Change VOMS attributes generation for OIDC tokens

738d4040 · Mihai Patrascoiu · c9222934 · 738d4040 · 738d4040
Commit 738d4040 authored Nov 06, 2020 by Mihai Patrascoiu
Showing with 9 additions and 15 deletions

src/fts3rest/fts3rest/lib/oauth2provider.py src/fts3rest/fts3rest/lib/oauth2provider.py +8 -12

src/fts3rest/fts3rest/lib/openidconnect.py src/fts3rest/fts3rest/lib/openidconnect.py +1 -3

No files found.
--- a/src/fts3rest/fts3rest/lib/oauth2provider.py
+++ b/src/fts3rest/fts3rest/lib/oauth2provider.py
@@ -252,18 +252,14 @@ class FTS3OAuth2ResourceProvider(ResourceProvider):
        return Session.query(Credential).filter(Credential.dlg_id == dlg_id).first()

    def _generate_voms_attrs(self, credential):
-        if 'email' in credential:
-            if 'username' in credential:
-                # 'username' is never there whether offline or online
-                return credential['email'] + " " + credential['username']
-            else:
-                # 'user_id' is there only online
-                return credential['email'] + " " + credential['user_id']
-        else:
-            if 'username' in credential:
-                return credential['username'] + " "
-            else:
-                return credential['user_id'] + " "
+        attrs = [
+            credential.get("email"),
+            credential.get("username") or credential.get("user_id") or credential.get("client_id")
+        ]
+
+        voms_attrs = ' '.join(filter(None, attrs))
+        log.debug('voms_attrs::: {}'.format(voms_attrs))
+        return voms_attrs

    def _validate_token_offline(self, access_token):
        """

--- a/src/fts3rest/fts3rest/lib/openidconnect.py
+++ b/src/fts3rest/fts3rest/lib/openidconnect.py
@@ -116,16 +116,14 @@ class OIDCmanager:
                                     method='POST',
                                     authn_method="client_secret_basic"
                                     )
-            log.debug("after do any")
            response = response.json()
            log.debug("response: {}".format(response))
            refresh_token = response['refresh_token']
-            log.debug("REFRESH TOKEN IS {}".format(refresh_token))
+            log.debug('refresh_token_response::: {}'.format(refresh_token))
        except Exception as ex:
            log.warning("Exception raised when requesting refresh token")
            log.warning(ex)
            raise ex
-        log.debug('refresh_token_response::: {}'.format(refresh_token))
        return refresh_token

    def request_token_exchange(self, issuer, access_token, scope=None, audience=None):