girder-oauth 3.2.7.dev18__tar.gz → 3.2.7.dev31__tar.gz

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: girder-oauth
-Version: 3.2.7.dev18
+Version: 3.2.7.dev31
 Summary: Allow users to login via supported OAuth2 providers.
 Home-page: http://girder.readthedocs.io/en/latest/plugins.html#oauth-login
 Author: Kitware, Inc.

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth/providers/__init__.py

@@ -7,6 +7,7 @@ from .linkedin import LinkedIn
 from .bitbucket import Bitbucket
 from .microsoft import Microsoft
 from .box import Box
+from .cilogon import CILogon
 
 
 def addProvider(provider):
@@ -23,3 +24,4 @@ addProvider(LinkedIn)
 addProvider(Bitbucket)
 addProvider(Microsoft)
 addProvider(Box)
+addProvider(CILogon)

girder_oauth-3.2.7.dev31/girder_oauth/providers/cilogon.py

@@ -0,0 +1,91 @@
+import warnings
+
+from girder.api.rest import getApiUrl
+from girder.exceptions import RestException
+from girder.models.setting import Setting
+
+from ..settings import PluginSettings
+from .base import ProviderBase
+import requests
+
+
+class CILogon(ProviderBase):
+    _AUTH_SCOPES = ['openid', 'email', 'profile']
+    _API_USER_URL = 'https://cilogon.org/oauth2/userinfo'
+    _AUTHORITY = 'https://cilogon.org'
+
+    def getClientIdSetting(self):
+        return Setting().get(PluginSettings.CILOGON_CLIENT_ID)
+
+    def getClientSecretSetting(self):
+        return Setting().get(PluginSettings.CILOGON_CLIENT_SECRET)
+
+    @classmethod
+    def getUrl(cls, state):
+        clientId = Setting().get(PluginSettings.CILOGON_CLIENT_ID)
+        if not clientId:
+            raise Exception('No CILogon client ID setting is present.')
+
+        redirectUri = '/'.join((getApiUrl(), 'oauth', 'cilogon', 'callback'))
+
+        url = (
+            f'{cls._AUTHORITY}/authorize'
+            f'?client_id={clientId}'
+            f'&response_type=code'
+            f'&scope={" ".join(cls._AUTH_SCOPES)}'
+            f'&redirect_uri={redirectUri}'
+            f'&state={state}'
+        )
+        return url
+
+    def getToken(self, code):
+        clientId = self.getClientIdSetting()
+        clientSecret = self.getClientSecretSetting()
+        redirectUri = '/'.join((getApiUrl(), 'oauth', 'cilogon', 'callback'))
+
+        if not clientId or not clientSecret or not redirectUri:
+            raise Exception('CILogon settings are incomplete.')
+
+        token_url = f'{self._AUTHORITY}/oauth2/token'
+        data = {
+            'grant_type': 'authorization_code',
+            'code': code,
+            'redirect_uri': redirectUri,
+            'client_id': clientId,
+            'client_secret': clientSecret,
+        }
+        with warnings.catch_warnings():
+            warnings.simplefilter('ignore', DeprecationWarning)
+            response = requests.post(token_url, data=data)
+
+        if response.status_code != 200:
+            raise Exception('Error acquiring token: %s' %
+                            response.json().get('error_description', 'Unknown error'))
+
+        return response.json()
+
+    def getUser(self, token):
+        headers = {
+            'Authorization': f'Bearer {token["access_token"]}',
+            'Accept': 'application/json'
+        }
+
+        # Get user's info
+        resp = requests.get(self._API_USER_URL, headers=headers)
+        if resp.status_code != 200:
+            raise RestException('Failed to fetch user info from CILogon.', code=502)
+
+        user_data = resp.json()
+        oauthId = user_data.get('sub')
+        if not oauthId:
+            raise RestException('CILogon did not return user ID.', code=502)
+
+        email = user_data.get('email')
+        if not email:
+            raise RestException('CILogon user has no registered email address.', code=502)
+
+        firstName = user_data.get('given_name', '')
+        lastName = user_data.get('family_name', '')
+
+        user = self._createOrReuseUser(oauthId, email, firstName, lastName)
+        return user

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth/settings.py

@@ -28,6 +28,9 @@ class PluginSettings:
     BOX_CLIENT_ID = 'oauth.box_client_id'
     BOX_CLIENT_SECRET = 'oauth.box_client_secret'
 
+    CILOGON_CLIENT_ID = 'oauth.cilogon_client_id'
+    CILOGON_CLIENT_SECRET = 'oauth.cilogon_client_secret'
+
 
 @setting_utilities.default(PluginSettings.PROVIDERS_ENABLED)
 def _defaultProvidersEnabled():
@@ -47,6 +50,7 @@ def _defaultIgnoreRegistrationPolicy():
     PluginSettings.BITBUCKET_CLIENT_ID,
     PluginSettings.MICROSOFT_CLIENT_ID,
     PluginSettings.BOX_CLIENT_ID,
+    PluginSettings.CILOGON_CLIENT_ID,
     PluginSettings.GOOGLE_CLIENT_SECRET,
     PluginSettings.GLOBUS_CLIENT_SECRET,
     PluginSettings.GITHUB_CLIENT_SECRET,
@@ -54,6 +58,7 @@ def _defaultIgnoreRegistrationPolicy():
     PluginSettings.BITBUCKET_CLIENT_SECRET,
     PluginSettings.MICROSOFT_CLIENT_SECRET,
     PluginSettings.BOX_CLIENT_SECRET,
+    PluginSettings.CILOGON_CLIENT_SECRET,
     PluginSettings.MICROSOFT_TENANT_ID,
 })
 def _defaultOtherSettings():
@@ -80,6 +85,7 @@ def _validateIgnoreRegistrationPolicy(doc):
     PluginSettings.BITBUCKET_CLIENT_ID,
     PluginSettings.MICROSOFT_CLIENT_ID,
     PluginSettings.BOX_CLIENT_ID,
+    PluginSettings.CILOGON_CLIENT_ID,
     PluginSettings.GOOGLE_CLIENT_SECRET,
     PluginSettings.GLOBUS_CLIENT_SECRET,
     PluginSettings.GITHUB_CLIENT_SECRET,
@@ -87,6 +93,7 @@ def _validateIgnoreRegistrationPolicy(doc):
     PluginSettings.BITBUCKET_CLIENT_SECRET,
     PluginSettings.MICROSOFT_CLIENT_SECRET,
     PluginSettings.BOX_CLIENT_SECRET,
+    PluginSettings.CILOGON_CLIENT_SECRET,
     PluginSettings.MICROSOFT_TENANT_ID,
 })
 def _validateOtherSettings(doc):

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth/web_client/stylesheets/oauthLoginView.styl

@@ -127,3 +127,16 @@
 
   .g-oauth-button-icon
     border-right-color darken($brandColor, 30%)
+
+.g-oauth-button-cilogon
+  $brandColor = #669966
+
+  background-color $brandColor
+  border 1px solid darken($brandColor, 30%)
+  color white
+
+  &:hover
+    background-color darken($brandColor, 15%)
+
+  .g-oauth-button-icon
+    border-right-color darken($brandColor, 30%)

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth/web_client/views/ConfigView.js

@@ -120,6 +120,15 @@ var ConfigView = View.extend({
             instructions: 'Client IDs and secret keys are managed in the Box ' +
                           'Developer Services page. When creating your client ID ' +
                           'there, use the following as the authorization callback URL:'
+        }, {
+            id: 'cilogon',
+            name: 'CILogon',
+            icon: 'box-brand',
+            hasAuthorizedOrigins: false,
+            takesTenantId: false,
+            instructions: 'Client IDs and secret keys are managed through the CILogon ' +
+                          'Client Registration page. When creating your client ID ' +
+                          'there, use the following as the authorization callback URL:'
         }];
         this.providerIds = _.pluck(this.providers, 'id');
 

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth/web_client/views/OAuthLoginView.js

@@ -92,6 +92,10 @@ var OAuthLoginView = View.extend({
         box: {
             icon: 'box',
             class: 'g-oauth-button-box'
+        },
+        cilogon: {
+            icon: 'box',
+            class: 'g-oauth-button-box'
         }
     }
 });

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: girder-oauth
-Version: 3.2.7.dev18
+Version: 3.2.7.dev31
 Summary: Allow users to login via supported OAuth2 providers.
 Home-page: http://girder.readthedocs.io/en/latest/plugins.html#oauth-login
 Author: Kitware, Inc.

{girder_oauth-3.2.7.dev18 → girder_oauth-3.2.7.dev31}/girder_oauth.egg-info/SOURCES.txt

@@ -14,6 +14,7 @@ girder_oauth/providers/__init__.py
 girder_oauth/providers/base.py
 girder_oauth/providers/bitbucket.py
 girder_oauth/providers/box.py
+girder_oauth/providers/cilogon.py
 girder_oauth/providers/github.py
 girder_oauth/providers/globus.py
 girder_oauth/providers/google.py