def _authorize_callback(self): # if authorization failed abort early error = request.args.get('error') if error: raise AuthenticationFailed(error, provider=self) try: token_data = self.authlib_client.authorize_access_token() authinfo_token_data = {} if self.include_token == 'only': return self.multipass.handle_auth_success( AuthInfo(self, token=token_data)) elif self.include_token: authinfo_token_data['token'] = token_data if self.use_id_token: id_token = self.authlib_client.parse_id_token(token_data) for key in INTERNAL_FIELDS: id_token.pop(key, None) return self.multipass.handle_auth_success( AuthInfo(self, **dict(authinfo_token_data, **id_token))) else: user_info = self.authlib_client.userinfo() return self.multipass.handle_auth_success( AuthInfo(self, **dict(authinfo_token_data, **user_info))) except AuthlibBaseError as exc: raise AuthenticationFailed(str(exc), provider=self)
def process_local_login(self, data): username = data['username'] password = self.settings['identities'].get(username) if password is None: raise AuthenticationFailed('No such user') if password != data['password']: raise AuthenticationFailed('Invalid password.') auth_info = AuthInfo(self, username=data['username']) return self.multipass.handle_auth_success(auth_info)
def _shibboleth_callback(self): attributes = { k: v for k, v in iteritems(request.environ) if k.startswith(self.settings['attrs_prefix']) } if not attributes: raise AuthenticationFailed("No valid data received") return self.multipass.handle_auth_success(AuthInfo(self, **attributes))
def process_local_login(self, data): username = data['username'] password = self.settings['identities'].get(username) if password is None: raise NoSuchUser(provider=self) if password != data['password']: raise InvalidCredentials(provider=self) auth_info = AuthInfo(self, username=data['username']) return self.multipass.handle_auth_success(auth_info)
def _authorize_callback(self): error = request.args.get('error') if error: raise AuthenticationFailed(error, provider=self) try: token = self.oauth_app.authorize_access_token() return self.multipass.handle_auth_success( AuthInfo(self, token=token)) except AuthlibBaseError as exc: raise AuthenticationFailed(str(exc), provider=self)
def _authorize_callback(self): # if authorization failed abort early error = request.args.get('error') if error: raise AuthenticationFailed(error, provider=self) # try to get a token containing a valid oidc id token try: oauth_token_data = self.oauth_app.authorize_access_token() id_token = self._parse_id_token(oauth_token_data, session.pop(self._session_key)) return self.multipass.handle_auth_success( AuthInfo(self, **id_token)) except AuthlibBaseError as exc: raise AuthenticationFailed(str(exc), provider=self)
def process_local_login(self, data): username = data['username'] password = data['password'] with ldap_context(self.ldap_settings, use_cache=False): try: user_dn, user_data = get_user_by_id( username, attributes=[self.ldap_settings['uid']]) if not user_dn: raise NoSuchUser(provider=self) current_ldap.connection.simple_bind_s(user_dn, password) except INVALID_CREDENTIALS: raise InvalidCredentials(provider=self) auth_info = AuthInfo( self, identifier=user_data[self.ldap_settings['uid']][0]) return self.multipass.handle_auth_success(auth_info)
def _authorize_callback(self): ticket = request.args.get('ticket') if not ticket: raise AuthenticationFailed('ticket is not provided') cas_response = self.cas_client.perform_service_validate( ticket=ticket, service_url=self.cas_callback_url, ) if cas_response and cas_response.success: auth_info = cas_response.attributes auth_info['_username'] = cas_response.user return self.multipass.handle_auth_success( AuthInfo(self, **auth_info)) raise AuthenticationFailed("CAS result: Access denied")
def _shibboleth_callback(self): mapping = _lower_keys( iteritems( request.headers if self.from_headers else request.environ)) # get all attrs in the 'attrs' list, if empty use 'attrs_prefix' if self.attrs is None: attributes = { k: _to_unicode(v) for k, v in mapping if k.startswith(self.attrs_prefix) } else: attributes = { k: _to_unicode(v) for k, v in mapping if k in self.attrs } if not attributes: raise AuthenticationFailed("No valid data received", provider=self) return self.multipass.handle_auth_success(AuthInfo(self, **attributes))
def _make_auth_info(self, resp): return AuthInfo(self, token=resp[self.settings['token_field']])