ipsilon

Clone
Source Code
GIT

#100 Add Fedora SSH and GPG key mapping and make sure OpenID AX works with multiple values
Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.
puiterwijk/ipsilon add-ssh-key  into  master

file modified
+6 -1 
@@ -1,4 +1,4 @@ 
 

- # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
 

+ # Copyright (C) 2014,2016 Ipsilon project Contributors, for license see COPYING
 

  

  from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
 

      LoginManagerInstaller
 
@@ -35,6 +35,8 @@ 
 

      ['human_name', 'fullname'],
 

      ['email', 'email'],
 

      ['timezone', 'timezone'],
 

+     ['ssh_key', 'ssh_key'],
 

+     ['gpg_keyid', 'gpg_keyid'],
 

  ]
 

  

  
@@ -84,6 +86,9 @@ 
 

      def make_userdata(self, fas_data):
 

          userdata, fas_extra = self.mapper.map_attributes(fas_data)
 

  

+         # We need to split ssh keys by newline, since we can't send newlines
 

+         userdata['ssh_key'] = userdata['ssh_key'].split('\n')
 

+ 

          # compute and store groups and cla groups
 

          userdata['_groups'] = []
 

          userdata['_extras'] = {'fas': fas_extra, 'cla': []}

file modified
+18 -2 
@@ -2,6 +2,7 @@ 
 

  

  from __future__ import absolute_import
 

  

+ from ipsilon.providers.common import AuthenticationError
 

  from ipsilon.providers.openid.extensions.common import OpenidExtensionBase
 

  from openid.extensions import ax
 

  
@@ -38,12 +39,27 @@ 
 

              return None
 

          resp = ax.FetchResponse(req)
 

          for name in req.requested_attributes:
 

+             attr = req.requested_attributes[name]
 

              try:
 

                  self.debug(name)
 

+                 value = None
 

                  if name in AP_MAP:
 

-                     resp.addValue(name, userdata[AP_MAP[name]])
 

+                     value = userdata[AP_MAP[name]]
 

                  else:
 

-                     resp.addValue(name, userdata[name])
 

+                     value = userdata[name]
 

+ 

+                 if '\n' in value:
 

+                     raise AuthenticationError('Newline in attribute %s' % name)
 

+ 

+                 added_vals = 0
 

+                 if not isinstance(value, list):
 

+                     value = [value]
 

+                 for val in value:
 

+                     val = val.strip()
 

+                     if attr.wantsUnlimitedValues() or added_vals < attr.count:
 

+                         if val != '':
 

+                             added_vals += 1
 

+                             resp.addValue(name, val)
 

              except Exception:  # pylint: disable=broad-except
 

                  pass
 

          return resp

no initial comment

Should we check if val has actually a value? (ie is not an empty line?)

2 new commits added

  • Split multiple OpenID AX values
  • Add ssh and gpg key id mappings to authfas
7 years ago

Looks good to me :)

rebased
7 years ago

is it safe to assume val has been stripped?

one question, otherwise looks sane to me

Well, if it's an empty string, that's just fine problem. The only problem is we need to be careful sending empty strings.

If it's a string with just whitespace, that's just fine. is what I meant to say.

Ok, but does it make sense?

rebased
7 years ago

:thumbsup: for me

rebased
7 years ago

Pull-Request has been merged by puiterwijk
7 years ago
Metadata
None
No Tags
Changes Summary 2
+6 -1
file changed
ipsilon/login/authfas.py
+18 -2
file changed
ipsilon/providers/openid/extensions/ax.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.