From 60856cb7b91fb35dd68556c98518287d9250a219 Mon Sep 17 00:00:00 2001
From: Robert Picard <robert@robert.io>
Date: Tue, 22 Dec 2015 14:37:29 -0500
Subject: [PATCH] Add an endpoint to return active authentication providers

This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
---
 docs/administration/index.rst                 | 38 ++++++++++++++++++-
 lemur/auth/views.py                           | 34 +++++++++++++++++
 lemur/static/app/angular/app.js               | 25 ++++++------
 .../app/angular/authentication/login/login.js |  1 +
 .../authentication/login/login.tpl.html       |  4 +-
 .../app/angular/authentication/services.js    |  4 ++
 6 files changed, 90 insertions(+), 16 deletions(-)

diff --git a/docs/administration/index.rst b/docs/administration/index.rst
index f9cf293b..9dd94952 100644
--- a/docs/administration/index.rst
+++ b/docs/administration/index.rst
@@ -262,11 +262,18 @@ for those plugins.
 
 Authentication
 --------------
-Lemur currently supports Basic Authentication and Ping OAuth2 out of the box. Additional flows can be added relatively easily.
-If you are not using Ping you do not need to configure any of these options.
+Lemur currently supports Basic Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
+If you are not using an authentication provider you do not need to configure any of these options.
 
 For more information about how to use social logins, see: `Satellizer <https://github.com/sahat/satellizer>`_
 
+.. data:: ACTIVE_PROVIDERS
+    :noindex:
+
+    ::
+
+        ACTIVE_PROVIDERS = ["ping", "google"]
+
 .. data:: PING_SECRET
     :noindex:
 
@@ -296,6 +303,33 @@ For more information about how to use social logins, see: `Satellizer <https://g
 
         PING_JWKS_URL = "https://<yourpingserver>/pf/JWKS"
 
+.. data:: PING_NAME
+    :noindex:
+
+    ::
+
+        PING_NAME = "Example Oauth2 Provider"
+
+.. data:: PING_CLIENT_ID
+    :noindex:
+
+    ::
+
+        PING_CLIENT_ID = "client-id"
+
+.. data:: GOOGLE_CLIENT_ID
+    :noindex:
+
+    ::
+
+        GOOGLE_CLIENT_ID = "client-id"
+
+.. data:: GOOGLE_SECRET
+    :noindex:
+
+    ::
+
+        GOOGLE_SECRET = "somethingsecret"
 
 
 AWS Plugin Configuration
diff --git a/lemur/auth/views.py b/lemur/auth/views.py
index 6161e611..aa8823e1 100644
--- a/lemur/auth/views.py
+++ b/lemur/auth/views.py
@@ -270,6 +270,40 @@ class Google(Resource):
             return dict(token=create_token(user))
 
 
+class Providers(Resource):
+
+    def get(self):
+
+        active_providers = dict()
+
+        for provider in current_app.config.get("ACTIVE_PROVIDERS"):
+            provider = provider.lower()
+
+            if provider == "google":
+
+                active_providers["google"] = {
+                    'clientId': current_app.config.get("GOOGLE_CLIENT_ID"),
+                    'url': api.url_for(Google)
+                }
+
+            elif provider == "ping":
+
+                active_providers["oauth2"] = {
+                    'name': current_app.config.get("PING_NAME"),
+                    'url': api.url_for(Ping),
+                    'redirectUri': '',  # TODO
+                    'clientId': current_app.config.get("PING_CLIENT_ID"),
+                    'responseType': 'code',
+                    'scope': ['openid', 'email', 'profile', 'address'],
+                    'scopeDelimeter': ' ',
+                    'authorizationEndpoint': '',  # TODO
+                    'requiredUrlParams': ['scope']
+                }
+
+        return active_providers
+
+
 api.add_resource(Login, '/auth/login', endpoint='login')
 api.add_resource(Ping, '/auth/ping', endpoint='ping')
 api.add_resource(Google, '/auth/google', endpoint='google')
+api.add_resource(Providers, '/auth/providers', endpoint='providers')
diff --git a/lemur/static/app/angular/app.js b/lemur/static/app/angular/app.js
index 5a1a709a..5c72b1bd 100644
--- a/lemur/static/app/angular/app.js
+++ b/lemur/static/app/angular/app.js
@@ -18,7 +18,7 @@ var lemur = angular
     'angular-clipboard',
     'ngFileSaver'
   ])
-  .config(function ($stateProvider, $urlRouterProvider, $authProvider) {
+  .config(function ($stateProvider, $urlRouterProvider, $authProvider, AuthenticationService) {
     $urlRouterProvider.otherwise('/welcome');
 
     $stateProvider
@@ -27,17 +27,18 @@ var lemur = angular
         templateUrl: 'angular/welcome/welcome.html'
       });
 
-    $authProvider.oauth2({
-      name: 'example',
-      url: 'http://localhost:8000/api/1/auth/ping',
-      redirectUri: 'http://localhost:3000/',
-      clientId: 'client-id',
-      responseType: 'code',
-      scope: ['openid', 'email', 'profile', 'address'],
-      scopeDelimiter: ' ',
-      authorizationEndpoint: 'https://example.com/as/authorization.oauth2',
-      requiredUrlParams: ['scope']
-    });
+    AuthenticationService.get_providers().then(function (active_providers) {
+      var provider_names = [];
+      for (var key in active_providers) {
+        if (active_providers.hasOwnProperty(key)) {
+          provider_names.push(key);
+        }
+      }
+
+      for (var i=0; i < provider_names.length; i++) {
+        $authProvider[provider_names[i]](active_providers[provider_names[i]]);
+      }
+    }
   });
 
 lemur.service('MomentService', function () {
diff --git a/lemur/static/app/angular/authentication/login/login.js b/lemur/static/app/angular/authentication/login/login.js
index cfcd715c..8a4fc6ee 100644
--- a/lemur/static/app/angular/authentication/login/login.js
+++ b/lemur/static/app/angular/authentication/login/login.js
@@ -12,6 +12,7 @@ angular.module('lemur')
     $scope.login = AuthenticationService.login;
     $scope.authenticate = AuthenticationService.authenticate;
     $scope.logout = AuthenticationService.logout;
+    $scope.get_providers = AuthenticationService.get_providers;
 
     UserService.getCurrentUser().then(function (user) {
       $scope.currentUser = user;
diff --git a/lemur/static/app/angular/authentication/login/login.tpl.html b/lemur/static/app/angular/authentication/login/login.tpl.html
index fe69d4be..7b9a63e9 100644
--- a/lemur/static/app/angular/authentication/login/login.tpl.html
+++ b/lemur/static/app/angular/authentication/login/login.tpl.html
@@ -3,8 +3,8 @@
   <div class="login">
     <div class="row">
       <div class="col-xs-12 col-sm-12 col-md-12">
-        <button class="btn btn-block btn-default" ng-click="authenticate('Example')">
-          Login with Example
+        <button class="btn btn-block btn-default" ng-repeat="(key, value) in get_providers()" ng-click="authenticate(key)">
+          Login with {{key}}
         </button>
       </div>
     </div>
diff --git a/lemur/static/app/angular/authentication/services.js b/lemur/static/app/angular/authentication/services.js
index dddffeb4..7719b444 100644
--- a/lemur/static/app/angular/authentication/services.js
+++ b/lemur/static/app/angular/authentication/services.js
@@ -6,6 +6,10 @@ angular.module('lemur')
   .service('AuthenticationService', function ($location, $rootScope, AuthenticationApi, UserService, toaster, $auth) {
     var AuthenticationService = this;
 
+    AuthenticationService.get_providers = function () {
+        return AuthenticationApi.one('providers').get();
+    };
+
     AuthenticationService.login = function (username, password) {
       AuthenticationApi.customPOST({'username': username, 'password': password}, 'login')
         .then(