def _account_info(remote, resp): """Retrieve remote account information used to find local user.""" resource = get_resource(remote, resp) valid_roles = current_app.config.get( "OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES", OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES, ) cern_roles = resource.get("cern_roles") if cern_roles is None or not set(cern_roles).issubset(valid_roles): raise OAuthCERNRejectedAccountError( "User roles {0} are not one of {1}".format(cern_roles, valid_roles), remote, resp, ) email = resource["email"] person_id = resource.get("cern_person_id") external_id = resource["cern_upn"] nice = resource["preferred_username"] name = resource["name"] return dict( user=dict(email=email.lower(), profile=dict(username=nice, full_name=name)), external_id=external_id, external_method="cern_openid", active=True, )
def _account_info(remote, resp): """Retrieve remote account information used to find local user.""" resource = get_resource(remote) valid_identities = current_app.config.get( 'OAUTHCLIENT_CERN_ALLOWED_IDENTITY_CLASSES', OAUTHCLIENT_CERN_ALLOWED_IDENTITY_CLASSES) identity_class = resource.get('IdentityClass', [None])[0] if identity_class is None or identity_class not in valid_identities: raise OAuthCERNRejectedAccountError( 'Identity class {0} is not one of [{1}]'.format( identity_class, ''.join(valid_identities)), remote, resp, ) email = resource['EmailAddress'][0] person_id = resource.get('PersonID', [None]) external_id = resource.get('uidNumber', person_id)[0] nice = resource['CommonName'][0] name = resource['DisplayName'][0] return dict(user=dict( email=email.lower(), profile=dict(username=nice, full_name=name), ), external_id=external_id, external_method='cern', active=True)