def _add_fabric_claims(self): """ Set the claims for the Token by adding membership, project and scope """ sub = self.claims.get("sub") url = CONFIG_OBJ.get_pr_url() roles = None projects = None if CONFIG_OBJ.is_project_registry_enabled(): project_registry = ProjectRegistry(api_server=url, cookie=self._get_vouch_cookie(), cookie_name=CONFIG_OBJ.get_vouch_cookie_name(), cookie_domain=CONFIG_OBJ.get_vouch_cookie_domain_name()) roles, projects = project_registry.get_projects_and_roles(sub) else: email = self.claims.get("email") roles, projects = CmLdapMgrSingleton.get().get_active_projects_and_roles_from_ldap(eppn=None, email=email) LOG.debug("Projects: %s, Roles: %s", projects, roles) projects_to_be_removed = [] for project in projects.keys(): LOG.debug("Processing %s", project) if self.project != "all" and self.project not in project: projects_to_be_removed.append(project) for x in projects_to_be_removed: projects.pop(x) if len(projects) < 1: raise TokenError("User is not a member of any of the project") self.claims['projects'] = projects self.claims["roles"] = roles self.claims["scope"] = self.scope LOG.debug("Claims %s", self.claims) self.unset = False
def authorize(request): ci_logon_id_token = request.headers.get(VOUCH_ID_TOKEN, None) refresh_token = request.headers.get(VOUCH_REFRESH_TOKEN, None) cookie_name = CONFIG_OBJ.get_vouch_cookie_name() cookie = request.cookies.get(cookie_name) return ci_logon_id_token, refresh_token, cookie