Commit 168ecda9 authored by Pietro Albini's avatar Pietro Albini

Add support for fetching Launchpad teams

parent 1f79737b
Pipeline #74 passed with stage
in 0 seconds
...@@ -43,6 +43,7 @@ setuptools.setup( ...@@ -43,6 +43,7 @@ setuptools.setup(
packages = [ packages = [
"uitwww", "uitwww",
"uitwww.third_party"
], ],
entry_points = { entry_points = {
......
...@@ -18,6 +18,10 @@ import uuid ...@@ -18,6 +18,10 @@ import uuid
import flask import flask
import flask_openid import flask_openid
import pkg_resources
import yaml
from uitwww.third_party import openid_teams
class SessionError(BaseException): class SessionError(BaseException):
...@@ -63,12 +67,27 @@ class Sessions: ...@@ -63,12 +67,27 @@ class Sessions:
self.db.update("DELETE FROM auth_sessions WHERE id = ?;", id) self.db.update("DELETE FROM auth_sessions WHERE id = ?;", id)
class Permissions:
def __init__(self):
raw = pkg_resources.resource_string("uitwww", "data/permissions.yml")
self.config = yaml.load(raw.decode("utf-8"))
def allowed_teams(self):
return list(self.config["teams"].keys())
def prepare_blueprint(app): def prepare_blueprint(app):
"""Prepare the auth blueprint""" """Prepare the auth blueprint"""
bp = flask.Blueprint("auth", __name__) bp = flask.Blueprint("auth", __name__)
oid = flask_openid.OpenID(app, safe_roots=[]) oid = flask_openid.OpenID(
app,
safe_roots=[],
extension_responses=[openid_teams.TeamsResponse],
)
sessions = Sessions(app.db) sessions = Sessions(app.db)
permissions = Permissions()
@app.before_request @app.before_request
def check_auth(): def check_auth():
...@@ -85,7 +104,12 @@ def prepare_blueprint(app): ...@@ -85,7 +104,12 @@ def prepare_blueprint(app):
@oid.after_login @oid.after_login
def receive_openid(resp): def receive_openid(resp):
flask.session["auth"] = sessions.create(resp.nickname, []) teams = resp.extensions["lp"].is_member
if not teams or teams == [""]:
flask.flash("Non hai i permessi per accedere al sito.", "error")
return flask.redirect(flask.url_for("pages.index"))
flask.session["auth"] = sessions.create(resp.nickname, teams)
flask.flash("Benvenuto %s!" % resp.nickname, "success") flask.flash("Benvenuto %s!" % resp.nickname, "success")
return flask.redirect(flask.url_for("pages.index")) return flask.redirect(flask.url_for("pages.index"))
...@@ -93,7 +117,13 @@ def prepare_blueprint(app): ...@@ -93,7 +117,13 @@ def prepare_blueprint(app):
@oid.loginhandler @oid.loginhandler
def login(): def login():
if "auth_name" not in flask.g: if "auth_name" not in flask.g:
return oid.try_login("https://login.ubuntu.com/+openid", ask_for=["nickname"]) return oid.try_login(
"https://login.ubuntu.com/+openid",
ask_for=["nickname"],
extensions=[
openid_teams.TeamsRequest(permissions.allowed_teams())
],
)
else: else:
flask.flash("Hai già effettuato l'accesso!", "info") flask.flash("Hai già effettuato l'accesso!", "info")
return flask.redirect(flask.url_for("pages.index")) return flask.redirect(flask.url_for("pages.index"))
......
permissions: []
teams:
ubuntu-it-www: "*"
ubuntu-it-council: "*"
ubuntu-it-members: []
ubuntu-it-newsletter: []
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment