Login by shortcut WIP.

d81ccef2 · jan.bednarik · 954ffb13 · d81ccef2 · d81ccef2 · d81ccef2
Commit d81ccef2 authored Dec 13, 2017 by jan.bednarik
--- a/openlobby/mutations.py
+++ b/openlobby/mutations.py
@@ -3,6 +3,7 @@ from flask import g
 import graphene
 from graphene import relay
 from graphene.types.datetime import DateTime
+from graphql_relay import from_global_id
 from oic.oic import rndstr
 from oic.oic.message import AuthorizationResponse
 import time
@@ -13,9 +14,16 @@ from .auth import (
    get_session_expiration_time,
    create_access_token,
 )
-from .documents import UserDoc, LoginAttemptDoc, SessionDoc, ReportDoc
+from .documents import (
+    UserDoc,
+    LoginAttemptDoc,
+    SessionDoc,
+    ReportDoc,
+    OpenIdClientDoc,
+)
 from .openid import (
    init_client_for_uid,
+    init_client_for_shortcut,
    register_client,
    get_authorization_url,
    set_registration_info,
@@ -72,6 +80,59 @@ class Login(relay.ClientIDMutation):
        return Login(authorization_url=authorization_url)
+class LoginByShortcut(relay.ClientIDMutation):
+    class Input:
+        shortcut_id = relay.GlobalID(required=True)
+        redirect_uri = graphene.String(required=True)
+    authorization_url = graphene.String()
+    @classmethod
+    def mutate_and_get_payload(cls, root, info, **input):
+        shortcut_id = input['shortcut_id']
+        redirect_uri = input['redirect_uri']
+        type, id = from_global_id(shortcut_id)
+        openid_client_data = OpenIdClientDoc.get(id, using=info.context['es'],
+            index=info.context['index'])
+        # prepare OpenID client
+        client = init_client_for_shortcut(openid_client_data, redirect_uri)
+        # TODO
+        """
+        # prepare login attempt details
+        state = rndstr(32)
+        nonce = rndstr()
+        expiration = get_login_attempt_expiration_time()
+        # save login attempt into ES
+        data = {
+            'meta': {'id': client.client_id},
+            'state': state,
+            'nonce': nonce,
+            'client_id': client.client_id,
+            'client_secret': client.client_secret,
+            'openid_uid': openid_uid,
+            'redirect_uri': redirect_uri,
+            'expiration': expiration,
+        }
+        login_attempt = LoginAttemptDoc(**data)
+        login_attempt.save(using=info.context['es'], index=info.context['index'])
+        # already registered user?
+        user = UserDoc.get_by_openid_uid(openid_uid, **info.context)
+        is_new_user = user is None
+        # get OpenID authorization url
+        authorization_url = get_authorization_url(client, state, nonce, is_new_user)
+        """
+        authorization_url = 'http://localhost/foo'
+        return LoginByShortcut(authorization_url=authorization_url)
 class LoginRedirect(relay.ClientIDMutation):
    class Input:
@@ -184,6 +245,7 @@ class NewReport(relay.ClientIDMutation):
 class Mutation(graphene.ObjectType):
    login = Login.Field()
+    login_by_shortcut = LoginByShortcut.Field()
    login_redirect = LoginRedirect.Field()
    logout = Logout.Field()
    new_report = NewReport.Field()
--- a/openlobby/openid.py
+++ b/openlobby/openid.py
 from oic.oic import Client
-from oic.oic.message import RegistrationResponse, ClaimsRequest, Claims
+from oic.oic.message import (
+    ProviderConfigurationResponse,
+    RegistrationResponse,
+    ClaimsRequest,
+    Claims,
+)
 from oic.utils.authn.client import CLIENT_AUTHN_METHOD
 from .settings import SITE_NAME
@@ -12,6 +17,19 @@ def init_client_for_uid(openid_uid):
    return client
+def init_client_for_shortcut(data, redirect_uri):
+    client = Client(client_authn_method=CLIENT_AUTHN_METHOD)
+    set_registration_info(client, data['client_id'], data['client_secret'], redirect_uri)
+    info = {
+        'issuer': data['issuer'],
+        'authorization_endpoint': data['authorization_endpoint'],
+        'token_endpoint': data['token_endpoint'],
+        'userinfo_endpoint': data['userinfo_endpoint'],
+    }
+    client.provider_info = ProviderConfigurationResponse(**info)
+    return client
 def register_client(client, redirect_uri):
    params = {
        'redirect_uris': [redirect_uri],

--- a/tests/snapshots/snap_test_management.py
+++ b/tests/snapshots/snap_test_management.py
@@ -80,7 +80,7 @@ snapshots['test_create_index__check_mappings 1'] = {
                'client_secret': {
                    'type': 'keyword'
                },
-                'isShortcut': {
+                'is_shortcut': {
                    'type': 'boolean'
                },
                'issuer': {
@@ -89,9 +89,6 @@ snapshots['test_create_index__check_mappings 1'] = {
                'name_x': {
                    'type': 'keyword'
                },
-                'redirect_uri': {
-                    'type': 'keyword'
-                },
                'token_endpoint': {
                    'type': 'keyword'
                },
@@ -208,7 +205,7 @@ snapshots['test_init_alias 1'] = {
                'client_secret': {
                    'type': 'keyword'
                },
-                'isShortcut': {
+                'is_shortcut': {
                    'type': 'boolean'
                },
                'issuer': {
@@ -217,9 +214,6 @@ snapshots['test_init_alias 1'] = {
                'name_x': {
                    'type': 'keyword'
                },
-                'redirect_uri': {
-                    'type': 'keyword'
-                },
                'token_endpoint': {
                    'type': 'keyword'
                },
@@ -336,7 +330,7 @@ snapshots['test_reindex__check_new_index 1'] = {
                'client_secret': {
                    'type': 'keyword'
                },
-                'isShortcut': {
+                'is_shortcut': {
                    'type': 'boolean'
                },
                'issuer': {
@@ -345,9 +339,6 @@ snapshots['test_reindex__check_new_index 1'] = {
                'name_x': {
                    'type': 'keyword'
                },
-                'redirect_uri': {
-                    'type': 'keyword'
-                },
                'token_endpoint': {
                    'type': 'keyword'
                },
@@ -464,7 +455,7 @@ snapshots['test_init_documents 1'] = {
                'client_secret': {
                    'type': 'keyword'
                },
-                'isShortcut': {
+                'is_shortcut': {
                    'type': 'boolean'
                },
                'issuer': {
@@ -473,9 +464,6 @@ snapshots['test_init_documents 1'] = {
                'name_x': {
                    'type': 'keyword'
                },
-                'redirect_uri': {
-                    'type': 'keyword'
-                },
                'token_endpoint': {
                    'type': 'keyword'
                },