From 7f4b5bd0300e447d6238bbab7bc04dc3b051527a Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Wed, 11 Sep 2019 18:39:09 +0200
Subject: [PATCH] Add graphql backend

---
 login_provider/app.py | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/login_provider/app.py b/login_provider/app.py
index 654b25d..8f64f53 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -6,9 +6,13 @@ from wtforms import SubmitField, StringField, PasswordField
 from flask_wtf import FlaskForm
 from wtforms.validators import required
 from flask_login import UserMixin, login_user, logout_user, LoginManager, login_required, current_user
+from graphqlclient import GraphQLClient
+from json import loads
 
 
 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
+GRAPHQL_URL = environ['GRAPHQL_URL']
+graphql_client = GraphQLClient(GRAPHQL_URL)
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = urandom(16)
@@ -26,14 +30,27 @@ class User(UserMixin):
         self._load_remote_user_info()
 
     def _load_remote_user_info(self):
-        #TODO get user info via api call
-        self.active = True
-        self.email = "test@example.net"
+        querystring = '''{{
+        getUser(username: "{0}"){{
+            email,
+            active
+            }}}}'''.format(self.username).strip()
+        result = loads(graphql_client.execute(querystring))
+        if "data" in result:
+            self.active = result["data"]["getUser"]["active"]
+            self.email = result["data"]["getUser"]["email"]
 
     def authenticate(self, password):
-        #TODO verify password
-        user.is_authenticated = True
-        return True
+        querystring = '''{{
+        verifyPassword(
+            username: "{0}",
+            password: "{1}")
+            }}'''.format(self.username, password).strip()
+        result = loads(graphql_client.execute(querystring))
+        auth = False
+        if "data" in result:
+            auth = result["data"]["verifyPassword"]
+        return auth
 
 
 @login_manager.user_loader
@@ -69,8 +86,8 @@ def home():
 def login():
     login_form = LoginForm()
     if login_form.validate_on_submit():
-        user = User(login_form["username"])
-        if user.active:
+        user = User(login_form.username.data)
+        if user.active and user.authenticate(login_form.password.data):
             login_user(user)
         next_url = request.args.get('next')
         if not is_safe_url(next):
-- 
GitLab