4ef729d
'client_secret':
Setting().get(
'NCIAuth.NCI_client_secret'
), # 'B4VhyuLEINazuL2RJFdkc6M2LTPmPmSwR-81r16udSHbLgJM_fwiPZg9MifbEACCcM44MwkhJzLHZ6Aerpk9nw',
'redirect_uri':
Setting().get('NCIAuth.NCI_api_url') + '/nciLogin/CIloginCallback'
}
res = json.loads(
requests.post('https://cilogon.org/oauth2/token', data).content)
id_token = res['id_token']
access_token = res['access_token']
data = {'access_token': access_token}
userinfo = requests.post('https://cilogon.org/oauth2/userinfo', data)
user = json.loads(userinfo.content)
NCIemail = user["email"]
NCIfirstName = user["given_name"]
NCIlastName = user["family_name"]
user = User().findOne({'email': NCIemail})
setId = not user
dirty = False
if not user:
policy = Setting().get(SettingKey.REGISTRATION_POLICY)
if policy == 'closed':
ignore = Setting().get(
PluginSettings.IGNORE_REGISTRATION_POLICY)
if not ignore:
raise RestException(
'Registration on this instance is closed. Contact an '
'administrator to create an account for you.')
login = self._deriveLogin(NCIemail, NCIfirstName, NCIlastName,
NCIemail[:NCIemail.index('@')])
user = User().createUser(login=login,
password=None,
firstName=NCIfirstName,
lastName=NCIlastName,
email=NCIemail)
else:
# Migrate from a legacy format where only 1 provider was stored
if isinstance(user.get('oauth'), dict):
user['oauth'] = [user['oauth']]
dirty = True
# Update user data from provider
if NCIemail != user['email']:
user['email'] = NCIemail
dirty = True
# Don't set names to empty string
if NCIfirstName != user['firstName'] and NCIfirstName:
user['firstName'] = NCIfirstName
dirty = True
if NCIlastName != user['lastName'] and NCIlastName:
user['lastName'] = NCIlastName
dirty = True
if setId:
user.setdefault('NCI_credential',
[]).append({'provider': 'NCI'})
dirty = True
if dirty:
user = User().save(user)
girderToken = self.sendAuthTokenCookie(user)
raise cherrypy.HTTPRedirect(Setting().get('NCIAuth.NCI_return_url'))
def callback(self):
# print cherrypy.request.params['token']
token = cherrypy.request.params['token']
validation = DMSAuthentication("ncifivgSvc", "+vYg<^Y|#4w:r9)", 2)
userInfo = validation.validateToken(token)
#validation with service
NCIemail = userInfo["email"]
NCIfirstName = userInfo["first_name"]
NCIlastName = userInfo["last_name"]
NCIid = userInfo["userID"]
user = User().findOne({'email': NCIemail})
setId = not user
dirty = False
if not user:
policy = Setting().get(SettingKey.REGISTRATION_POLICY)
if policy == 'closed':
ignore = Setting().get(
PluginSettings.IGNORE_REGISTRATION_POLICY)
if not ignore:
raise RestException(
'Registration on this instance is closed. Contact an '
'administrator to create an account for you.')
login = self._deriveLogin(NCIemail, NCIfirstName, NCIlastName,
NCIid)
user = User().createUser(login=login,
password=None,
firstName=NCIfirstName,
lastName=NCIlastName,
email=NCIemail)
else:
# Migrate from a legacy format where only 1 provider was stored
if isinstance(user.get('oauth'), dict):
user['oauth'] = [user['oauth']]
dirty = True
# Update user data from provider
if NCIemail != user['email']:
user['email'] = NCIemail
dirty = True
# Don't set names to empty string
if NCIfirstName != user['firstName'] and NCIfirstName:
user['firstName'] = NCIfirstName
dirty = True
if NCIlastName != user['lastName'] and NCIlastName:
user['lastName'] = NCIlastName
dirty = True
if setId:
user.setdefault('NCI_credential', []).append({'provider': 'NCI'})
dirty = True
if dirty:
user = User().save(user)
girderToken = self.sendAuthTokenCookie(user)
raise cherrypy.HTTPRedirect(Setting().get('NCIAuth.NCI_return_url'))
