From 2bf3b4ed60f8d5a08d8d8d3025859aa39a387ba4 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Tue, 1 Oct 2019 16:35:26 +0200
Subject: [PATCH] Add openappstack_roles claim

---
 consent_provider/db.py      | 12 +++++++++++-
 test/create-hydra-client.sh |  3 ++-
 test/login_logout/app.py    |  2 +-
 user-panel                  |  2 +-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/consent_provider/db.py b/consent_provider/db.py
index dc5e0d4..9f8b149 100644
--- a/consent_provider/db.py
+++ b/consent_provider/db.py
@@ -21,6 +21,13 @@ class User():
                         name
                     }}
                 }}
+            }},
+            roles{{
+                edges{{
+                    node{{
+                        name
+                    }}
+                }}
             }}
             }}}}'''.format(self.username).strip()
         result = loads(graphql_client.execute(querystring))
@@ -28,6 +35,8 @@ class User():
             data = result["data"]["getUser"]
             self.applications = list(map(lambda x: x["node"]["name"],
                                          data["applications"]["edges"]))
+            self.roles = list(map(lambda x: x["node"]["name"],
+                                         data["roles"]["edges"]))
             self.email = data["email"]
 
     def has_app_permission(self, appname):
@@ -38,5 +47,6 @@ class User():
             "id_token": {
                 "name": self.username,
                 "preferred_username": self.username,
-                "email" : self.email}
+                "email" : self.email,
+                "openappstack_roles": self.roles}
         }
diff --git a/test/create-hydra-client.sh b/test/create-hydra-client.sh
index 569ebcf..6bbde99 100644
--- a/test/create-hydra-client.sh
+++ b/test/create-hydra-client.sh
@@ -5,8 +5,9 @@ SECRET=$2
 HOST=$3
 PORT=$4
 REDIRECT_URI=$5
+SCOPES="openid profile email openappstack_roles"
 
 curl --header "Content-Type: application/json" \
     --request POST \
-    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"openid profile email\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"$SCOPES\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
     http://$HOST:$PORT/clients
diff --git a/test/login_logout/app.py b/test/login_logout/app.py
index e5f6ed6..47ca68b 100644
--- a/test/login_logout/app.py
+++ b/test/login_logout/app.py
@@ -26,7 +26,7 @@ sso = oauth.remote_app(
     access_token_url=ACCESS_TOKEN_URL,
     authorize_url=AUTHORIZE_URL,
     consumer_key=KEY,
-    request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email"},
+    request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email openappstack_roles"},
     consumer_secret=SECRET)
 
 @sso.tokengetter
diff --git a/user-panel b/user-panel
index 5ee76d3..1ba28f4 160000
--- a/user-panel
+++ b/user-panel
@@ -1 +1 @@
-Subproject commit 5ee76d3dd010ff9893b9d61dbb7c9660758c8ddc
+Subproject commit 1ba28f459e1c5804432f7da7ad394895155f5a2a
-- 
GitLab