modules/fm-orchestrator
1
0
Fork 0
mirror of https://pagure.io/fm-orchestrator.git synced 2026-06-14 22:17:34 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check that our required OIDC scopes are present.

Browse Source
This commit is contained in:
Ralph Bean
2017-02-17 10:55:37 -05:00
parent 20d1abfcfc
commit 54770cdc23
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
module_build_service/auth.py
View File

@@ -102,6 +102,17 @@ def get_user(request):
if not "active" in data or not data["active"]: if not "active" in data or not data["active"]:
raise Unauthorized("OIDC token invalid or expired.") raise Unauthorized("OIDC token invalid or expired.")
presented_scopes = data['scope']
required_scopes = [
'openid',
'https://id.fedoraproject.org/scope/groups',
'https://mbs.fedoraproject.org/oidc/submit-build',
]
for scope in required_scopes:
if scope not in presented_scopes:
raise Unauthorized("Required OIDC scope %r not present: %r" % (
scope, presented_scopes))
try: try:
extended_data = _get_user_info(token) extended_data = _get_user_info(token)
except Exception as e: except Exception as e: