peridot
/
pdot_common
mirror of https://github.com/peridotbuild/pdot_common.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

oidc: Add support for requiring groups

This commit is contained in:
Mustafa Gezen 2023-07-02 07:54:37 +02:00
parent 9b8cf8f34a
commit a880481cc7
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
.idea
__pycache__
.venv
*.egg-info

18
pdot_common/oidc/__init__.py
View File

@ -1,4 +1,4 @@
from dataclasses import dataclass
from dataclasses import dataclass, field
import httpx
@ -9,6 +9,7 @@ from fastapi.responses import JSONResponse
@dataclass
class OIDCConfig:
userinfo_endpoint: str
required_groups: list[str] = field(default_factory=list)
def add_oidc_middleware(app: FastAPI, config: OIDCConfig):
@ -65,6 +66,21 @@ def add_oidc_middleware(app: FastAPI, config: OIDCConfig):
content={"detail": "Invalid token"},
)
if config.required_groups:
if not userinfo.get("groups"):
return JSONResponse(
status_code=401,
content={"detail": "User does not have any groups"},
)
if not any(
group in userinfo["groups"] for group in config.required_groups
):
return JSONResponse(
status_code=401,
content={"detail": "User does not have required groups"},
)
request.state.userinfo = userinfo
return await call_next(request)