add c3voc sso

voc · Dec 23, 2024 · c7580a1 · c7580a1
1 parent 7ebc23f
commit c7580a1
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/util/sso/__init__.py b/util/sso/__init__.py
@@ -1,4 +1,11 @@
 from conf import CONFIG
+from util.sso.c3voc import (
+    check_c3voc_allowed_login,
+    check_c3voc_is_admin,
+    check_c3voc_no_limit,
+    get_c3voc_userid,
+    get_c3voc_username,
+)
 from util.sso.github import (
     check_github_allowed_login,
     check_github_is_admin,
@@ -8,6 +15,20 @@
 )
 
 SSO_CONFIG = {
+    "c3voc": {
+        "display_name": "C3VOC",
+        "authorize_url": "https://sso.c3voc.de/application/o/authorize/",
+        "token_url": "https://sso.c3voc.de/application/o/token/",
+        "scopes": ["openid", "profile", "groups"],
+        "userinfo_url": "https://sso.c3voc.de/application/o/userinfo/",
+        "functions": {
+            "is_admin": check_c3voc_is_admin,
+            "login_allowed": check_c3voc_allowed_login,
+            "no_limit": check_c3voc_no_limit,
+            "userid": get_c3voc_userid,
+            "username": get_c3voc_username,
+        },
+    },
     "github": {
         "display_name": "GitHub",
         "authorize_url": "https://github.com/login/oauth/authorize",

diff --git a/util/sso/c3voc.py b/util/sso/c3voc.py
@@ -0,0 +1,25 @@
+from datetime import datetime, timezone
+from logging import getLogger
+
+from conf import CONFIG
+
+LOG = getLogger("SSO-C3VOC")
+
+def get_c3voc_userid(userinfo_json):
+    return "c3voc:{}".format(userinfo_json["preferred_username"])
+
+
+def get_c3voc_username(userinfo_json):
+    return "{} (C3VOC)".format(userinfo_json["preferred_username"])
+
+
+def check_c3voc_allowed_login(userinfo_json):
+    return True
+
+
+def check_c3voc_is_admin(userinfo_json):
+    return "signage-admins" in userinfo_json["groups"]
+
+
+def check_c3voc_no_limit(userinfo_json):
+    return "signage-no-limit" in userinfo_json["groups"]