From ca841a0d1c63eff2d5a67b2ef5fdadbb035c73c0 Mon Sep 17 00:00:00 2001
From: Maiken Pedersen <maikenp@usit.uio.no>
Date: Tue, 19 Sep 2023 15:46:08 +0200
Subject: [PATCH] New backend for the WLCG IAM testing site (#820)

* New backend for the WLCG IAM testing site

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Update wlcg.py

Adding email scope in default scope

* Adding test for wlcg backend

Co-authored-by: Maiken Pedersen <maikenp@uio.no>
---
 social_core/backends/wlcg.py            | 38 +++++++++++++++++++++++++
 social_core/tests/backends/test_wlcg.py | 30 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 social_core/backends/wlcg.py
 create mode 100644 social_core/tests/backends/test_wlcg.py

diff --git a/social_core/backends/wlcg.py b/social_core/backends/wlcg.py
new file mode 100644
index 00000000..cc4861a2
--- /dev/null
+++ b/social_core/backends/wlcg.py
@@ -0,0 +1,38 @@
+from urllib.parse import urlencode
+
+from .oauth import BaseOAuth2
+
+
+class WLCGOAuth2(BaseOAuth2):
+    """
+    WLCG IAM Authentication Backend
+    """
+
+    name = "wlcg"
+    API_URL = "https://wlcg.cloud.cnaf.infn.it"
+    AUTHORIZATION_URL = "https://wlcg.cloud.cnaf.infn.it/authorize"
+    ACCESS_TOKEN_URL = "https://wlcg.cloud.cnaf.infn.it/token"
+    REFRESH_TOKEN_URL = "https://wlcg.cloud.cnaf.infn.it/token"
+    ACCESS_TOKEN_METHOD = "POST"
+    DEFAULT_SCOPE = ["openid", "email", "profile", "wlcg", "offline_access"]
+    REDIRECT_STATE = False
+
+    def get_user_details(self, response):
+        """Return user details from WLCG IAM service"""
+        fullname, first_name, last_name = self.get_user_names(
+            first_name=response.get("given_name"), last_name=response.get("family_name")
+        )
+        return {
+            "username": response.get("email"),
+            "email": response.get("email"),
+            "fullname": fullname,
+            "first_name": first_name,
+            "last_name": last_name,
+        }
+
+    def user_data(self, access_token, *args, **kwargs):
+        """Loads user data from service"""
+        url = "https://wlcg.cloud.cnaf.infn.it/userinfo?" + urlencode(
+            {"access_token": access_token}
+        )
+        return self.get_json(url)
diff --git a/social_core/tests/backends/test_wlcg.py b/social_core/tests/backends/test_wlcg.py
new file mode 100644
index 00000000..08fcfa8d
--- /dev/null
+++ b/social_core/tests/backends/test_wlcg.py
@@ -0,0 +1,30 @@
+import json
+
+from .oauth import OAuth2Test
+
+
+class WLCGOAuth2Test(OAuth2Test):
+    backend_path = "social_core.backends.wlcg.WLCGOAuth2"
+    user_data_url = "https://wlcg.cloud.cnaf.infn.it/userinfo"
+    expected_username = "foo@bar.com"
+    access_token_body = json.dumps(
+        {
+            "access_token": "foobar",
+            "token_type": "bearer",
+        }
+    )
+    user_data_body = json.dumps(
+        {
+            "email": "foo@bar.com",
+            "family_name": "Bar",
+            "given_name": "Foo",
+            "name": "Foo Bar",
+            "email_verified": True,
+        }
+    )
+
+    def test_login(self):
+        self.do_login()
+
+    def test_partial_pipeline(self):
+        self.do_partial_pipeline()