kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Modify scope claims class.

Browse source
This commit is contained in:
Ignacio Fiorentino 2016-05-30 13:28:07 -03:00
parent 3f85f7bfec
commit eea590e006
3 changed files with 20 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
docs/sections/settings.rst
View file

@ -46,9 +46,9 @@ Expressed in seconds. Default is ``60*10``.
OIDC_EXTRA_SCOPE_CLAIMS OIDC_EXTRA_SCOPE_CLAIMS
======================= =======================
OPTIONAL. ``str``. A string with the location of your class. Default is ``oidc_provider.lib.claims.AbstractScopeClaims``. OPTIONAL. ``str``. A string with the location of your class. Default is ``oidc_provider.lib.claims.ScopeClaims``.
Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``. Used to add extra scopes specific for your app. This class MUST inherit ``ScopeClaims``.
OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens. OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens.
@ -56,24 +56,15 @@ OpenID Connect Clients will use scope values to specify what access privileges a
Check out an example of how to implement it:: Check out an example of how to implement it::
from oidc_provider.lib.claims import AbstractScopeClaims from oidc_provider.lib.claims import ScopeClaims
class MyAppScopeClaims(AbstractScopeClaims): class MyAppScopeClaims(ScopeClaims):
def setup(self): def scope_books(self):
# Here you can load models that will be used # Here, for example, you can search books for this user.
# in more than one scope for example. # self.user - Django user instance.
# print self.user # self.userinfo - Instance of your custom OIDC_USERINFO class.
# print self.scopes # self.scopes - List of scopes requested.
try:
self.some_model = SomeModel.objects.get(user=self.user)
except SomeModel.DoesNotExist:
# Create an empty model object.
self.some_model = SomeModel()
def scope_books(self, user):
# Here you can search books for this user.
dic = { dic = {
'books_readed': books_readed_count, 'books_readed': books_readed_count,
@ -83,7 +74,7 @@ Check out an example of how to implement it::
You can create our own scopes using the convention: You can create our own scopes using the convention:
``def scope_SCOPENAMEHERE(self, user):`` ``def scope_somename(self):``
If a field is empty or ``None`` will be cleaned from the response. If a field is empty or ``None`` will be cleaned from the response.

29
oidc_provider/lib/claims.py
View file

@ -3,17 +3,13 @@ from django.utils.translation import ugettext as _
from oidc_provider import settings from oidc_provider import settings
class AbstractScopeClaims(object): class ScopeClaims(object):
def __init__(self, user, scopes): def __init__(self, user, scopes):
self.user = user self.user = user
self.userinfo = settings.get('OIDC_USERINFO', import_str=True).get_by_user(self.user)
self.scopes = scopes self.scopes = scopes
self.setup()
def setup(self):
pass
def create_response_dic(self): def create_response_dic(self):
""" """
Generate the dic that will be jsonify. Checking scopes given vs Generate the dic that will be jsonify. Checking scopes given vs
@ -25,7 +21,7 @@ class AbstractScopeClaims(object):
for scope in self.scopes: for scope in self.scopes:
if scope in self._scopes_registered(): if scope in self._scopes_registered():
dic.update(getattr(self, 'scope_' + scope)(self.user)) dic.update(getattr(self, 'scope_' + scope)())
dic = self._clean_dic(dic) dic = self._clean_dic(dic)
@ -61,20 +57,13 @@ class AbstractScopeClaims(object):
return aux_dic return aux_dic
class StandardScopeClaims(AbstractScopeClaims): class StandardScopeClaims(ScopeClaims):
""" """
Based on OpenID Standard Claims. Based on OpenID Standard Claims.
See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
""" """
def setup(self): def scope_profile(self):
try:
self.userinfo = settings.get('OIDC_USERINFO',
import_str=True).get_by_user(self.user)
except:
self.userinfo = None
def scope_profile(self, user):
dic = { dic = {
'name': getattr(self.userinfo, 'name', None), 'name': getattr(self.userinfo, 'name', None),
'given_name': getattr(self.userinfo, 'given_name', None), 'given_name': getattr(self.userinfo, 'given_name', None),
@ -94,7 +83,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic return dic
def scope_email(self, user): def scope_email(self):
dic = { dic = {
'email': getattr(self.user, 'email', None), 'email': getattr(self.user, 'email', None),
'email_verified': getattr(self.userinfo, 'email_verified', None), 'email_verified': getattr(self.userinfo, 'email_verified', None),
@ -102,7 +91,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic return dic
def scope_phone(self, user): def scope_phone(self):
dic = { dic = {
'phone_number': getattr(self.userinfo, 'phone_number', None), 'phone_number': getattr(self.userinfo, 'phone_number', None),
'phone_number_verified': getattr(self.userinfo, 'phone_number_verified', None), 'phone_number_verified': getattr(self.userinfo, 'phone_number_verified', None),
@ -110,7 +99,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic return dic
def scope_address(self, user): def scope_address(self):
dic = { dic = {
'address': { 'address': {
'formatted': getattr(self.userinfo, 'address_formatted', None), 'formatted': getattr(self.userinfo, 'address_formatted', None),

1
oidc_provider/views.py
View file

@ -168,6 +168,7 @@ def userinfo(request, *args, **kwargs):
response = JsonResponse(dic, status=200) response = JsonResponse(dic, status=200)
response['Cache-Control'] = 'no-store' response['Cache-Control'] = 'no-store'
response['Pragma'] = 'no-cache' response['Pragma'] = 'no-cache'
return response return response