def _add_fabric_claims(self):
"""
Set the claims for the Token by adding membership, project and scope
"""
sub = self.claims.get("sub")
url = CONFIG_OBJ.get_pr_url()
roles = None
projects = None
if CONFIG_OBJ.is_project_registry_enabled():
project_registry = ProjectRegistry(api_server=url, cookie=self._get_vouch_cookie(),
cookie_name=CONFIG_OBJ.get_vouch_cookie_name(),
cookie_domain=CONFIG_OBJ.get_vouch_cookie_domain_name())
roles, projects = project_registry.get_projects_and_roles(sub)
else:
email = self.claims.get("email")
roles, projects = CmLdapMgrSingleton.get().get_active_projects_and_roles_from_ldap(eppn=None, email=email)
LOG.debug("Projects: %s, Roles: %s", projects, roles)
projects_to_be_removed = []
for project in projects.keys():
LOG.debug("Processing %s", project)
if self.project != "all" and self.project not in project:
projects_to_be_removed.append(project)
for x in projects_to_be_removed:
projects.pop(x)
if len(projects) < 1:
raise TokenError("User is not a member of any of the project")
self.claims['projects'] = projects
self.claims["roles"] = roles
self.claims["scope"] = self.scope
LOG.debug("Claims %s", self.claims)
self.unset = False
def authorize(request):
ci_logon_id_token = request.headers.get(VOUCH_ID_TOKEN, None)
refresh_token = request.headers.get(VOUCH_REFRESH_TOKEN, None)
cookie_name = CONFIG_OBJ.get_vouch_cookie_name()
cookie = request.cookies.get(cookie_name)
return ci_logon_id_token, refresh_token, cookie