archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Use Blender ID subclient-specific token to find the user.

Browse Source 
TODO: also store expiry timestamp
TODO: allow multiple subclient-specific tokens per user
This commit is contained in:
Sybren A. Stüvel
2016-04-12 16:53:27 +02:00
parent bd8e0e56a4
commit e898fe0315
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/application/modules/blender_id.py
View File

@@ -90,12 +90,15 @@ def validate_subclient_token(user_id, scst):
def find_user_in_db(user_id, scst, email, full_name): def find_user_in_db(user_id, scst, email, full_name):
"""Find the user in our database, creating/updating it where needed."""
users = current_app.data.driver.db['users'] users = current_app.data.driver.db['users']
query = {'auth': {'$elemMatch': {'user_id': user_id, 'provider': 'blender-id'}}} query = {'auth': {'$elemMatch': {'user_id': user_id, 'provider': 'blender-id'}}}
log.debug('Querying: %s', query) log.debug('Querying: %s', query)
db_user = users.find_one(query) db_user = users.find_one(query)
# TODO: include token expiry in database.
if db_user: if db_user:
log.debug('User %r already in our database, updating with info from Blender ID.', user_id) log.debug('User %r already in our database, updating with info from Blender ID.', user_id)
db_user['full_name'] = full_name db_user['full_name'] = full_name

26
pillar/application/utils/authentication.py
View File

@@ -68,7 +68,25 @@ def validate_token():
log.debug('No authentication headers, so not logged in.') log.debug('No authentication headers, so not logged in.')
return False return False
# Check the users to see if there is one with this Blender ID token.
token = request.authorization.username token = request.authorization.username
db_user = find_user_by_token(token)
if db_user is not None:
log.debug(u'Token for %s found as locally stored blender-id subclient token.',
db_user['full_name'])
current_user = dict(
user_id=db_user['_id'],
token=token,
groups=db_user['groups'],
token_expire_time=datetime.now() + timedelta(hours=1) # TODO: get from Blender ID
)
g.current_user = current_user
return True
# Fall back to deprecated behaviour.
log.debug('Token not found as locally stored blender-id subclient token; '
'falling back on deprecated behaviour.')
tokens_collection = app.data.driver.db['tokens'] tokens_collection = app.data.driver.db['tokens']
lookup = {'token': token, 'expire_time': {"$gt": datetime.now()}} lookup = {'token': token, 'expire_time': {"$gt": datetime.now()}}
@@ -184,3 +202,11 @@ def make_unique_username(email):
if user_from_username is None: if user_from_username is None:
return unique_name return unique_name
suffix += 1 suffix += 1
def find_user_by_token(scst):
users = app.data.driver.db['users']
query = {'auth': {'$elemMatch': {'provider': 'blender-id',
'token': scst}}}
return users.find_one(query)