Exemplo n.º 1
0
 def _get_identity(self, identifier):
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(identifier, self._attributes)
     if not user_dn:
         return None
     return IdentityInfo(self,
                         identifier=user_data[self.ldap_settings['uid']][0],
                         **to_unicode(user_data))
Exemplo n.º 2
0
 def get_identity_from_auth(self, auth_info):
     identifier = auth_info.data.get(self.id_field)
     if not identifier:
         raise IdentityRetrievalFailed(
             'Identifier ({}) missing in authlib response'.format(
                 self.id_field),
             provider=self)
     return IdentityInfo(self, identifier=identifier, **auth_info.data)
Exemplo n.º 3
0
 def search_identities(self, criteria, exact=False):
     compare = operator.eq if exact else operator.contains
     for identifier, user in iteritems(self.settings['identities']):
         for key, values in iteritems(criteria):
             if not any(compare(user[key], v) for v in values):
                 break
         else:
             yield IdentityInfo(self, identifier, **user)
 def get_identity(self, identifier):
     identity_data = self._query_single_user_by_sub(identifier)
     if identity_data is None:
         return None
     else:
         return IdentityInfo(self,
                             identifier=identity_data['sub'],
                             **identity_data)
Exemplo n.º 5
0
    def search_identities_ex(self, criteria, exact=False, limit=None):
        if any(len(x) != 1 for x in criteria.values()):
            # Unfortunately the API does not support OR filters (yet?).
            # Fortunately we never search for more than one value anyway, except for emails when
            # looking up identities based on the user's email address.
            if len(criteria) != 1:
                raise MultipassException(
                    'This provider does not support multiple values for a search criterion',
                    provider=self)

            field, values = dict(criteria).popitem()
            seen = set()
            total = 0
            all_identities = []
            for value in values:
                identities = self.search_identities_ex({field: [value]},
                                                       exact=exact,
                                                       limit=limit)[0]
                for identity in identities:
                    if identity.identifier not in seen:
                        seen.add(identity.identifier)
                        all_identities.append(identity)
                        total += 1
            return all_identities, total

        criteria = {k: next(iter(v)) for k, v in criteria.items()}
        op = 'eq' if exact else 'contains'
        api_criteria = [
            '{}:{}:{}'.format(k, op, v) for k, v in criteria.items()
        ]
        api_criteria.append('type:eq:Person')
        api_criteria += self.settings['extra_search_filters']
        params = {
            'limit':
            limit or 5000,
            'filter':
            api_criteria,
            'field': [
                'upn',
                'firstName',
                'lastName',
                'displayName',
                'instituteName',
                'primaryAccountEmail',
            ],
        }

        with self._get_api_session() as api_session:
            results, total = self._fetch_all(api_session,
                                             '/api/v1.0/Identity',
                                             params,
                                             limit=limit)

        identities = []
        for res in results:
            del res['id']
            identities.append(IdentityInfo(self, res['upn'], **res))
        return identities, total
Exemplo n.º 6
0
 def _get_identity(self, token):
     resp = self.oauth_app.request(self.settings['endpoint'], method=self.settings['method'], token=(token, None))
     if resp.status not in self.settings['valid_statuses']:
         raise IdentityRetrievalFailed('Could not retrieve identity data')
     elif resp.status == 404:
         return None
     identifier = resp.data[self.settings['identifier_field']]
     multipass_data = {'oauth_token': token}
     return IdentityInfo(self, identifier, multipass_data, **resp.data)
 def get_members(self):
     page_iterator = self.cognito_client.get_paginator(
         'list_users_in_group').paginate(UserPoolId=self.user_pool_id,
                                         GroupName=self.name)
     for response in page_iterator:
         for user in response['Users']:
             identity_data = _get_confirmed_identity_data(user)
             if identity_data is not None:
                 yield IdentityInfo(self.provider,
                                    identifier=identity_data['sub'],
                                    **identity_data)
Exemplo n.º 8
0
 def _get_identity(self, token):
     resp = self.oauth_app.request(self.settings['method'],
                                   self.settings['endpoint'],
                                   token=token)
     if resp.status_code not in self.settings['valid_statuses']:
         raise IdentityRetrievalFailed('Could not retrieve identity data',
                                       provider=self)
     elif resp.status_code == 404:
         return None
     data = resp.json()
     identifier = data[self.settings['identifier_field']]
     multipass_data = {'oauth_token': token}
     return IdentityInfo(self, identifier, multipass_data, **data)
Exemplo n.º 9
0
 def search_identities(self, criteria, exact=False):
     with ldap_context(self.ldap_settings):
         search_filter = build_user_search_filter(criteria,
                                                  self.settings['mapping'],
                                                  exact=exact)
         if not search_filter:
             raise IdentityRetrievalFailed(
                 "Unable to generate search filter from criteria")
         for _, user_data in self._search_users(search_filter):
             yield IdentityInfo(
                 self,
                 identifier=user_data[self.ldap_settings['uid']][0],
                 **to_unicode(user_data))
Exemplo n.º 10
0
 def search_identities(self, criteria, exact=False):
     for identifier, user in iteritems(self.settings['identities']):
         for key, values in iteritems(criteria):
             # same logic as multidict
             user_value = user.get(key)
             user_values = set(user_value) if isinstance(
                 user_value, (tuple, list)) else {user_value}
             if not any(user_values):
                 break
             elif exact and not user_values & set(values):
                 break
             elif not exact and not any(
                     sv in uv
                     for sv, uv in itertools.product(values, user_values)):
                 break
         else:
             yield IdentityInfo(self, identifier, **user)
Exemplo n.º 11
0
 def get_members(self):
     with ldap_context(self.ldap_settings):
         group_dns = self._iter_group()
         group_dn = next(group_dns)
         while group_dn:
             user_filter = build_user_search_filter(
                 {self.ldap_settings['member_of_attr']: {group_dn}},
                 exact=True)
             for _, user_data in self.provider._search_users(user_filter):
                 yield IdentityInfo(
                     self.provider,
                     identifier=user_data[self.ldap_settings['uid']][0],
                     **to_unicode(user_data))
             group_filter = build_group_search_filter(
                 {self.ldap_settings['member_of_attr']: {group_dn}},
                 exact=True)
             subgroups = list(self.provider._search_groups(group_filter))
             group_dn = group_dns.send(subgroups)
Exemplo n.º 12
0
 def get_members(self):
     with self.provider._get_api_session() as api_session:
         params = {
             'limit':
             5000,
             'field': [
                 'upn',
                 'firstName',
                 'lastName',
                 'instituteName',
                 'primaryAccountEmail',
             ],
             'recursive':
             'true'
         }
         results = self.provider._fetch_all(
             api_session,
             '/api/v1.0/Group/{}/memberidentities'.format(self.id),
             params)[0]
     for res in results:
         del res['id']  # id is always included
         yield IdentityInfo(self.provider, res.pop('upn'), **res)
Exemplo n.º 13
0
 def _get_identity(self, identifier):
     user = self.settings['identities'].get(identifier)
     if user is None:
         return None
     return IdentityInfo(self, identifier, **user)
Exemplo n.º 14
0
 def get_identity_from_auth(self, auth_info):
     data = self._fetch_identity_data(auth_info)
     return IdentityInfo(self, data.pop('upn'), **data)
Exemplo n.º 15
0
 def get_identity_from_auth(self, auth_info):
     identifier = auth_info.data.get(self.id_field)
     if not identifier:
         raise IdentityRetrievalFailed(
             'Identifier missing in shibboleth response', provider=self)
     return IdentityInfo(self, identifier=identifier, **auth_info.data)
Exemplo n.º 16
0
 def get_identity_from_auth(self, auth_info):
     identifier = auth_info.data.get(self.settings['identifier_field'])
     if not identifier:
         raise IdentityRetrievalFailed(
             'Identifier missing in shibboleth response')
     return IdentityInfo(self, identifier=identifier, **auth_info.data)
Exemplo n.º 17
0
 def get_identity_from_auth(self, auth_info):
     identifier = auth_info.data.get('_username')
     if not identifier:
         raise IdentityRetrievalFailed("Identifier missing in CAS response")
     return IdentityInfo(self, identifier=identifier, **auth_info.data)