Changeset View
Changeset View
Standalone View
Standalone View
swh/web/auth/models.py
# Copyright (C) 2020 The Software Heritage developers | # Copyright (C) 2020 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU Affero General Public License version 3, or any later version | # License: GNU Affero General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
from datetime import datetime | from datetime import datetime | ||||
from typing import Optional | from typing import Optional | ||||
from django.contrib.auth.models import User | from django.contrib.auth.models import User | ||||
class OIDCUser(User): | class OIDCUser(User): | ||||
""" | """ | ||||
Custom User proxy model for remote users storing OpenID Connect | Custom User proxy model for remote users storing OpenID Connect | ||||
related data: profile containing authorization tokens and userinfo. | related data: profile containing authentication tokens. | ||||
The model is also not saved to database as all users are already stored | The model is also not saved to database as all users are already stored | ||||
in the Keycloak one. | in the Keycloak one. | ||||
""" | """ | ||||
# OIDC subject identifier | # OIDC subject identifier | ||||
sub: str = '' | sub: str = '' | ||||
# OIDC tokens and session related data, only relevant when a user | # OIDC tokens and session related data, only relevant when a user | ||||
# authenticates from a web browser | # authenticates from a web browser | ||||
access_token: Optional[str] = None | access_token: Optional[str] = None | ||||
access_expiration: Optional[datetime] = None | expires_at: Optional[datetime] = None | ||||
id_token: Optional[str] = None | id_token: Optional[str] = None | ||||
refresh_token: Optional[str] = None | refresh_token: Optional[str] = None | ||||
refresh_expiration: Optional[datetime] = None | refresh_expires_at: Optional[datetime] = None | ||||
scope: Optional[str] = None | scope: Optional[str] = None | ||||
session_state: Optional[str] = None | session_state: Optional[str] = None | ||||
class Meta: | class Meta: | ||||
app_label = 'swh.web.auth' | app_label = 'swh.web.auth' | ||||
proxy = True | proxy = True | ||||
def save(self, **kwargs): | def save(self, **kwargs): | ||||
""" | """ | ||||
Override django.db.models.Model.save to avoid saving the remote | Override django.db.models.Model.save to avoid saving the remote | ||||
users to web application database. | users to web application database. | ||||
""" | """ | ||||
pass | pass |