Changeset View
Changeset View
Standalone View
Standalone View
swh/web/auth/utils.py
# Copyright (C) 2020 The Software Heritage developers | # Copyright (C) 2020 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU Affero General Public License version 3, or any later version | # License: GNU Affero General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
import hashlib | import hashlib | ||||
import secrets | import secrets | ||||
from base64 import urlsafe_b64encode | from base64 import urlsafe_b64encode | ||||
from typing import Tuple | from typing import Tuple | ||||
from django.conf import settings | |||||
from swh.web.auth.keycloak import ( | from swh.web.auth.keycloak import ( | ||||
KeycloakOpenIDConnect, get_keycloak_oidc_client | KeycloakOpenIDConnect, get_keycloak_oidc_client | ||||
) | ) | ||||
from swh.web.config import get_config | from swh.web.config import get_config | ||||
def gen_oidc_pkce_codes() -> Tuple[str, str]: | def gen_oidc_pkce_codes() -> Tuple[str, str]: | ||||
""" | """ | ||||
Show All 16 Lines | def gen_oidc_pkce_codes() -> Tuple[str, str]: | ||||
# and encoding the result in URL-safe base64 (without padding) | # and encoding the result in URL-safe base64 (without padding) | ||||
code_challenge = hashlib.sha256(code_verifier_str.encode('ascii')).digest() | code_challenge = hashlib.sha256(code_verifier_str.encode('ascii')).digest() | ||||
code_challenge_str = urlsafe_b64encode(code_challenge).decode('ascii') | code_challenge_str = urlsafe_b64encode(code_challenge).decode('ascii') | ||||
code_challenge_str = code_challenge_str.replace('=', '') | code_challenge_str = code_challenge_str.replace('=', '') | ||||
return code_verifier_str, code_challenge_str | return code_verifier_str, code_challenge_str | ||||
def get_oidc_client(client_id: str = '') -> KeycloakOpenIDConnect: | OIDC_SWH_WEB_CLIENT_ID = 'swh-web' | ||||
def get_oidc_client(client_id: str = OIDC_SWH_WEB_CLIENT_ID | |||||
) -> KeycloakOpenIDConnect: | |||||
""" | """ | ||||
Instantiate a KeycloakOpenIDConnect class for a given client in the | Instantiate a KeycloakOpenIDConnect class for a given client in the | ||||
SoftwareHeritage realm. | SoftwareHeritage realm. | ||||
Args: | Args: | ||||
client_id: client identifier in the SoftwareHeritage realm | client_id: client identifier in the SoftwareHeritage realm | ||||
Returns: | Returns: | ||||
An object to ease the interaction with the Keycloak server | An object to ease the interaction with the Keycloak server | ||||
""" | """ | ||||
if not client_id: | |||||
client_id = settings.OIDC_SWH_WEB_CLIENT_ID | |||||
swhweb_config = get_config() | swhweb_config = get_config() | ||||
return get_keycloak_oidc_client(swhweb_config['keycloak']['server_url'], | return get_keycloak_oidc_client(swhweb_config['keycloak']['server_url'], | ||||
swhweb_config['keycloak']['realm_name'], | swhweb_config['keycloak']['realm_name'], | ||||
client_id) | client_id) |