deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

github oauth login

Browse source
This commit is contained in:
CMGS 2016-08-05 16:20:41 +08:00 committed by timfeirg
parent 68dc4f4148
commit 186aedcfc7
4 changed files with 126 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
app/__init__.py
View file

@ -1,7 +1,7 @@
from werkzeug.contrib.fixers import ProxyFix
from flask import Flask
from flask.ext.login import LoginManager
from flask.ext.sqlalchemy import SQLAlchemy
from flask import Flask, request, session, redirect, url_for
from flask_login import LoginManager
from flask_sqlalchemy import SQLAlchemy
app = Flask(__name__)
app.config.from_object('config')
@ -11,4 +11,42 @@ login_manager = LoginManager()
login_manager.init_app(app)
db = SQLAlchemy(app)
def enable_github_oauth(GITHUB_ENABLE):
if not GITHUB_ENABLE:
return None, None
from flask_oauthlib.client import OAuth
oauth = OAuth(app)
github = oauth.remote_app(
'github',
consumer_key=app.config['GITHUB_OAUTH_KEY'],
consumer_secret=app.config['GITHUB_OAUTH_SECRET'],
request_token_params={'scope': app.config['GITHUB_OAUTH_SCOPE']},
base_url=app.config['GITHUB_OAUTH_URL'],
request_token_url=None,
access_token_method='POST',
access_token_url=app.config['GITHUB_OAUTH_TOKEN'],
authorize_url=app.config['GITHUB_OAUTH_AUTHORIZE']
)
@app.route('/user/authorized')
def authorized():
session['github_oauthredir'] = url_for('.authorized', _external=True)
resp = github.authorized_response()
if resp is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error'],
request.args['error_description']
)
session['github_token'] = (resp['access_token'], '')
return redirect(url_for('.login'))
@github.tokengetter
def get_github_oauth_token():
return session.get('github_token')
return oauth, github
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
from app import views, models

15
app/templates/login.html
View file

@ -58,7 +58,6 @@
<div class="form-group">
<input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken">
</div>
{% if ldap_enabled and basic_enabled %}
<div class="form-group">
<select class="form-control" name="auth_method">
@ -69,21 +68,21 @@
<option value="LDAP">LDAP Authentication</option>
{% endif %}
</select>
</div>
</div>
{% elif ldap_enabled and not basic_enabled %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LDAP">
<input type="hidden" name="auth_method" value="LDAP">
</div>
{% elif basic_enabled and not ldap_enabled %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LOCAL">
<input type="hidden" name="auth_method" value="LOCAL">
</div>
{% else %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LOCAL">
<input type="hidden" name="auth_method" value="LOCAL">
</div>
{% endif %}
<div class="row">
<div class="col-xs-8">
<div class="checkbox icheck">
@ -99,6 +98,10 @@
<!-- /.col -->
</div>
</form>
{% if github_enabled %}
<a href="{{ url_for('github_login') }}">Github oauth login</a>
{% endif %}
<br>
{% if signup_enabled %}
<a href="{{ url_for('register') }}" class="text-center">Create an account </a>
{% endif %}

100
app/views.py
View file

@ -4,14 +4,16 @@ import jinja2
import traceback
import pyqrcode
import base64
import random
import string
from functools import wraps
from flask_login import login_user, logout_user, current_user, login_required
from flask import Flask, g, request, make_response, jsonify, render_template, session, redirect, url_for, send_from_directory
from flask import Flask, g, request, make_response, jsonify, render_template, session, redirect, url_for, send_from_directory, abort
from werkzeug import secure_filename
from lib import utils
from app import app, login_manager
from app import app, login_manager, github
from .models import User, Role, Domain, DomainUser, Record, Server, History, Anonymous, Setting, DomainSetting
from io import BytesIO
@ -32,6 +34,9 @@ if StrictVersion(PDNS_VERSION) >= StrictVersion('4.0.0'):
else:
NEW_SCHEMA = False
def random_password(n):
return ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(n))
@app.context_processor
def inject_fullscreen_layout_setting():
fullscreen_layout_setting = Setting.query.filter(Setting.name == 'fullscreen_layout').first()
@ -153,6 +158,12 @@ def register():
else:
return render_template('errors/404.html'), 404
@app.route('/github/login')
def github_login():
if not app.config.get('GITHUB_OAUTH_ENABLE'):
return abort(400)
return github.authorize(callback=url_for('authorized', _external=True))
@app.route('/login', methods=['GET', 'POST'])
@login_manager.unauthorized_handler
def login():
@ -161,13 +172,32 @@ def login():
LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else ''
BASIC_ENABLED = app.config['BASIC_ENABLED']
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
if g.user is not None and current_user.is_authenticated:
return redirect(url_for('dashboard'))
if 'github_token' in session:
me = github.get('user')
user_info = me.data
user = User.query.filter_by(username=user_info['name']).first()
if not user:
# create user
user = User(username=user_info['name'],
plain_text_password=random_password(7),
email=user_info['email'])
user.create_local_user()
session['user_id'] = user.id
login_user(user, remember = False)
return redirect(url_for('index'))
if request.method == 'GET':
return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
return render_template('login.html',
github_enabled=GITHUB_ENABLE,
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
# process login
username = request.form['username']
password = request.form['password']
@ -179,7 +209,7 @@ def login():
lastname = request.form['lastname'] if 'lastname' in request.form else None
email = request.form['email'] if 'email' in request.form else None
rpassword = request.form['rpassword'] if 'rpassword' in request.form else None
if None in [firstname, lastname, email]:
#login case
remember_me = False
@ -210,13 +240,13 @@ def login():
else:
# registration case
user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email)
# TODO: Move this into the JavaScript
# validate password and password confirmation
if password != rpassword:
error = "Passsword and confirmation do not match"
return render_template('register.html', error=error)
try:
result = user.create_local_user()
if result == True:
@ -229,8 +259,10 @@ def login():
@app.route('/logout')
def logout():
session.pop('user_id')
session.pop('github_token')
logout_user()
return redirect(url_for('login'))
return redirect(url_for('login'))
@app.route('/dashboard', methods=['GET', 'POST'])
@ -328,7 +360,7 @@ def domain_add():
def domain_delete(domain_name):
d = Domain()
result = d.delete(domain_name)
if result['status'] == 'error':
return redirect(url_for('error', code=500))
@ -362,7 +394,7 @@ def domain_management(domain_name):
d = Domain(name=domain_name)
domain_user_ids = d.get_user()
# grant/revoke user privielges
# grant/revoke user privielges
d.grant_privielges(new_user_list)
history = History(msg='Change domain %s access control' % domain_name, detail=str({'user_has_access': new_user_list}), created_by=current_user.username)
@ -442,7 +474,7 @@ def record_delete(domain_name, record_name, record_type):
print result['msg']
except:
print traceback.format_exc()
return redirect(url_for('error', code=500)), 500
return redirect(url_for('error', code=500)), 500
return redirect(url_for('domain', domain_name=domain_name))
@ -471,7 +503,7 @@ def admin_setdomainsetting(domain_name):
new_value = str(data['value'])
domain = Domain.query.filter(Domain.name == domain_name).first()
setting = DomainSetting.query.filter(DomainSetting.domain == domain).filter(DomainSetting.setting == new_setting).first()
if setting:
if setting.set(new_value):
history = History(msg='Setting %s changed value to %s for %s' % (new_setting, new_value, domain.name), created_by=current_user.username)
@ -485,7 +517,7 @@ def admin_setdomainsetting(domain_name):
history.add()
return make_response(jsonify( { 'status': 'ok', 'msg': 'New setting created and updated.' } ))
else:
return make_response(jsonify( { 'status': 'error', 'msg': 'Unable to create new setting.' } ))
return make_response(jsonify( { 'status': 'error', 'msg': 'Unable to create new setting.' } ))
else:
return make_response(jsonify( { 'status': 'error', 'msg': 'Action not supported.' } ), 400)
except:
@ -499,12 +531,12 @@ def admin_setdomainsetting(domain_name):
def admin():
domains = Domain.query.all()
users = User.query.all()
server = Server(server_id='localhost')
configs = server.get_config()
statistics = server.get_statistic()
history_number = History.query.count()
if statistics:
uptime = filter(lambda uptime: uptime['name'] == 'uptime', statistics)[0]['value']
else:
@ -518,20 +550,20 @@ def admin():
def admin_createuser():
if request.method == 'GET':
return render_template('admin_createuser.html')
if request.method == 'POST':
fdata = request.form
user = User(username=fdata['username'], plain_text_password=fdata['password'], firstname=fdata['firstname'], lastname=fdata['lastname'], email=fdata['email'])
if fdata['password'] == "":
return render_template('admin_createuser.html', user=user, blank_password=True)
result = user.create_local_user();
if result == 'Email already existed':
return render_template('admin_createuser.html', user=user, duplicate_email=True)
if result == 'Username already existed':
return render_template('admin_createuser.html', user=user, duplicate_username=True)
@ -564,7 +596,7 @@ def admin_manageuser():
return make_response(jsonify( { 'status': 'ok', 'msg': 'User has been removed.' } ), 200)
else:
return make_response(jsonify( { 'status': 'error', 'msg': 'Cannot remove user.' } ), 500)
elif jdata['action'] == 'revoke_user_privielges':
user = User(username=data)
result = user.revoke_privilege()
@ -573,8 +605,8 @@ def admin_manageuser():
history.add()
return make_response(jsonify( { 'status': 'ok', 'msg': 'Revoked user privielges.' } ), 200)
else:
return make_response(jsonify( { 'status': 'error', 'msg': 'Cannot revoke user privilege.' } ), 500)
return make_response(jsonify( { 'status': 'error', 'msg': 'Cannot revoke user privilege.' } ), 500)
elif jdata['action'] == 'set_admin':
username = data['username']
is_admin = data['is_admin']
@ -608,7 +640,7 @@ def admin_history():
else:
return make_response(jsonify( { 'status': 'error', 'msg': 'Can not remove histories.' } ), 500)
if request.method == 'GET':
if request.method == 'GET':
histories = History.query.all()
return render_template('admin_history.html', histories=histories)
@ -616,10 +648,10 @@ def admin_history():
@login_required
@admin_role_required
def admin_settings():
if request.method == 'GET':
if request.method == 'GET':
settings = Setting.query.filter(Setting.name != 'maintenance')
return render_template('admin_settings.html', settings=settings)
@app.route('/admin/setting/<string:setting>/toggle', methods=['POST'])
@login_required
@admin_role_required
@ -673,8 +705,8 @@ def user_profile():
filename = secure_filename(file.filename)
file_extension = filename.rsplit('.', 1)[1]
if file_extension.lower() in ['jpg', 'jpeg', 'png']:
save_file_name = current_user.username + '.' + file_extension
if file_extension.lower() in ['jpg', 'jpeg', 'png']:
save_file_name = current_user.username + '.' + file_extension
file.save(os.path.join(app.config['UPLOAD_DIR'], 'avatar', save_file_name))
@ -731,7 +763,7 @@ def dyndns_update():
domains = User(id=current_user.id).get_domain()
except:
return render_template('dyndns.html', response='911'), 200
domain = None
domain_segments = hostname.split('.')
for index in range(len(domain_segments)):
@ -741,12 +773,12 @@ def dyndns_update():
if potential_domain in domains:
domain = potential_domain
break
if not domain:
history = History(msg="DynDNS update: attempted update of %s but it does not exist for this user" % hostname, created_by=current_user.username)
history.add()
return render_template('dyndns.html', response='nohost'), 200
r = Record()
r.name = hostname
# check if the user requested record exists within this domain
@ -774,7 +806,7 @@ def dyndns_update():
history = History(msg='DynDNS update: created record %s in zone %s, it now represents %s' % (hostname,domain.name,myip), detail=str(result), created_by=current_user.username)
history.add()
return render_template('dyndns.html', response='good'), 200
history = History(msg="DynDNS update: attempted update of %s but it does not exist for this user" % hostname, created_by=current_user.username)
history.add()
return render_template('dyndns.html', response='nohost'), 200
@ -783,6 +815,6 @@ def dyndns_update():
@app.route('/', methods=['GET', 'POST'])
@login_required
def index():
return redirect(url_for('dashboard'))
return redirect(url_for('dashboard'))
# END VIEWS

11
config_template.py
View file

@ -11,7 +11,7 @@ LOGIN_TITLE = "PDNS"
# TIMEOUT - for large zones
TIMEOUT = 10
# LOG CONFIG
# LOG CONFIG
LOG_LEVEL = 'DEBUG'
LOG_FILE = 'logfile.log'
@ -33,6 +33,15 @@ LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
LDAP_USERNAMEFIELD = 'uid'
LDAP_FILTER = '(objectClass=inetorgperson)'
# Github Oauth
GITHUB_OAUTH_ENABLE = False
GITHUB_OAUTH_KEY = 'G0j1Q15aRsn36B3aD6nwKLiYbeirrUPU8nDd1wOC'
GITHUB_OAUTH_SECRET = '0WYrKWePeBDkxlezzhFbDn1PBnCwEa0vCwVFvy6iLtgePlpT7WfUlAa9sZgm'
GITHUB_OAUTH_SCOPE = 'email'
GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
#Default Auth
BASIC_ENABLED = True
SIGNUP_ENABLED = True