Add an endpoint to return active authentication providers

This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.

docs/administration/index.rst

@@ -262,11 +262,18 @@ for those plugins.
 
 Authentication
 --------------
-Lemur currently supports Basic Authentication and Ping OAuth2 out of the box. Additional flows can be added relatively easily.
+Lemur currently supports Basic Authentication, Ping OAuth2, and Google out of the box. Additional flows can be added relatively easily.
-If you are not using Ping you do not need to configure any of these options.
+If you are not using an authentication provider you do not need to configure any of these options.
 
 For more information about how to use social logins, see: `Satellizer <https://github.com/sahat/satellizer>`_
 
+.. data:: ACTIVE_PROVIDERS
+    :noindex:
+
+    ::
+
+        ACTIVE_PROVIDERS = ["ping", "google"]
+
 .. data:: PING_SECRET
     :noindex:
 
@@ -296,6 +303,33 @@ For more information about how to use social logins, see: `Satellizer <https://g
 
         PING_JWKS_URL = "https://<yourpingserver>/pf/JWKS"
 
+.. data:: PING_NAME
+    :noindex:
+
+    ::
+
+        PING_NAME = "Example Oauth2 Provider"
+
+.. data:: PING_CLIENT_ID
+    :noindex:
+
+    ::
+
+        PING_CLIENT_ID = "client-id"
+
+.. data:: GOOGLE_CLIENT_ID
+    :noindex:
+
+    ::
+
+        GOOGLE_CLIENT_ID = "client-id"
+
+.. data:: GOOGLE_SECRET
+    :noindex:
+
+    ::
+
+        GOOGLE_SECRET = "somethingsecret"
 
 
 AWS Plugin Configuration

lemur/auth/views.py

@@ -270,6 +270,40 @@ class Google(Resource):
             return dict(token=create_token(user))
 
 
+class Providers(Resource):
+
+    def get(self):
+
+        active_providers = dict()
+
+        for provider in current_app.config.get("ACTIVE_PROVIDERS"):
+            provider = provider.lower()
+
+            if provider == "google":
+
+                active_providers["google"] = {
+                    'clientId': current_app.config.get("GOOGLE_CLIENT_ID"),
+                    'url': api.url_for(Google)
+                }
+
+            elif provider == "ping":
+
+                active_providers["oauth2"] = {
+                    'name': current_app.config.get("PING_NAME"),
+                    'url': api.url_for(Ping),
+                    'redirectUri': '',  # TODO
+                    'clientId': current_app.config.get("PING_CLIENT_ID"),
+                    'responseType': 'code',
+                    'scope': ['openid', 'email', 'profile', 'address'],
+                    'scopeDelimeter': ' ',
+                    'authorizationEndpoint': '',  # TODO
+                    'requiredUrlParams': ['scope']
+                }
+
+        return active_providers
+
+
 api.add_resource(Login, '/auth/login', endpoint='login')
 api.add_resource(Ping, '/auth/ping', endpoint='ping')
 api.add_resource(Google, '/auth/google', endpoint='google')
+api.add_resource(Providers, '/auth/providers', endpoint='providers')

lemur/static/app/angular/app.js

@@ -18,7 +18,7 @@ var lemur = angular
     'angular-clipboard',
     'ngFileSaver'
   ])
-  .config(function ($stateProvider, $urlRouterProvider, $authProvider) {
+  .config(function ($stateProvider, $urlRouterProvider, $authProvider, AuthenticationService) {
     $urlRouterProvider.otherwise('/welcome');
 
     $stateProvider
@@ -27,17 +27,18 @@ var lemur = angular
         templateUrl: 'angular/welcome/welcome.html'
       });
 
-    $authProvider.oauth2({
+    AuthenticationService.get_providers().then(function (active_providers) {
-      name: 'example',
+      var provider_names = [];
-      url: 'http://localhost:8000/api/1/auth/ping',
+      for (var key in active_providers) {
-      redirectUri: 'http://localhost:3000/',
+        if (active_providers.hasOwnProperty(key)) {
-      clientId: 'client-id',
+          provider_names.push(key);
-      responseType: 'code',
+        }
-      scope: ['openid', 'email', 'profile', 'address'],
+      }
-      scopeDelimiter: ' ',
+
-      authorizationEndpoint: 'https://example.com/as/authorization.oauth2',
+      for (var i=0; i < provider_names.length; i++) {
-      requiredUrlParams: ['scope']
+        $authProvider[provider_names[i]](active_providers[provider_names[i]]);
-    });
+      }
+    }
   });
 
 lemur.service('MomentService', function () {

lemur/static/app/angular/authentication/login/login.js

@@ -12,6 +12,7 @@ angular.module('lemur')
     $scope.login = AuthenticationService.login;
     $scope.authenticate = AuthenticationService.authenticate;
     $scope.logout = AuthenticationService.logout;
+    $scope.get_providers = AuthenticationService.get_providers;
 
     UserService.getCurrentUser().then(function (user) {
       $scope.currentUser = user;

lemur/static/app/angular/authentication/login/login.tpl.html

@@ -3,8 +3,8 @@
   <div class="login">
     <div class="row">
       <div class="col-xs-12 col-sm-12 col-md-12">
-        <button class="btn btn-block btn-default" ng-click="authenticate('Example')">
+        <button class="btn btn-block btn-default" ng-repeat="(key, value) in get_providers()" ng-click="authenticate(key)">
-          Login with Example
+          Login with {{key}}
         </button>
       </div>
     </div>

lemur/static/app/angular/authentication/services.js

@@ -6,6 +6,10 @@ angular.module('lemur')
   .service('AuthenticationService', function ($location, $rootScope, AuthenticationApi, UserService, toaster, $auth) {
     var AuthenticationService = this;
 
+    AuthenticationService.get_providers = function () {
+        return AuthenticationApi.one('providers').get();
+    };
+
     AuthenticationService.login = function (username, password) {
       AuthenticationApi.customPOST({'username': username, 'password': password}, 'login')
         .then(