-
-
Notifications
You must be signed in to change notification settings - Fork 3k
/
provider.py
114 lines (94 loc) · 3.14 KB
/
provider.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
from allauth.account.models import EmailAddress
from allauth.socialaccount import app_settings
from allauth.socialaccount.providers.authentiq.views import (
AuthentiqOAuth2Adapter,
)
from allauth.socialaccount.providers.base import AuthAction, ProviderAccount
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
class Scope(object):
NAME = "aq:name"
EMAIL = "email"
PHONE = "phone"
ADDRESS = "address"
LOCATION = "aq:location"
PUSH = "aq:push"
IDENTITY_CLAIMS = frozenset(
[
"sub",
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at",
"aq:location",
]
)
class AuthentiqAccount(ProviderAccount):
def get_profile_url(self):
return self.account.extra_data.get("profile")
def get_avatar_url(self):
return self.account.extra_data.get("picture")
def to_str(self):
dflt = super(AuthentiqAccount, self).to_str()
return self.account.extra_data.get("name", dflt)
class AuthentiqProvider(OAuth2Provider):
id = "authentiq"
name = "Authentiq"
account_class = AuthentiqAccount
oauth2_adapter_class = AuthentiqOAuth2Adapter
def get_scope_from_request(self, request):
scope = set(super().get_scope_from_request(request))
scope.add("openid")
if Scope.EMAIL in scope:
modifiers = ""
if app_settings.EMAIL_REQUIRED:
modifiers += "r"
if app_settings.EMAIL_VERIFICATION:
modifiers += "s"
if modifiers:
scope.add(Scope.EMAIL + "~" + modifiers)
scope.remove(Scope.EMAIL)
return list(scope)
def get_default_scope(self):
scope = [Scope.NAME, Scope.PUSH]
if app_settings.QUERY_EMAIL:
scope.append(Scope.EMAIL)
return scope
def get_auth_params_from_request(self, request, action):
ret = super().get_auth_params_from_request(request, action)
if action == AuthAction.REAUTHENTICATE:
ret["prompt"] = "select_account"
return ret
def extract_uid(self, data):
return str(data["sub"])
def extract_common_fields(self, data):
return dict(
username=data.get("preferred_username", data.get("given_name")),
email=data.get("email"),
name=data.get("name"),
first_name=data.get("given_name"),
last_name=data.get("family_name"),
)
def extract_extra_data(self, data):
return {k: v for k, v in data.items() if k in IDENTITY_CLAIMS}
def extract_email_addresses(self, data):
ret = []
email = data.get("email")
if email and data.get("email_verified"):
ret.append(EmailAddress(email=email, verified=True, primary=True))
return ret
provider_classes = [AuthentiqProvider]