aboutsummaryrefslogtreecommitdiffstats
path: root/python/fatcat_web
diff options
context:
space:
mode:
Diffstat (limited to 'python/fatcat_web')
-rw-r--r--python/fatcat_web/__init__.py8
-rw-r--r--python/fatcat_web/auth.py7
-rw-r--r--python/fatcat_web/templates/auth_login.html10
3 files changed, 13 insertions, 12 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py
index 6e285ddb..ba789609 100644
--- a/python/fatcat_web/__init__.py
+++ b/python/fatcat_web/__init__.py
@@ -8,7 +8,7 @@ from flask_wtf.csrf import CSRFProtect
from flask_misaka import Misaka
from flask_mwoauth import MWOAuth
from authlib.flask.client import OAuth
-from loginpass import create_flask_blueprint, Gitlab, GitHub
+from loginpass import create_flask_blueprint, Gitlab, GitHub, ORCiD
from raven.contrib.flask import Sentry
import fatcat_client
@@ -74,9 +74,9 @@ app.register_blueprint(mwoauth.bp, url_prefix='/auth/wikipedia')
from fatcat_web import routes, editing_routes, auth, cors, forms
# TODO: blocking on ORCID support in loginpass
-#if Config.ORCID_CLIENT_ID:
-# orcid_bp = create_flask_blueprint(ORCID, oauth, auth.handle_oauth)
-# app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
+if Config.ORCID_CLIENT_ID:
+ orcid_bp = create_flask_blueprint(ORCiD, oauth, auth.handle_oauth)
+ app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
if Config.GITLAB_CLIENT_ID:
gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index 44a03f5f..06c8475b 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -54,10 +54,15 @@ def handle_oauth(remote, token, user_info):
# not sure all loginpass backends will set it
if user_info.get('preferred_username'):
preferred_username = user_info['preferred_username']
+ elif 'orcid.org' in iss:
+ # as a special case, prefix ORCiD identifier so it can be used as a
+ # username. If we instead used the human name, we could have
+ # collisions. Not a great user experience either way.
+ preferred_username = 'i' + user_info['sub'].replace('-', '')
else:
preferred_username = user_info['sub']
- params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, user_info['preferred_username'])
+ params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, preferred_username)
# this call requires admin privs
(resp, http_status, http_headers) = priv_api.auth_oidc_with_http_info(params)
editor = resp.editor
diff --git a/python/fatcat_web/templates/auth_login.html b/python/fatcat_web/templates/auth_login.html
index 6e9b1f15..85e33d79 100644
--- a/python/fatcat_web/templates/auth_login.html
+++ b/python/fatcat_web/templates/auth_login.html
@@ -37,21 +37,17 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
</div>
{% endif %}
-{# not implemented in login pass yet #}
{% if config.ORCID_CLIENT_ID %}
-{# <a href="/auth/orcid/login"> #}
+<a href="/auth/orcid/login">
<div class="ui segment attached">
<h2 class="ui header">
- {# <img src="/static/orcid_icon.png" style="width: 1.5em;"> #}
- <i class="grey times circle icon"></i>
+ <img src="/static/orcid_icon.png" style="width: 1.5em;">
<div class="content">
ORCiD
- {# <div class="sub header">via OpenID Connect</div> #}
- <div class="sub header">not implemented yet</div>
+ <div class="sub header">via OpenID Connect</div>
</div>
</h2>
</div>
-{# </a> #}
{% endif %}
{% if config.WIKIPEDIA_CLIENT_ID %}