Fiware backend

shub/apps/base/context_processors.py

@@ -27,6 +27,7 @@
     ENABLE_TWITTER_AUTH,
     ENABLE_GITHUB_AUTH,
     ENABLE_GITLAB_AUTH,
+    ENABLE_FIWARE_AUTH,
     HELP_CONTACT_EMAIL,
     HELP_INSTITUTION_SITE,
     PRIVATE_ONLY,
@@ -55,6 +56,7 @@ def auth_processor(request):
             "ENABLE_TWITTER_AUTH":ENABLE_TWITTER_AUTH,
             "ENABLE_GITHUB_AUTH":ENABLE_GITHUB_AUTH,
             "ENABLE_GITLAB_AUTH":ENABLE_GITLAB_AUTH,
+            "ENABLE_FIWARE_AUTH":ENABLE_FIWARE_AUTH,
             "PLUGINS_ENABLED":PLUGINS_ENABLED,}
 
 

shub/apps/users/static/css/social-auth.css

@@ -219,3 +219,51 @@ html * {
     transition: all .3s ease;
 }
 
+/* Fiware */
+
+/*
+.blue{color:#0093C6;} rgb(0, 147, 198) 
+.blue-ligth{color:#009FD6;} rgb(0, 159, 214)
+.blue-dark{color:#3E80AD;} rgb(62, 128, 173)
+*/
+
+#fiware-connect {
+    background: rgb(255, 255, 255) url('/static/img/social-buttons/fiware.png') no-repeat scroll 5px 1px / 45px 45px padding-box border-box;
+    border: 1px solid rgb(62, 128, 173);
+    color: rgb(62, 128, 173);
+}
+
+#fiware-connect:hover {
+    color: rgb(255, 255, 255);
+    border-color: rgb(62, 128, 173);
+    background: rgb(62, 128, 173) url('/static/img/social-buttons/fiware_hover.png') no-repeat scroll 5px 1px / 45px 45px padding-box border-box;
+    -webkit-transition: all .8s ease-out;
+    -moz-transition: all .3s ease;
+    -ms-transition: all .3s ease;
+    -o-transition: all .3s ease;
+    transition: all .3s ease-out;
+}
+
+#fiware-connect span {
+    box-sizing: border-box;
+    color: rgb(62, 128, 173);
+    cursor: pointer;
+    text-align: center;
+    text-transform: uppercase;
+    border: 0px none rgb(62, 128, 173);
+    outline: rgb(62, 128, 173) none 0px;
+        -webkit-transition: all .3s ease;
+    -moz-transition: all .3s ease;
+    -ms-transition: all .3s ease;
+    -o-transition: all .3s ease;
+    transition: all .3s ease;
+}
+
+#fiware-connect:hover span {
+    color: rgb(0, 159, 214);
+    -webkit-transition: all .3s ease;
+    -moz-transition: all .3s ease;
+    -ms-transition: all .3s ease;
+    -o-transition: all .3s ease;
+    transition: all .3s ease;
+

shub/apps/users/templates/social/login.html

@@ -44,6 +44,10 @@ <h3>Hello, {{ user.get_full_name }}!</h3>
         <a class="social-button" id="google-connect" href="{% url 'social:begin' 'google-oauth2' %}?next={{ domain }}{{ request.path }}">Login with Google</a>
         {% endif %}
 
+        {% if ENABLE_FIWARE_AUTH %}
+        <a class="social-button" id="fiware-connect" href="{% url 'social:begin' 'fiware' %}?next={{ domain }}{{ request.path }}">Login with Fiware</a>
+        {% endif %}
+
         {% if 'ldap_auth' in PLUGINS_ENABLED %}
         <a class="social-button" id="ldap-login" href="{% url 'ldap_auth-login' %}?next={{ domain }}{{ request.path }}">Login with LDAP</a>
         {% endif %}

shub/plugins/fiware/__init__.py

@@ -0,0 +1 @@
+AUTHENTICATION_BACKENDS = ('shub.plugins.fiware.keyrock.KeyrockOAuth2',)

shub/plugins/fiware/keyrock.py

@@ -0,0 +1,83 @@
+"""
+Github OAuth2 backend, docs at:
+    https://python-social-auth.readthedocs.io/en/latest/backends/github.html
+"""
+from urllib.parse import urlencode
+from requests import HTTPError
+
+from six.moves.urllib.parse import urljoin
+
+from social_core.backends.oauth import BaseOAuth2
+from social_core.exceptions import AuthFailed
+
+from django.conf import settings
+from shub.logger import bot
+
+import base64
+
+
+class KeyrockOAuth2(BaseOAuth2):
+    """Keyrock OAuth authentication backend"""
+    name = 'fiware'
+    AUTHORIZATION_URL = urljoin(
+        settings.FIWARE_IDM_ENDPOINT, '/oauth2/authorize')
+    ACCESS_TOKEN_URL = urljoin(settings.FIWARE_IDM_ENDPOINT, '/oauth2/token')
+    #LOGOUT_URL = urljoin(settings.FIWARE_IDM_ENDPOINT, '/auth/logout')
+    ACCESS_TOKEN_METHOD = 'POST'
+
+    REDIRECT_STATE = False
+
+    EXTRA_DATA = [
+        ('id', 'username'),
+        ('id', 'uid')
+    ]
+
+    def get_user_id(self, details, response):
+        return response['id']
+
+    def get_user_details(self, response):
+        """Return user details from FI-WARE account"""
+        bot.debug( {'username': response.get('id'),
+                'email': response.get('email') or '',
+                'fullname': response.get('displayName') or ''})
+        return {'username': response.get('id'),
+                'email': response.get('email') or '',
+                'fullname': response.get('displayName') or ''}
+
+    def user_data(self, access_token, *args, **kwargs):
+        """Loads user data from service"""
+        url = urljoin(settings.FIWARE_IDM_ENDPOINT, '/user?' + urlencode({
+            'access_token': access_token
+        }))
+        bot.debug(self.get_json(url))
+        return self.get_json(url)
+
+    def auth_headers(self):
+        response = super(KeyrockOAuth2, self).auth_headers()
+
+        keys = settings.SOCIAL_AUTH_FIWARE_KEY + \
+            ":" + settings.SOCIAL_AUTH_FIWARE_SECRET
+        authorization_basic = base64.b64encode(
+            keys.encode('ascii')).decode('ascii')
+        response['Authorization'] = 'Basic ' + authorization_basic
+
+        bot.debug(response)
+        return response
+
+    def auth_complete_params(self, state=None):
+        # response = super(KeyrockOAuth2, self).auth_complete_params(state)
+        # response['grant_type'] = 'authorization_code' + \
+        #     '&code=' + response['code'] + \
+        #     '&redirect_uri=' + response['redirect_uri']
+        # return response
+
+        bot.debug( {
+            'grant_type': 'authorization_code',  # request auth code
+            'code': self.data.get('code', ''),  # server response code
+            'redirect_uri': self.get_redirect_uri(state)
+        } )
+        return {
+            'grant_type': 'authorization_code',  # request auth code
+            'code': self.data.get('code', ''),  # server response code
+            'redirect_uri': self.get_redirect_uri(state)
+        }

shub/plugins/fiware/urls.py

@@ -0,0 +1 @@
+urlpatterns = []

shub/settings/auth.py

@@ -1,8 +1,8 @@
 '''
 
-Copyright (C) 2017-2018 The Board of Trustees of the Leland Stanford Junior
+Copyright (C) 2017 The Board of Trustees of the Leland Stanford Junior
 University.
-Copyright (C) 2017-2018 Vanessa Sochat.
+Copyright (C) 2017 Vanessa Sochat.
 
 This program is free software: you can redistribute it and/or modify it
 under the terms of the GNU Affero General Public License as published by

shub/settings/config.py

@@ -26,6 +26,8 @@
 ENABLE_TWITTER_AUTH=True
 ENABLE_GITHUB_AUTH=False
 ENABLE_GITLAB_AUTH=False
+ENABLE_FIWARE_AUTH=False
+
 
 # NOTE you will need to set autehtication methods up.
 # Configuration goes into secrets.py
@@ -103,5 +105,6 @@
 
 # - ldap_auth: Allows sregistry to authenitcate against an LDAP directory
 PLUGINS_ENABLED = [
-#    'ldap_auth'
+#    'ldap_auth',
+#    'fiware',
 ]

shub/settings/dummy_secrets.py

@@ -57,6 +57,16 @@
 #SOCIAL_AUTH_GITLAB_SECRET = ''
 
 
+# -----------------------------------------------------------------------------
+# Fiware Keyrock OAuth2
+# Only required if ENABLE_FIWARE_AUTH=TRUE in config.py
+
+#FIWARE_IDM_ENDPOINT = 'https://account.lab.fiware.org'
+#SOCIAL_AUTH_FIWARE_KEY = ''
+#SOCIAL_AUTH_FIWARE_SECRET = ''
+
+
+
 
 # =============================================================================
 # Plugin Authentication