def _get_identity(self, identifier):
with ldap_context(self.ldap_settings):
user_dn, user_data = get_user_by_id(identifier, self._attributes)
if not user_dn:
return None
return IdentityInfo(self,
identifier=user_data[self.ldap_settings['uid']][0],
**to_unicode(user_data))
def get_identity_from_auth(self, auth_info):
identifier = auth_info.data.get(self.id_field)
if not identifier:
raise IdentityRetrievalFailed(
'Identifier ({}) missing in authlib response'.format(
self.id_field),
provider=self)
return IdentityInfo(self, identifier=identifier, **auth_info.data)
def search_identities(self, criteria, exact=False):
compare = operator.eq if exact else operator.contains
for identifier, user in iteritems(self.settings['identities']):
for key, values in iteritems(criteria):
if not any(compare(user[key], v) for v in values):
break
else:
yield IdentityInfo(self, identifier, **user)
def get_identity(self, identifier):
identity_data = self._query_single_user_by_sub(identifier)
if identity_data is None:
return None
else:
return IdentityInfo(self,
identifier=identity_data['sub'],
**identity_data)
def search_identities_ex(self, criteria, exact=False, limit=None):
if any(len(x) != 1 for x in criteria.values()):
# Unfortunately the API does not support OR filters (yet?).
# Fortunately we never search for more than one value anyway, except for emails when
# looking up identities based on the user's email address.
if len(criteria) != 1:
raise MultipassException(
'This provider does not support multiple values for a search criterion',
provider=self)
field, values = dict(criteria).popitem()
seen = set()
total = 0
all_identities = []
for value in values:
identities = self.search_identities_ex({field: [value]},
exact=exact,
limit=limit)[0]
for identity in identities:
if identity.identifier not in seen:
seen.add(identity.identifier)
all_identities.append(identity)
total += 1
return all_identities, total
criteria = {k: next(iter(v)) for k, v in criteria.items()}
op = 'eq' if exact else 'contains'
api_criteria = [
'{}:{}:{}'.format(k, op, v) for k, v in criteria.items()
]
api_criteria.append('type:eq:Person')
api_criteria += self.settings['extra_search_filters']
params = {
'limit':
limit or 5000,
'filter':
api_criteria,
'field': [
'upn',
'firstName',
'lastName',
'displayName',
'instituteName',
'primaryAccountEmail',
],
}
with self._get_api_session() as api_session:
results, total = self._fetch_all(api_session,
'/api/v1.0/Identity',
params,
limit=limit)
identities = []
for res in results:
del res['id']
identities.append(IdentityInfo(self, res['upn'], **res))
return identities, total
def _get_identity(self, token):
resp = self.oauth_app.request(self.settings['endpoint'], method=self.settings['method'], token=(token, None))
if resp.status not in self.settings['valid_statuses']:
raise IdentityRetrievalFailed('Could not retrieve identity data')
elif resp.status == 404:
return None
identifier = resp.data[self.settings['identifier_field']]
multipass_data = {'oauth_token': token}
return IdentityInfo(self, identifier, multipass_data, **resp.data)
def get_members(self):
page_iterator = self.cognito_client.get_paginator(
'list_users_in_group').paginate(UserPoolId=self.user_pool_id,
GroupName=self.name)
for response in page_iterator:
for user in response['Users']:
identity_data = _get_confirmed_identity_data(user)
if identity_data is not None:
yield IdentityInfo(self.provider,
identifier=identity_data['sub'],
**identity_data)
def _get_identity(self, token):
resp = self.oauth_app.request(self.settings['method'],
self.settings['endpoint'],
token=token)
if resp.status_code not in self.settings['valid_statuses']:
raise IdentityRetrievalFailed('Could not retrieve identity data',
provider=self)
elif resp.status_code == 404:
return None
data = resp.json()
identifier = data[self.settings['identifier_field']]
multipass_data = {'oauth_token': token}
return IdentityInfo(self, identifier, multipass_data, **data)
def search_identities(self, criteria, exact=False):
with ldap_context(self.ldap_settings):
search_filter = build_user_search_filter(criteria,
self.settings['mapping'],
exact=exact)
if not search_filter:
raise IdentityRetrievalFailed(
"Unable to generate search filter from criteria")
for _, user_data in self._search_users(search_filter):
yield IdentityInfo(
self,
identifier=user_data[self.ldap_settings['uid']][0],
**to_unicode(user_data))
def search_identities(self, criteria, exact=False):
for identifier, user in iteritems(self.settings['identities']):
for key, values in iteritems(criteria):
# same logic as multidict
user_value = user.get(key)
user_values = set(user_value) if isinstance(
user_value, (tuple, list)) else {user_value}
if not any(user_values):
break
elif exact and not user_values & set(values):
break
elif not exact and not any(
sv in uv
for sv, uv in itertools.product(values, user_values)):
break
else:
yield IdentityInfo(self, identifier, **user)
def get_members(self):
with ldap_context(self.ldap_settings):
group_dns = self._iter_group()
group_dn = next(group_dns)
while group_dn:
user_filter = build_user_search_filter(
{self.ldap_settings['member_of_attr']: {group_dn}},
exact=True)
for _, user_data in self.provider._search_users(user_filter):
yield IdentityInfo(
self.provider,
identifier=user_data[self.ldap_settings['uid']][0],
**to_unicode(user_data))
group_filter = build_group_search_filter(
{self.ldap_settings['member_of_attr']: {group_dn}},
exact=True)
subgroups = list(self.provider._search_groups(group_filter))
group_dn = group_dns.send(subgroups)
def get_members(self):
with self.provider._get_api_session() as api_session:
params = {
'limit':
5000,
'field': [
'upn',
'firstName',
'lastName',
'instituteName',
'primaryAccountEmail',
],
'recursive':
'true'
}
results = self.provider._fetch_all(
api_session,
'/api/v1.0/Group/{}/memberidentities'.format(self.id),
params)[0]
for res in results:
del res['id'] # id is always included
yield IdentityInfo(self.provider, res.pop('upn'), **res)
def _get_identity(self, identifier):
user = self.settings['identities'].get(identifier)
if user is None:
return None
return IdentityInfo(self, identifier, **user)
def get_identity_from_auth(self, auth_info):
data = self._fetch_identity_data(auth_info)
return IdentityInfo(self, data.pop('upn'), **data)
def get_identity_from_auth(self, auth_info):
identifier = auth_info.data.get(self.id_field)
if not identifier:
raise IdentityRetrievalFailed(
'Identifier missing in shibboleth response', provider=self)
return IdentityInfo(self, identifier=identifier, **auth_info.data)
def get_identity_from_auth(self, auth_info):
identifier = auth_info.data.get(self.settings['identifier_field'])
if not identifier:
raise IdentityRetrievalFailed(
'Identifier missing in shibboleth response')
return IdentityInfo(self, identifier=identifier, **auth_info.data)
def get_identity_from_auth(self, auth_info):
identifier = auth_info.data.get('_username')
if not identifier:
raise IdentityRetrievalFailed("Identifier missing in CAS response")
return IdentityInfo(self, identifier=identifier, **auth_info.data)