Use Blender ID subclient-specific token to find the user.

TODO: also store expiry timestamp TODO: allow multiple subclient-specific tokens per user
2016-04-12 16:53:27 +02:00
parent bd8e0e56a4
commit e898fe0315
2 changed files with 29 additions and 0 deletions
--- a/pillar/application/modules/blender_id.py
+++ b/pillar/application/modules/blender_id.py
@@ -90,12 +90,15 @@ def validate_subclient_token(user_id, scst):


 def find_user_in_db(user_id, scst, email, full_name):
+    """Find the user in our database, creating/updating it where needed."""
+
    users = current_app.data.driver.db['users']

    query = {'auth': {'$elemMatch': {'user_id': user_id, 'provider': 'blender-id'}}}
    log.debug('Querying: %s', query)
    db_user = users.find_one(query)

+    # TODO: include token expiry in database.
    if db_user:
        log.debug('User %r already in our database, updating with info from Blender ID.', user_id)
        db_user['full_name'] = full_name
--- a/pillar/application/utils/authentication.py
+++ b/pillar/application/utils/authentication.py
@@ -68,7 +68,25 @@ def validate_token():
        log.debug('No authentication headers, so not logged in.')
        return False

+    # Check the users to see if there is one with this Blender ID token.
    token = request.authorization.username
+    db_user = find_user_by_token(token)
+    if db_user is not None:
+        log.debug(u'Token for %s found as locally stored blender-id subclient token.',
+                  db_user['full_name'])
+        current_user = dict(
+            user_id=db_user['_id'],
+            token=token,
+            groups=db_user['groups'],
+            token_expire_time=datetime.now() + timedelta(hours=1)  # TODO: get from Blender ID
+        )
+        g.current_user = current_user
+        return True
+
+    # Fall back to deprecated behaviour.
+    log.debug('Token not found as locally stored blender-id subclient token; '
+              'falling back on deprecated behaviour.')
+
    tokens_collection = app.data.driver.db['tokens']

    lookup = {'token': token, 'expire_time': {"$gt": datetime.now()}}
@@ -184,3 +202,11 @@ def make_unique_username(email):
        if user_from_username is None:
            return unique_name
        suffix += 1
+
+
+def find_user_by_token(scst):
+    users = app.data.driver.db['users']
+
+    query = {'auth': {'$elemMatch': {'provider': 'blender-id',
+                                     'token': scst}}}
+    return users.find_one(query)