You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2019/10/11 20:42:29 UTC
[airavata-custos] 22/24: refactored the code to improve usability
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
commit 4844ef61bfee0ad587f440b189ea798671d6eae3
Author: Aarushi <aa...@gmail.com>
AuthorDate: Sun Sep 29 15:26:37 2019 -0400
refactored the code to improve usability
---
.../airavata_custos/security/client_credentials.py | 2 +-
.../security/keycloak_connectors.py | 59 ++++++++++++++--------
2 files changed, 38 insertions(+), 23 deletions(-)
diff --git a/clients/python/airavata_custos/security/client_credentials.py b/clients/python/airavata_custos/security/client_credentials.py
index a0934d1..8e2899f 100644
--- a/clients/python/airavata_custos/security/client_credentials.py
+++ b/clients/python/airavata_custos/security/client_credentials.py
@@ -48,7 +48,7 @@ class UserCredentials(ClientCredentials):
self.password = password
-class AccountCredentials(ClientCredentials):
+class IdpCredentials(ClientCredentials):
"""
This class inherits from ClientCredentials class. Used for passing parameters required to authenticate service
account with keycloak
diff --git a/clients/python/airavata_custos/security/keycloak_connectors.py b/clients/python/airavata_custos/security/keycloak_connectors.py
index a99c3f0..cf105f7 100644
--- a/clients/python/airavata_custos/security/keycloak_connectors.py
+++ b/clients/python/airavata_custos/security/keycloak_connectors.py
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-import time
+
from oauthlib.oauth2 import LegacyApplicationClient
import requests
import configparser
@@ -23,6 +23,7 @@ from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session
from custos.commons.model.security.ttypes import AuthzToken
from urllib.parse import quote
+from airavata_custos.security.client_credentials import IdpCredentials, UserCredentials, ClientCredentials
class KeycloakBackend(object):
@@ -35,10 +36,10 @@ class KeycloakBackend(object):
self.keycloak_settings = IAMSettings()
self._load_settings(configuration_file_location)
- def authenticate_user(self, user_credentials):
+ def authenticate_using_user_details(self, user_credentials):
"""
Method to authenticate a gateway user with keycloak
- :param user_credentials: object of UserCredentials class
+ :param user_credentials: object of UserCredentials class. To get instance of this class use prepare_user_credentials
:return: openid token, openid user information
"""
try:
@@ -47,45 +48,59 @@ class KeycloakBackend(object):
except Exception as e:
return None
- def authenticate_account(self, account_credentials):
+ def prepare_user_credentials(self, client_id, client_secret, username, password):
"""
- :param account_credentials: object of AccountCredentials class
- :return: openid token, openid user information
+ :param client_id: client identifier received after registering the tenant
+ :param client_secret: client password received after registering the tenant
+ :param username: username of the user which needs to be authenticated
+ :param password: password of the user which needs to be authenticated
+ :return: UserCredentials object
"""
- try:
- token, account_info = self._get_token_and_user_info_redirect_flow(account_credentials)
- return token, account_info
- except Exception as e:
- return None
+ return UserCredentials(client_id, client_secret, username, password)
- def authenticate_using_refresh_token(self, client_credentials, refresh_token):
+ def authenticate_using_idp(self, idp_credentials):
"""
- :param client_credentials: object of ClientCredentials class
- :param refresh_token: openid connect refresh token
- :return: openid token
+ :param idp_credentials: object of IdpCredentials class. To get an instance of this class use prepare_idp_credentials
+ :return: openid token, openid user information
"""
try:
- token = self._get_token_from_refresh_token(client_credentials, refresh_token)
- return token
+ token, user_info = self._get_token_and_user_info_redirect_flow(idp_credentials)
+ return token, user_info
except Exception as e:
return None
- def idp_login(self, client_id, redirect_uri, idp_alias):
+ def prepare_idp_credentials(self, client_id, client_secret, redirect_uri, idp_alias):
"""
:param client_id: client identifier received after registering the tenant
- :param redirect_uri: redirect url
- :param idp_alias: idp to which redirection has to be made
- :return:authorization_url, redirect_uri, state
+ :param client_secret: client password received after registering the tenant
+ :param redirect_uri: URI for the callback entry point of the client
+ :param idp_alias: name of the idp
+ :return: object of class IdpCredentials
"""
redirect_uri += '?idp_alias=' + quote(idp_alias)
base_authorize_url = self.keycloak_settings.KEYCLOAK_AUTHORIZE_URL
oauth2_session = OAuth2Session(client_id, scope='openid', redirect_uri=redirect_uri)
authorization_url, state = oauth2_session.authorization_url(base_authorize_url)
authorization_url += '&kc_idp_hint=' + quote(idp_alias)
- return authorization_url, redirect_uri, state
+ return IdpCredentials(client_id, client_secret, authorization_url, state,
+ redirect_uri)
+
+ def authenticate_using_refresh_token(self, client_id, client_secret, refresh_token):
+ """
+
+ :param client_id: client identifier received after registering the tenant
+ :param client_secret: client password received after registering the tenant
+ :param refresh_token: openid connect refresh token
+ :return: openid token
+ """
+ try:
+ token = self._get_token_from_refresh_token(ClientCredentials(client_id, client_secret), refresh_token)
+ return token
+ except Exception as e:
+ return None
def get_authorization_token(self, client_credentials, tenant_id, username=None):
"""