def get_user(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
_, userid = request.path.rsplit('/', 1)
user = services.get_gluu_user(int(userid))
return json_response(user)
def user_info(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
method, value = request.authorization
if method == 'Bearer':
token = jwt.decode(value, verify=False)
else:
raise Exception("%s authentication method is not supported." % method)
user = services.get_gluu_user(int(token['sub']))
return json_response({
'sub':
token['sub'],
'inum':
token['sub'],
'email':
next((x['value'] for x in user['emails'] if x['primary'] == 'true'),
''),
'family_name':
user.get('name', {}).get('familyName'),
'given_name':
user.get('name', {}).get('givenName'),
'user_name':
user.get('userName', ''),
'name':
user.get('displayName', ''),
})
def get_users(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
with services.database() as db:
users = [
services.get_gluu_user(row['id']) for row in db['gluu_user'].all()
]
return json_response(users)
def create_user(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
with services.database() as db:
user_id = db['gluu_user'].insert({
'data': json.dumps(request.json),
})
return json_response(services.get_gluu_user(user_id))
def auth_token(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
return json_response({
'scope': request.POST['scope'],
'access_token': get_jwt_token({
'aud': 'client-id',
'sub': 'user-id',
'scope': request.POST['scope'],
}),
'expires_in': 300,
})
def auth_token(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
method, value = request.authorization
if method == 'Basic':
clientid, secret = base64.b64decode(value).split(b':', 1)
if not isinstance(clientid, str):
clientid = clientid.decode('UTF-8')
if not isinstance(secret, str):
secret = secret.decode('UTF-8')
else:
raise Exception("%s authentication method is not supported." % method)
if request.POST['grant_type'] == 'authorization_code':
if os.environ.get('APP_CONFIG'):
config = ConfigParser()
config.read(os.environ['APP_CONFIG'])
scopes = (config.get('qvarn', 'scope') or '').replace(',',
' ').split()
else:
scopes = []
user = services.get_gluu_user(int(request.POST['code']))
return json_response({
'access_token':
get_jwt_token({
'scope': ' '.join(scopes),
'aud': clientid,
'sub': request.POST['code'],
'c_hash': 'c-hash',
}),
'id_token':
get_jwt_token({
'scope':
' '.join(scopes),
'aud':
clientid,
'sub':
request.POST['code'],
'inum':
request.POST['code'],
'at_hash':
'at-hash',
'email':
next((x['value']
for x in user['emails'] if x['primary'] == 'true'), ''),
'family_name':
user.get('name', {}).get('familyName'),
'given_name':
user.get('name', {}).get('givenName'),
'user_name':
user.get('userName', ''),
'name':
user.get('displayName', ''),
}),
'refresh_token':
'refresh-token',
})
else:
now = time.time()
return json_response({
'access_token':
get_jwt_token({
'aud': clientid,
'sub': clientid,
'scope': request.POST['scope'],
}),
'expires_in':
now + 3600,
'scope':
request.POST['scope'],
'token_type':
'bearer',
})
def perm(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
return json_response({
'rpt': 'rtp-perm',
})
def rsrc_pr(request, start_response):
start_response('200 OK', [('Content-type', 'application/json')])
return json_response({
'ticket': 'rsrc-pr-ticket',
})