Add MS Azure and OpenID Connect login (#179)

Author: satterly

alertaclient/api.py

@@ -301,12 +301,16 @@ def login(self, username, password):
         return self.http.post('/auth/login', data)
 
     def token(self, provider, data):
+        if provider == 'azure':
+            return self.http.post('/auth/azure', data)
         if provider == 'github':
             return self.http.post('/auth/github', data)
         if provider == 'gitlab':
             return self.http.post('/auth/gitlab', data)
         if provider == 'google':
             return self.http.post('/auth/google', data)
+        if provider == 'openid':
+            return self.http.post('/auth/openid', data)
 
     def userinfo(self):
         return self.http.get('/userinfo')

alertaclient/auth/azure.py

@@ -0,0 +1,34 @@
+
+import webbrowser
+from uuid import uuid4
+
+from alertaclient.auth.token import TokenHandler
+
+
+def login(client, azure_tenant, client_id):
+    xsrf_token = str(uuid4())
+    redirect_uri = 'http://localhost:9004'
+
+    url = (
+        'https://login.microsoftonline.com/{azure_tenant}/oauth2/authorize?'
+        'response_type=code'
+        '&client_id={client_id}'
+        '&redirect_uri={redirect_uri}'
+        '&state={state}'
+    ).format(
+        azure_tenant=azure_tenant,
+        client_id=client_id,
+        redirect_uri=redirect_uri,
+        state=xsrf_token
+    )
+
+    webbrowser.open(url, new=0, autoraise=True)
+    auth = TokenHandler()
+    access_token = auth.get_access_token(xsrf_token)
+
+    data = {
+        'code': access_token,
+        'clientId': client_id,
+        'redirectUri': redirect_uri
+    }
+    return client.token('azure', data)

alertaclient/auth/oidc.py

@@ -0,0 +1,35 @@
+
+import webbrowser
+from uuid import uuid4
+
+from alertaclient.auth.token import TokenHandler
+
+
+def login(client, oidc_auth_url, client_id):
+    xsrf_token = str(uuid4())
+    redirect_uri = 'http://127.0.0.1:9004'
+
+    url = (
+        '{oidc_auth_url}?'
+        'response_type=code'
+        '&client_id={client_id}'
+        '&redirect_uri={redirect_uri}'
+        '&scope=openid%20profile%20email'
+        '&state={state}'
+    ).format(
+        oidc_auth_url=oidc_auth_url,
+        client_id=client_id,
+        redirect_uri=redirect_uri,
+        state=xsrf_token
+    )
+
+    webbrowser.open(url, new=0, autoraise=True)
+    auth = TokenHandler()
+    access_token = auth.get_access_token(xsrf_token)
+
+    data = {
+        'code': access_token,
+        'clientId': client_id,
+        'redirectUri': redirect_uri
+    }
+    return client.token('openid', data)

alertaclient/commands/cmd_login.py

@@ -3,7 +3,7 @@
 
 import click
 
-from alertaclient.auth import github, gitlab, google
+from alertaclient.auth import azure, github, gitlab, google, oidc
 from alertaclient.auth.token import Jwt
 from alertaclient.auth.utils import save_token
 from alertaclient.exceptions import AuthError
@@ -13,21 +13,25 @@
 @click.argument('username', required=False)
 @click.pass_obj
 def cli(obj, username):
-    """Authenticate using Github, Gitlab, Google OAuth2 or Basic Auth
-    username/password instead of using an API key."""
+    """Authenticate using Azure, Github, Gitlab, Google OAuth2, OpenID or
+    Basic Auth username/password instead of using an API key."""
     client = obj['client']
     provider = obj['provider']
     client_id = obj['client_id']
 
     try:
-        if provider == 'github':
+        if provider == 'azure':
+            token = azure.login(client, obj['azure_tenant'], client_id)['token']
+        elif provider == 'github':
             token = github.login(client, obj['github_url'], client_id)['token']
         elif provider == 'gitlab':
             token = gitlab.login(client, obj['gitlab_url'], client_id)['token']
         elif provider == 'google':
             if not username:
                 username = click.prompt('Email')
             token = google.login(client, username, client_id)['token']
+        elif provider == 'openid':
+            token = oidc.login(client, obj['oidc_auth_url'], client_id)['token']
         elif provider == 'basic':
             if not username:
                 username = click.prompt('Email')

alertaclient/config.py

@@ -1,5 +1,5 @@
-import json
 import configparser
+import json
 import os
 
 import requests
@@ -59,8 +59,11 @@ def get_remote_config(self, endpoint=None):
             r.raise_for_status()
             remote_config = r.json()
         except requests.RequestException as e:
-            raise ClientException("Failed to get config from {}. Reason: {}".format(config_url, e))
-        except json.decoder.JSONDecodeError: 
-            raise ClientException("Failed to get config from {}: Reason: not a JSON object".format(config_url))
+            raise ClientException('Failed to get config from {}. Reason: {}'.format(config_url, e))
+        except json.decoder.JSONDecodeError:
+            raise ClientException('Failed to get config from {}: Reason: not a JSON object'.format(config_url))
+
+        if not self.options['client_id']:
+            del self.options['client_id']
 
         self.options = {**remote_config, **self.options}