From 6e65da2d5e3928747ec18d8e21bcc245c42d26d4 Mon Sep 17 00:00:00 2001 From: Rastislav Krutak <492918@mail.muni.cz> Date: Mon, 24 Apr 2023 13:55:22 +0200 Subject: [PATCH] feat: add metadata_store to context Added a function that collects metadata for swamid-satosa metainfo plugin for non-SAML backends. The metadata is collected into dictionary and added to the context. The functionality added is similar to saml backend where the context is decorated with metadata of mdstore type. --- src/satosa/backends/apple.py | 4 ++++ src/satosa/backends/github.py | 3 +++ src/satosa/backends/linkedin.py | 3 +++ src/satosa/backends/oauth.py | 21 +++++++++++++++++++++ src/satosa/backends/openid_connect.py | 3 +++ src/satosa/backends/orcid.py | 3 +++ 6 files changed, 37 insertions(+) diff --git a/src/satosa/backends/apple.py b/src/satosa/backends/apple.py index f7c1189ea..8029e478a 100644 --- a/src/satosa/backends/apple.py +++ b/src/satosa/backends/apple.py @@ -6,7 +6,10 @@ from oic.oauth2.message import Message from oic.oic.message import AuthorizationResponse import satosa.logging_util as lu +from .oauth import _get_metadata_to_decorate +from ..context import Context from ..exception import SATOSAAuthenticationError + import json import requests @@ -110,6 +113,7 @@ def response_endpoint(self, context, *args): raise SATOSAAuthenticationError(context.state, "No user info available.") all_user_claims = dict(list(userinfo.items()) + list(id_token_claims.items())) + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) # convert "string or Boolean" claims to actual booleans for bool_claim_name in ["email_verified", "is_private_email"]: diff --git a/src/satosa/backends/github.py b/src/satosa/backends/github.py index 70944e371..23463ac86 100644 --- a/src/satosa/backends/github.py +++ b/src/satosa/backends/github.py @@ -10,6 +10,8 @@ from oic.oauth2.message import AuthorizationResponse from satosa.backends.oauth import _OAuthBackend +from .oauth import _get_metadata_to_decorate +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.response import Redirect @@ -99,6 +101,7 @@ def _authn_response(self, context): internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = str(user_info[self.user_id_attr]) + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token): diff --git a/src/satosa/backends/linkedin.py b/src/satosa/backends/linkedin.py index 8d3a85b4c..e157f5068 100644 --- a/src/satosa/backends/linkedin.py +++ b/src/satosa/backends/linkedin.py @@ -10,6 +10,8 @@ from oic.oauth2.message import AuthorizationResponse from satosa.backends.oauth import _OAuthBackend +from .oauth import _get_metadata_to_decorate +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.response import Redirect @@ -110,6 +112,7 @@ def _authn_response(self, context): self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token, api): diff --git a/src/satosa/backends/oauth.py b/src/satosa/backends/oauth.py index 3e2bd041b..771b1e351 100644 --- a/src/satosa/backends/oauth.py +++ b/src/satosa/backends/oauth.py @@ -12,6 +12,7 @@ from oic.utils.authn.authn_context import UNSPECIFIED import satosa.logging_util as lu +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.exception import SATOSAAuthenticationError @@ -145,6 +146,7 @@ def _authn_response(self, context): internal_response = InternalData(auth_info=self.auth_info(context.request)) internal_response.attributes = self.converter.to_internal(self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def auth_info(self, request): @@ -331,3 +333,22 @@ def get_metadata_desc_for_oauth_backend(entity_id, config): metadata_description.append(description) return metadata_description + + +def _get_metadata_to_decorate(config): + metadata_dict = {} + if "entity_info" in config: + entity_info = config["entity_info"] + if "ui_info" in entity_info: + ui_info = entity_info["ui_info"] + for name in ui_info.get("display_name", []): + if name[1] == "en": + metadata_dict["client_name"] = name[0] + metadata_dict["client_name#" + name[1]] = name[0] + for logo in ui_info.get("logo", []): + if logo["lang"] == "en": + metadata_dict["logo_uri"] = logo["image"] + metadata_dict["logo_width"] = logo["width"] + metadata_dict["logo_height"] = logo["height"] + metadata_dict["logo_uri#" + logo["lang"]] = logo["image"] + return metadata_dict diff --git a/src/satosa/backends/openid_connect.py b/src/satosa/backends/openid_connect.py index 58d47af9b..dd4dc1ecb 100644 --- a/src/satosa/backends/openid_connect.py +++ b/src/satosa/backends/openid_connect.py @@ -22,6 +22,8 @@ from ..exception import SATOSAAuthenticationError from ..exception import SATOSAError from ..exception import SATOSAMissingStateError +from .oauth import _get_metadata_to_decorate +from ..context import Context from ..response import Redirect @@ -242,6 +244,7 @@ def response_endpoint(self, context, *args): logger.error(logline) raise SATOSAAuthenticationError(context.state, "No user info available.") + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) all_user_claims = dict(list(userinfo.items()) + list(id_token_claims.items())) msg = "UserInfo: {}".format(all_user_claims) logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg) diff --git a/src/satosa/backends/orcid.py b/src/satosa/backends/orcid.py index 649e72451..4b3a961fb 100644 --- a/src/satosa/backends/orcid.py +++ b/src/satosa/backends/orcid.py @@ -9,8 +9,10 @@ from oic.utils.authn.authn_context import UNSPECIFIED from oic.oauth2.consumer import stateID from oic.oauth2.message import AuthorizationResponse +from .oauth import _get_metadata_to_decorate from satosa.backends.oauth import _OAuthBackend +from satosa.context import Context from satosa.internal import InternalData from satosa.internal import AuthenticationInformation from satosa.util import rndstr @@ -79,6 +81,7 @@ def _authn_response(self, context): internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token, orcid, name=None):