From cad27733f0e49d58b3fe7ad56b1f80cfce656812 Mon Sep 17 00:00:00 2001
From: Tobias Kurze <kurze.tobias@googlemail.com>
Date: Tue, 26 Mar 2019 14:58:37 +0100
Subject: [PATCH] oicd now working

---
 api/auth_api.py      | 15 +++++++++++----
 auth/__init__.py     |  3 +--
 auth/oidc.py         | 31 +++++++++++++++++++++++++------
 auth/oidc_config.py  |  3 ++-
 models/user_model.py | 12 ++++++++----
 5 files changed, 47 insertions(+), 17 deletions(-)

diff --git a/api/auth_api.py b/api/auth_api.py
index 1e67bf9..efc5b7d 100644
--- a/api/auth_api.py
+++ b/api/auth_api.py
@@ -10,6 +10,7 @@ from functools import wraps
 from random import randint
 
 from flask_login import logout_user, login_user
+from werkzeug.routing import BuildError
 
 from backend import db
 from backend.api import auth_api_bp
@@ -27,10 +28,14 @@ def create_jwt(user: User, validity_min=30):
 
 @auth_api_bp.route('/providers', methods=('GET',))
 def get_auth_providers():
-    providers = list()
+    providers = dict()
     for p in AUTH_PROVIDERS:
-        provider = dict(p)
-        provider["url"] = url_for(p["url"])
+        provider = dict(AUTH_PROVIDERS[p])
+        try:
+            provider["url"] = url_for(AUTH_PROVIDERS[p]["url"])
+        except BuildError:
+            provider["url"] = AUTH_PROVIDERS[p]["url"]
+        providers[p] = provider
     return jsonify(providers)
 
 
@@ -48,6 +53,8 @@ def login():
     print("login")
     print(request)
     data = request.get_json()
+    if not data:
+        return jsonify({'message': 'Invalid request data', 'authenticated': False}), 401
     print(data)
     user = User.authenticate(**data)
 
@@ -61,5 +68,5 @@ def login():
 
 @auth_api_bp.route('/logout', methods=('GET', ))
 def logout():
-    pass
+    return jsonify({'message': 'Not yet implemented!', 'authenticated': False}), 401
     #logout_user()
diff --git a/auth/__init__.py b/auth/__init__.py
index bc23f75..93fa83f 100644
--- a/auth/__init__.py
+++ b/auth/__init__.py
@@ -12,10 +12,9 @@ from werkzeug.routing import BuildError
 auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
 
 from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER
-from backend.auth.oidc import OIDCAuthentication
 from backend.auth.oidc_config import OIDC_PROVIDERS
 
-oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
+from backend.auth.oidc import oidc_auth
 
 from .basic_auth import *
 
diff --git a/auth/oidc.py b/auth/oidc.py
index 9931154..bf51115 100644
--- a/auth/oidc.py
+++ b/auth/oidc.py
@@ -8,7 +8,9 @@ from flask import jsonify
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_pyoidc.user_session import UserSession
 
-from .import auth_bp
+from backend import app
+from backend.models.user_model import User
+from . import auth_bp
 from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS
 
 
@@ -21,12 +23,29 @@ OIDCAuthentication.oidc_auth = oidc_auth_default_provider
 
 oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
 
-@auth_bp.route('/oidc', methods=['GET', 'POST'])
+
+def create_or_retrieve_user_from_userinfo(userinfo):
+    try:
+        email = userinfo["email"]
+    except KeyError:
+        return None
+    user = User.get_by_identifier(email)
+
+    if user is not None:
+        app.logger("user found")
+        return user
+
+    user = User(email=email, first_name=userinfo.get("given_name", ""),
+                last_name=userinfo.get("family_name", ""))
+
+
+
+@auth_bp.route('/oidc', methods=['GET'])
 @oidc_auth.oidc_auth()
 def oidc():
-    pass
     user_session = UserSession(flask.session)
-    access_token = user_session.access_token
-    
+    create_or_retrieve_user_from_userinfo(user_session.userinfo)
     #login_user(user)
-    return jsonify(id_token=flask.session['id_token'], access_token=flask.session['access_token'])
\ No newline at end of file
+    return jsonify(id_token=user_session.id_token,
+                   access_token=flask.session['access_token'],
+                   userinfo=user_session.userinfo)
diff --git a/auth/oidc_config.py b/auth/oidc_config.py
index 4361f45..1c795fb 100644
--- a/auth/oidc_config.py
+++ b/auth/oidc_config.py
@@ -9,6 +9,7 @@ CLIENT_METADATA = ClientMetadata(REG_RESPONSE_CLIENT_ID, REG_RESPONSE_CLIENT_SEC
 PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit"
 PROVIDER_NAME = 'kit_oidc'
 PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL,
-                                        client_metadata=CLIENT_METADATA)
+                                        client_metadata=CLIENT_METADATA,
+                                        auth_request_params={'scope': ['openid', 'email', 'profile']})
 
 OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG}
diff --git a/models/user_model.py b/models/user_model.py
index 0cf9ad1..f879c18 100644
--- a/models/user_model.py
+++ b/models/user_model.py
@@ -59,9 +59,12 @@ class User(UserMixin, db.Model):
                                backref=db.backref('followers', lazy='dynamic'),
                                lazy='dynamic')
 
-    def __init__(self, email, password):
-        self.email = email
-        self.password = sha256_crypt.encrypt(password)
+    def __init__(self, **kwargs):
+        super(User, self).__init__(**kwargs)
+        password = kwargs.get("password", None)
+        if password is not None:
+            self.password = sha256_crypt.encrypt(password)
+        # do custom initialization here
 
     @staticmethod
     def get_by_identifier(identifier):
@@ -71,7 +74,8 @@ class User(UserMixin, db.Model):
         :return:
         """
         return User.query.filter(or_(User.nickname == identifier,
-                                     User.email == identifier)).first()
+                                     User.email == identifier),
+                                     User.id == identifier).first()
 
     @staticmethod
     def get_all():