Login an anonymous user after a successful authn with an IdP.

galaxyproject · Dec 15, 2017 · 98d5910 · 98d5910
1 parent 8eba74c
commit 98d5910
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
@@ -68,6 +68,8 @@ def _parse_config(self, provider, config_xml):
 
         config[setting_name('DISCONNECT_REDIRECT_URL')] = ()
 
+        config[setting_name('INACTIVE_USER_LOGIN')] = True
+
         # TODO: set the following parameter
         # config[setting_name('VERIFY_SSL')] =
 
@@ -113,6 +115,7 @@ def load_backend(self, strategy, name, redirect_uri):
     def login_user(self, user):
         self.strategy.session_set("logged_in", True)
         self.strategy.session_set("user_id", self.trans.user)
+        self.strategy.session_set('user', user)
 
 
     def authenticate(self, trans):
@@ -161,7 +164,8 @@ def callback(self, state_token, authz_code, trans):
         self.backend.redirect_uri = "http://" + self.backend.redirect_uri
         # this is also temp; it is required in login_user. Find a method around using login_user -- I should not need it -- then remove the following line.
         self.trans = trans
-        return do_complete(self.backend, login=lambda backend, user, social_user: self.login_user(user), user=self.get_current_user(trans), state=state_token)
+        redirect_url = do_complete(self.backend, login=lambda backend, user, social_user: self.login_user(user), user=self.get_current_user(trans), state=state_token)
+        return redirect_url, self.strategy.session_get('user', None)
 
     def disconnect(self, provider, trans, association_id=None):
         _trans = trans

diff --git a/lib/galaxy/webapps/galaxy/controllers/authn.py b/lib/galaxy/webapps/galaxy/controllers/authn.py
@@ -17,11 +17,9 @@ def login(self, trans, **kwargs):
 
     @web.expose
     def callback(self, trans, **kwargs):
-        return trans.response.send_redirect(trans.app.authnz_manager.callback("Google", kwargs['state'], kwargs['code'], trans))
-        #if trans.app.authnz_manager.callback("Google", kwargs['state'], kwargs['code'], trans) is False:
-            # TODO: inform the user why he/she is being re-authenticated.
-            # self.google_authn(trans) # maybe not needed.
-        #    pass
+        redirect_url, user = trans.app.authnz_manager.callback("Google", kwargs['state'], kwargs['code'], trans)
+        trans.handle_user_login(user)
+        return trans.response.send_redirect(redirect_url)
 
     @web.expose
     @web.require_login("authenticate against Google identity provider")