davinirjr · d4n1 · May 4, 2015 · May 27, 2015 · May 27, 2015 · May 27, 2015
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Intelie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/oidc_auth/apps.py b/oidc_auth/apps.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.apps import AppConfig
+
+
+class OidcAuthConfig(AppConfig):
+    name = 'oidc_auth'
diff --git a/oidc_auth/migrations/0001_initial.py b/oidc_auth/migrations/0001_initial.py
@@ -1,124 +1,52 @@
 # -*- coding: utf-8 -*-
-from south.utils import datetime_utils as datetime
-from south.db import db
-from south.v2 import SchemaMigration
-from django.db import models
-
-
-class Migration(SchemaMigration):
-
-    def forwards(self, orm):
-        # Adding model 'Nonce'
-        db.create_table(u'oidc_auth_nonce', (
-            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
-            ('issuer_url', self.gf('django.db.models.fields.URLField')(max_length=200)),
-            ('state', self.gf('django.db.models.fields.CharField')(unique=True, max_length=255)),
-            ('redirect_url', self.gf('django.db.models.fields.CharField')(max_length=100)),
-        ))
-        db.send_create_signal(u'oidc_auth', ['Nonce'])
-
-        # Adding model 'OpenIDProvider'
-        db.create_table(u'oidc_auth_openidprovider', (
-            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
-            ('issuer', self.gf('django.db.models.fields.URLField')(unique=True, max_length=200)),
-            ('authorization_endpoint', self.gf('django.db.models.fields.URLField')(max_length=200)),
-            ('token_endpoint', self.gf('django.db.models.fields.URLField')(max_length=200)),
-            ('userinfo_endpoint', self.gf('django.db.models.fields.URLField')(max_length=200)),
-            ('jwks_uri', self.gf('django.db.models.fields.URLField')(max_length=200, null=True, blank=True)),
-            ('signing_alg', self.gf('django.db.models.fields.CharField')(default='RS256', max_length=5)),
-            ('client_id', self.gf('django.db.models.fields.CharField')(max_length=255)),
-            ('client_secret', self.gf('django.db.models.fields.CharField')(max_length=255)),
-        ))
-        db.send_create_signal(u'oidc_auth', ['OpenIDProvider'])
-
-        # Adding model 'OpenIDUser'
-        db.create_table(u'oidc_auth_openiduser', (
-            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
-            ('sub', self.gf('django.db.models.fields.CharField')(unique=True, max_length=255)),
-            ('issuer', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['oidc_auth.OpenIDProvider'])),
-            ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='oidc_account', unique=True, to=orm['auth.User'])),
-            ('access_token', self.gf('django.db.models.fields.CharField')(max_length=255)),
-            ('refresh_token', self.gf('django.db.models.fields.CharField')(max_length=255)),
-        ))
-        db.send_create_signal(u'oidc_auth', ['OpenIDUser'])
-
-
-    def backwards(self, orm):
-        # Deleting model 'Nonce'
-        db.delete_table(u'oidc_auth_nonce')
-
-        # Deleting model 'OpenIDProvider'
-        db.delete_table(u'oidc_auth_openidprovider')
-
-        # Deleting model 'OpenIDUser'
-        db.delete_table(u'oidc_auth_openiduser')
-
-
-    models = {
-        u'auth.group': {
-            'Meta': {'object_name': 'Group'},
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
-            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
-        },
-        u'auth.permission': {
-            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
-            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
-            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
-        },
-        u'auth.user': {
-            'Meta': {'object_name': 'User'},
-            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
-            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
-            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
-            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Group']"}),
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
-            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
-            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
-            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
-            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
-            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
-            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Permission']"}),
-            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
-        },
-        u'contenttypes.contenttype': {
-            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
-            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
-            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
-        },
-        u'oidc_auth.nonce': {
-            'Meta': {'object_name': 'Nonce'},
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'issuer_url': ('django.db.models.fields.URLField', [], {'max_length': '200'}),
-            'redirect_url': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
-            'state': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'})
-        },
-        u'oidc_auth.openidprovider': {
-            'Meta': {'object_name': 'OpenIDProvider'},
-            'authorization_endpoint': ('django.db.models.fields.URLField', [], {'max_length': '200'}),
-            'client_id': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
-            'client_secret': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'issuer': ('django.db.models.fields.URLField', [], {'unique': 'True', 'max_length': '200'}),
-            'jwks_uri': ('django.db.models.fields.URLField', [], {'max_length': '200', 'null': 'True', 'blank': 'True'}),
-            'signing_alg': ('django.db.models.fields.CharField', [], {'default': "'RS256'", 'max_length': '5'}),
-            'token_endpoint': ('django.db.models.fields.URLField', [], {'max_length': '200'}),
-            'userinfo_endpoint': ('django.db.models.fields.URLField', [], {'max_length': '200'})
-        },
-        u'oidc_auth.openiduser': {
-            'Meta': {'object_name': 'OpenIDUser'},
-            'access_token': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
-            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'issuer': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['oidc_auth.OpenIDProvider']"}),
-            'refresh_token': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
-            'sub': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'}),
-            'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'oidc_account'", 'unique': 'True', 'to': u"orm['auth.User']"})
-        }
-    }
-
-    complete_apps = ['oidc_auth']
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Nonce',
+            fields=[
+                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                ('issuer_url', models.URLField()),
+                ('state', models.CharField(unique=True, max_length=255)),
+                ('redirect_url', models.CharField(max_length=100)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='OpenIDProvider',
+            fields=[
+                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                ('issuer', models.URLField(unique=True)),
+                ('authorization_endpoint', models.URLField()),
+                ('token_endpoint', models.URLField()),
+                ('userinfo_endpoint', models.URLField()),
+                ('jwks_uri', models.URLField(null=True, blank=True)),
+                ('signing_alg', models.CharField(default=b'HS256', max_length=5, choices=[(b'RS256', b'RS256'), (b'HS256', b'HS256')])),
+                ('client_id', models.CharField(max_length=255)),
+                ('client_secret', models.CharField(max_length=255)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='OpenIDUser',
+            fields=[
+                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
+                ('sub', models.CharField(unique=True, max_length=255)),
+                ('access_token', models.CharField(max_length=255)),
+                ('refresh_token', models.CharField(max_length=255)),
+                ('issuer', models.ForeignKey(to='oidc_auth.OpenIDProvider',
+                                             on_delete=models.PROTECT)),
+                ('user', models.OneToOneField(related_name='oidc_account',
+                                              on_delete=models.PROTECT,
+                                              to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
diff --git a/oidc_auth/models.py b/oidc_auth/models.py
@@ -1,7 +1,7 @@
 import string
 import random
 import json
-from urlparse import urljoin
+from urllib.parse import urljoin
 import requests
 from django.db import models, IntegrityError
 from django.conf import settings
@@ -196,9 +196,15 @@ def get_default_provider():
 
 class OpenIDUser(models.Model):
     sub = models.CharField(max_length=255, unique=True)
-    issuer = models.ForeignKey(OpenIDProvider)
-    user = models.OneToOneField(getattr(settings, 'AUTH_USER_MODEL', 'auth.User'),
-            related_name='oidc_account')
+    issuer = models.ForeignKey(
+        OpenIDProvider,
+        on_delete=models.PROTECT
+    )
+    user = models.OneToOneField(
+        getattr(settings, 'AUTH_USER_MODEL', 'auth.User'),
+        related_name='oidc_account',
+        on_delete=models.PROTECT
+    )
 
     access_token = models.CharField(max_length=255)
     refresh_token = models.CharField(max_length=255)
@@ -234,18 +240,21 @@ def get_or_create(cls, id_token, access_token, refresh_token, provider):
             log.debug('User with username %s not found locally, '
                       'so it will be created' % id_token['sub'])
 
-            claims = cls._get_userinfo(provider, id_token['sub'],
-                    access_token, refresh_token)
-
             user = UserModel()
 
-            user.username   = claims['preferred_username']
-            user.email      = claims['email']
-            user.first_name = claims['given_name']
-            user.last_name  = claims['family_name']
-            user.set_unusable_password()
+        # Always update user's local data
+        claims = cls._get_userinfo(provider, id_token['sub'],
+                                   access_token, refresh_token)
+
+        user.username   = claims['preferred_username']
+        user.email      = claims['email']
+        user.first_name = claims['given_name']
+        user.last_name  = claims['family_name']
+        user.is_superuser = claims.get('is_superuser', False)
+        user.is_staff = claims.get('is_staff', False)
 
-            user.save()
+        user.set_unusable_password()
+        user.save()
 
         # Avoid duplicate user key
         try:
@@ -265,7 +274,7 @@ def get_or_create(cls, id_token, access_token, refresh_token, provider):
                 user=user, access_token=access_token, refresh_token=refresh_token)
 
     @classmethod
-    def _get_userinfo(self, provider, sub, access_token, refresh_token):
+    def _get_userinfo(cls, provider, sub, access_token, refresh_token):
         # TODO encapsulate this?
         log.debug('Requesting userinfo in %s. sub: %s, access_token: %s' % (
             provider.userinfo_endpoint, sub, access_token))
@@ -282,7 +291,7 @@ def _get_userinfo(self, provider, sub, access_token, refresh_token):
             raise errors.InvalidUserInfo()
 
         name = '%s %s' % (claims['given_name'], claims['family_name'])
-        log.debug('userinfo of sub: %s -> name: %s, preferred_username: %s, email: %s' % (sub,
+        log.debug('t userinfo of sub: %s -> name: %s, preferred_username: %s, email: %s' % (sub,
             name, claims['preferred_username'], claims['email']))
 
         return claims