def save_authorization_code(self, client_id, code, request, *args,
**kwargs):
"""Save the code to the storage and remove the state as it is persisted
in the "code" argument
"""
openid = request._params["openid.claimed_id"]
email = request._params["openid.sreg.email"]
full_name = request._params["openid.sreg.fullname"]
last_login = datetime.datetime.now(pytz.utc)
user = user_api.user_get_by_openid(openid)
user_dict = {"full_name": full_name,
"email": email,
"last_login": last_login}
if not user:
user_dict.update({"openid": openid})
user = user_api.user_create(user_dict)
else:
user = user_api.user_update(user.id, user_dict)
# def save_authorization_code(self, authorization_code, user_id):
values = {
"code": code["code"],
"state": code["state"],
"user_id": user.id,
"expires_in": CONF.oauth.authorization_code_ttl
}
auth_api.authorization_code_save(values)
def validate_scopes(self, client_id, scopes, client, request, *args,
**kwargs):
"""Scopes are not supported in OpenId-connect
The "user" value is hardcoded here to fill the difference between
the protocols.
"""
# Verify that the claimed user is allowed to log in.
openid = request._params["openid.claimed_id"]
user = user_api.user_get_by_openid(openid)
if user and not user.enable_login:
return False
return scopes == "user"
