def create(self, externalProfile):
externalUid = externalProfile.get("externalUid")
if externalUid is not None:
user = User()
user.setUserId(uuid.uuid4().hex)
user.setAttribute("oxExternalUid", externalUid, True)
return user
else:
raise AccountError(
"Account. Create. External Account is missing externalUid")
def getUser(self, pairwiseId):
print "MFA. getUser() called"
userService = CdiUtil.bean(UserService)
clientService = CdiUtil.bean(ClientService)
pairwiseIdentifierService = CdiUtil.bean(PairwiseIdentifierService)
facesResources = CdiUtil.bean(FacesResources)
# Get the user service and fetch the user
# Normally we would fetch by pairwise ID ... however because there is no API for that we save MFA PAI in oxExternalUid
externalUid = "sic-mfa:" + pairwiseId
print "MFA: getUser(). Looking up user with externalUid = '%s'" % externalUid
user = userService.getUserByAttribute("oxExternalUid", externalUid)
if (user is None):
# Create a new account
print "MFA: getUser(). Creating new user with externalUid = '%s'" % (externalUid)
newUser = User()
userId = uuid.uuid4().hex
newUser.setUserId(userId)
newUser.setAttribute("oxExternalUid", externalUid)
user = userService.addUser(newUser, True)
# add a Pairwise Subject Identifier for the OIDC Client
facesContext = facesResources.getFacesContext()
httpRequest = facesContext.getCurrentInstance().getExternalContext().getRequest()
clientId = httpRequest.getParameter("client_id")
client = clientService.getClient(clientId)
sectorIdentifierUri = client.getRedirectUris()[0]
userInum = user.getAttribute("inum")
pairwiseSubject = PairwiseIdentifier(sectorIdentifierUri, clientId)
pairwiseSubject.setId(pairwiseId)
pairwiseSubject.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(pairwiseSubject.getId(), userInum))
pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseSubject)
return user
