def _account_info(remote, resp):
"""Retrieve remote account information used to find local user."""
resource = get_resource(remote, resp)
valid_roles = current_app.config.get(
"OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES",
OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES,
)
cern_roles = resource.get("cern_roles")
if cern_roles is None or not set(cern_roles).issubset(valid_roles):
raise OAuthCERNRejectedAccountError(
"User roles {0} are not one of {1}".format(cern_roles,
valid_roles),
remote,
resp,
)
email = resource["email"]
person_id = resource.get("cern_person_id")
external_id = resource["cern_upn"]
nice = resource["preferred_username"]
name = resource["name"]
return dict(
user=dict(email=email.lower(),
profile=dict(username=nice, full_name=name)),
external_id=external_id,
external_method="cern_openid",
active=True,
)
def _account_info(remote, resp):
"""Retrieve remote account information used to find local user."""
resource = get_resource(remote)
valid_identities = current_app.config.get(
'OAUTHCLIENT_CERN_ALLOWED_IDENTITY_CLASSES',
OAUTHCLIENT_CERN_ALLOWED_IDENTITY_CLASSES)
identity_class = resource.get('IdentityClass', [None])[0]
if identity_class is None or identity_class not in valid_identities:
raise OAuthCERNRejectedAccountError(
'Identity class {0} is not one of [{1}]'.format(
identity_class, ''.join(valid_identities)),
remote,
resp,
)
email = resource['EmailAddress'][0]
person_id = resource.get('PersonID', [None])
external_id = resource.get('uidNumber', person_id)[0]
nice = resource['CommonName'][0]
name = resource['DisplayName'][0]
return dict(user=dict(
email=email.lower(),
profile=dict(username=nice, full_name=name),
),
external_id=external_id,
external_method='cern',
active=True)