oauthclient: adds SSO with CERN-oauth service inveniosoftware#3

invenio/modules/oauthclient/contrib/cern.py

@@ -79,6 +79,9 @@
 from invenio.ext.sqlalchemy import db
 from flask.ext.login import current_user
 
+from werkzeug.local import LocalProxy
+from invenio.base.globals import cfg
+
 
 #: Tunable list of groups to be hidden.
 CFG_EXTERNAL_AUTH_HIDDEN_GROUPS = (
@@ -112,7 +115,7 @@
     )
 
 CFG_EXTERNAL_AUTH_TOKEN_PARAM_RESOURCE = 
-  current_app.config.get('CFG_EXTERNAL_AUTH_TOKEN_PARAM_RESOURCE')
+    LocalProxy(lambda: cfg['CFG_EXTERNAL_AUTH_TOKEN_PARAM_RESOURCE'])
 
 REMOTE_APP = dict(
     title="CERN",
@@ -129,7 +132,8 @@
     ),
     params=dict(
         request_token_params={
-          "resource": current_app.config.get('CFG_EXTERNAL_AUTH_TOKEN_PARAM_RESOURCE')
+          "resource": CFG_EXTERNAL_AUTH_TOKEN_PARAM_RESOURCE,
+          "scope": "user:email:groups"
         },
         base_url="https://oauth.web.cern.ch/",
         request_token_url=None,
@@ -152,14 +156,14 @@
 ))
 
 def fetch_groups(groups):
-  groups = [group for group in groups if group not in current_app.config.get(
-            'CFG_EXTERNAL_AUTH_HIDDEN_GROUPS',
-            CFG_EXTERNAL_AUTH_HIDDEN_GROUPS)]
-  for regexp in current_app.config.get('CFG_EXTERNAL_AUTH_HIDDEN_GROUPS_RE',
-                               CFG_EXTERNAL_AUTH_HIDDEN_GROUPS_RE):
-    for group in groups:
-      if regexp.match(group):
-        groups.remove(group)
+  # groups = [group for group in groups if group not in current_app.config.get(
+  #           'CFG_EXTERNAL_AUTH_HIDDEN_GROUPS',
+  #           CFG_EXTERNAL_AUTH_HIDDEN_GROUPS)]
+  # for regexp in current_app.config.get('CFG_EXTERNAL_AUTH_HIDDEN_GROUPS_RE',
+  #                              CFG_EXTERNAL_AUTH_HIDDEN_GROUPS_RE):
+  #   for group in groups:
+  #     if regexp.match(group):
+  #       groups.remove(group)
 
   return dict(map(lambda x: (x, '@' in x and x + ' (Mailing list)'
                                    or x + ' (Group)'), groups))