Skip to content

Commit

Permalink
Merge branch 'refs/heads/main' into refactoring/sso-session-creation
Browse files Browse the repository at this point in the history 
# Conflicts:
#	seacatauth/authn/service.py
  • Loading branch information
@byewokko
byewokko committed May 28, 2024
2 parents 7021197 + 656c050 commit dbcf942
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 44 deletions.
2 changes: 0 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
## v24.20

### Pre-releases
- `v24.20-alpha8`
- `v24.20-alpha7`
- `v24.20-alpha6`
- `v24.20-alpha5`
Expand All @@ -26,7 +25,6 @@
- Configurable password criteria (#372, `v24.20-alpha1`)

### Refactoring
- Move SSO session creation into session service (#387, `v24.20-alpha8`)
- Refactor duplicate code in session build (#386, `v24.20-alpha7`)

---
Expand Down
53 changes: 11 additions & 42 deletions seacatauth/session/service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,7 @@
from .adapter import SessionAdapter, rest_get
from .algorithmic import AlgorithmicSessionProvider
from .token import SessionTokenService
from .builders import (
oauth2_session_builder,
credentials_session_builder,
authz_session_builder,
authentication_session_builder,
available_factors_session_builder,
external_login_session_builder,
cookie_session_builder
)
from .builders import oauth2_session_builder, credentials_session_builder, authz_session_builder

#

Expand Down Expand Up @@ -655,35 +647,6 @@ async def inherit_or_generate_new_track_id(
return await self.get(dst_session.SessionId)


async def build_sso_root_session(
self,
credentials_id: str,
login_descriptor: dict,
):
authentication_service = self.App.get_service("seacatauth.AuthenticationService")
credentials_service = self.App.get_service("seacatauth.CredentialsService")
tenant_service = self.App.get_service("seacatauth.TenantService")
role_service = self.App.get_service("seacatauth.RoleService")

scope = frozenset(["profile", "email", "phone"])
ext_login_svc = self.App.get_service("seacatauth.ExternalLoginService")
session_builders = [
await credentials_session_builder(credentials_service, credentials_id, scope),
authentication_session_builder(login_descriptor),
await available_factors_session_builder(authentication_service, credentials_id),
await external_login_session_builder(ext_login_svc, credentials_id),
# TODO: SSO session should not need to have Authz data
await authz_session_builder(
tenant_service=tenant_service,
role_service=role_service,
credentials_id=credentials_id,
tenants=None, # Root session is tenant-agnostic
),
cookie_session_builder(),
]
return session_builders


async def build_client_session(
self,
root_session: SessionAdapter,
Expand Down Expand Up @@ -719,13 +682,19 @@ async def build_client_session(
]

if "profile" in scope or "userinfo:authn" in scope or "userinfo:*" in scope:
session_builders.append(
await external_login_session_builder(external_login_service, root_session.Credentials.Id))
session_builders.append(
await available_factors_session_builder(authentication_service, root_session.Credentials.Id))
available_factors = await authentication_service.get_eligible_factors(root_session.Credentials.Id)
available_external_logins = {}
for result in await external_login_service.list(root_session.Credentials.Id):
try:
available_external_logins[result["type"]] = result["sub"]
except KeyError:
# BACK COMPAT
available_external_logins[result["t"]] = result["s"]
session_builders.append([
(SessionAdapter.FN.Authentication.LoginDescriptor, root_session.Authentication.LoginDescriptor),
(SessionAdapter.FN.Authentication.LoginFactors, root_session.Authentication.LoginFactors),
(SessionAdapter.FN.Authentication.AvailableFactors, available_factors),
(SessionAdapter.FN.Authentication.ExternalLoginOptions, available_external_logins),
])

if "batman" in scope:
Expand Down

0 comments on commit dbcf942

Please sign in to comment.