[PATCH] Update flask_fas_openid to latest upstream version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---

We have seen some issues when trying to login on stg in our apps.

This commit update a hotfix of flask_fas_openid to use the latest version from
upstream git.

I know we are not in freeze, but I still would like to get a couple of +1 before
pushing it to make sure we are on the same page.


Thanks,
Pierre

 .../hotfix/files/python-fedora/flask_fas_openid.py |   51 ++++++++++++++-----
 1 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/modules-staging/hotfix/files/python-fedora/flask_fas_openid.py b/modules-staging/hotfix/files/python-fedora/flask_fas_openid.py
index 8810230..b951fb5 100644
--- a/modules-staging/hotfix/files/python-fedora/flask_fas_openid.py
+++ b/modules-staging/hotfix/files/python-fedora/flask_fas_openid.py
@@ -39,10 +39,10 @@ import openid
 from openid.consumer import consumer
 from openid.fetchers import setDefaultFetcher, Urllib2Fetcher
 from openid.extensions import pape, sreg
+from openid_cla import cla
+from openid_teams import teams
 
 from fedora import __version__
-import fedora._openid_extensions.openid_teams as teams
-import fedora._openid_extensions.openid_cla as cla
 
 class FAS(object):
 
@@ -68,8 +68,9 @@ class FAS(object):
     def _handle_openid_request(self):
         return_url = flask.session['FLASK_FAS_OPENID_RETURN_URL']
         cancel_url = flask.session['FLASK_FAS_OPENID_CANCEL_URL']
+        base_url = self.normalize_url(flask.request.base_url)
         oidconsumer = consumer.Consumer(flask.session, None)
-        info = oidconsumer.complete(flask.request.values, flask.request.base_url)
+        info = oidconsumer.complete(flask.request.values, base_url)
         display_identifier = info.getDisplayIdentifier()
 
         if info.status == consumer.FAILURE and display_identifier:
@@ -83,14 +84,18 @@ class FAS(object):
             pape_resp = pape.Response.fromSuccessResponse(info)
             teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
             cla_resp = cla.CLAResponse.fromSuccessResponse(info)
-            user = dict()
+            user = {'fullname': '', 'username': '', 'email': '', 'timezone': '', 'cla_done': False, 'groups': []}
+            if not sreg_resp:
+                # If we have no basic info, be gone with them!
+                return flask.redirect(cancel_url)
             user['username'] = sreg_resp.get('nickname')
             user['fullname'] = sreg_resp.get('fullname')
             user['email'] = sreg_resp.get('email')
             user['timezone'] = sreg_resp.get('timezone')
-            #user['locale'] = sreg_resp.get('LOCALE')
-            user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas
-            user['groups'] = teams_resp.teams   # The groups do not contain the cla_ groups
+            if cla_resp:
+                user['cla_done'] = cla.CLA_URI_FEDORA_DONE in cla_resp.clas
+            if teams_resp:
+                user['groups'] = frozenset(teams_resp.teams) # The groups do not contain the cla_ groups
             flask.session['FLASK_FAS_OPENID_USER'] = user
             flask.session.modified = True
             return flask.redirect(return_url)
@@ -112,21 +117,26 @@ class FAS(object):
             flask.g.fas_user = Bunch.fromDict(user)
         flask.g.fas_session_id = 0
 
-    def login(self, username=None, password=None, return_url=None, cancel_url=None):
+    def login(self, username=None, password=None, return_url=None,
+              cancel_url=None, groups=['_FAS_ALL_GROUPS_']):
         """Tries to log in a user.
 
         Sets the user information on :attr:`flask.g.fas_user`.
         Will set 0 to :attr:`flask.g.fas_session_id, for compatibility
         with flask_fas.
 
-        :arg username: Not used, but accepted for compatibility with the flask_fas module
-        :arg password: Not used, but accepted for compatibility with the flask_fas module
+        :arg username: Not used, but accepted for compatibility with the
+           flask_fas module
+        :arg password: Not used, but accepted for compatibility with the
+           flask_fas module
         :arg return_url: The URL to forward the user to after login
+        :arg groups: A string or a list of group the user should belong to
+           to be authentified.
         :returns: True if the user was succesfully authenticated.
         :raises: Might raise an redirect to the OpenID endpoint
         """
         if return_url is None:
-            if 'next' in flask.request.args.values:
+            if 'next' in flask.request.args.values():
                 return_url = flask.request.args.values['next']
             else:
                 return_url = flask.request.url
@@ -139,12 +149,18 @@ class FAS(object):
         if request is None:
             # Also very strange, as this means the discovered OpenID endpoint is no OpenID endpoint
             return 'no-request'
+
+        if isinstance(groups, basestring):
+           groups = [groups]
+
         request.addExtension(sreg.SRegRequest(required=['nickname', 'fullname', 'email', 'timezone']))
         request.addExtension(pape.Request([]))
-        request.addExtension(teams.TeamsRequest(requested=['_FAS_ALL_GROUPS_'])) # Magic value which requests all groups from FAS-OpenID >= 0.2.0
+        request.addExtension(teams.TeamsRequest(requested=groups))
         request.addExtension(cla.CLARequest(requested=[cla.CLA_URI_FEDORA_DONE]))
-        trust_root = flask.request.url_root
-        return_to = flask.request.url_root + '_flask_fas_openid_handler/'
+
+        trust_root = self.normalize_url(flask.request.url_root)
+        return_to = trust_root + '_flask_fas_openid_handler/'
+
         flask.session['FLASK_FAS_OPENID_RETURN_URL'] = return_url
         flask.session['FLASK_FAS_OPENID_CANCEL_URL'] = cancel_url
         if request.shouldSendRedirect():
@@ -161,6 +177,13 @@ class FAS(object):
         flask.g.fas_user = None
         flask.session.modified = True
 
+    def normalize_url(self, url):
+        ''' Replace the scheme prefix of a url with our preferred scheme.
+        '''
+        scheme = self.app.config['PREFERRED_URL_SCHEME']
+        scheme_index = url.index('://')
+        return scheme + url[scheme_index:]
+
 
 # This is a decorator we can use with any HTTP method (except login, obviously)
 # to require a login.
-- 
1.7.2.1

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure





[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux