deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

migrated to authlib

Browse source
This commit is contained in:
Chris Pritchard 2018-10-22 02:33:46 +01:00
parent 396ce14b9f
commit 8a20d3f2d8
No known key found for this signature in database
GPG key ID: DDD5A2C4D11BC94B
6 changed files with 48 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/__init__.py
View file

@ -3,7 +3,6 @@ from flask import Flask, request, session, redirect, url_for
from flask_login import LoginManager
from flask_sqlalchemy import SQLAlchemy as SA
from flask_migrate import Migrate
from flask_oauthlib.client import OAuth
from authlib.flask.client import OAuth as AuthlibOAuth
from sqlalchemy.exc import OperationalError
@ -30,7 +29,6 @@ login_manager = LoginManager()
login_manager.init_app(app)
db = SQLAlchemy(app) # database
migrate = Migrate(app, db) # flask-migrate
oauth_client = OAuth(app) # oauth
authlib_oauth_client = AuthlibOAuth(app) # authlib oauth
if app.config.get('SAML_ENABLED') and app.config.get('SAML_ENCRYPT'):

8
app/models.py
View file

@ -1836,10 +1836,10 @@ class Setting(db.Model):
'google_oauth_enabled': False,
'google_oauth_client_id':'',
'google_oauth_client_secret':'',
'google_token_url': 'https://accounts.google.com/o/oauth2/token',
'google_token_params': {'scope': 'email profile'},
'google_authorize_url':'https://accounts.google.com/o/oauth2/auth',
'google_base_url':'https://www.googleapis.com/oauth2/v1/',
'google_token_url': 'https://oauth2.googleapis.com/token',
'google_oauth_scope': 'openid email profile',
'google_authorize_url':'https://accounts.google.com/o/oauth2/v2/auth',
'google_base_url':'https://www.googleapis.com/oauth2/v3/',
'oidc_oauth_enabled': False,
'oidc_oauth_key': '',
'oidc_oauth_secret': '',

55
app/oauth.py
View file

@ -1,44 +1,44 @@
from ast import literal_eval
from flask import request, session, redirect, url_for
from app import app, oauth_client, authlib_oauth_client
from app import app, authlib_oauth_client
from app.models import Setting
# TODO:
# - Replace Flask-OAuthlib by authlib
# - Fix github/google enabling (Currently need to reload the flask app)
def github_oauth():
if not Setting().get('github_oauth_enabled'):
return None
github = oauth_client.remote_app(
def fetch_github_token():
return session.get('github_token')
github = authlib_oauth_client.register(
'github',
consumer_key = Setting().get('github_oauth_key'),
consumer_secret = Setting().get('github_oauth_secret'),
client_id = Setting().get('github_oauth_key'),
client_secret = Setting().get('github_oauth_secret'),
request_token_params = {'scope': Setting().get('github_oauth_scope')},
base_url = Setting().get('github_oauth_api_url'),
api_base_url = Setting().get('github_oauth_api_url'),
request_token_url = None,
access_token_method = 'POST',
access_token_url = Setting().get('github_oauth_token_url'),
authorize_url = Setting().get('github_oauth_authorize_url')
authorize_url = Setting().get('github_oauth_authorize_url'),
client_kwargs={'scope': Setting().get('github_oauth_scope')},
fetch_token=fetch_github_token,
)
@app.route('/github/authorized')
def github_authorized():
session['github_oauthredir'] = url_for('.github_authorized', _external=True)
resp = github.authorized_response()
if resp is None:
token = github.authorize_access_token()
if token is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error'],
request.args['error_description']
)
session['github_token'] = (resp['access_token'], '')
session['github_token'] = (token)
return redirect(url_for('.login'))
@github.tokengetter
def get_github_oauth_token():
return session.get('github_token')
return github
@ -47,33 +47,34 @@ def google_oauth():
if not Setting().get('google_oauth_enabled'):
return None
google = oauth_client.remote_app(
def fetch_google_token():
return session.get('google_token')
print("afkafna")
google = authlib_oauth_client.register(
'google',
consumer_key=Setting().get('google_oauth_client_id'),
consumer_secret=Setting().get('google_oauth_client_secret'),
request_token_params=literal_eval(Setting().get('google_token_params')),
base_url=Setting().get('google_base_url'),
client_id=Setting().get('google_oauth_client_id'),
client_secret=Setting().get('google_oauth_client_secret'),
api_base_url=Setting().get('google_base_url'),
request_token_url=None,
access_token_method='POST',
access_token_url=Setting().get('google_token_url'),
authorize_url=Setting().get('google_authorize_url'),
client_kwargs={'scope': Setting().get('google_oauth_scope')},
fetch_token=fetch_google_token,
)
@app.route('/google/authorized')
def google_authorized():
resp = google.authorized_response()
if resp is None:
session['google_oauthredir'] = url_for('.google_authorized', _external=True)
token = google.authorize_access_token()
if token is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error_reason'],
request.args['error_description']
)
session['google_token'] = (resp['access_token'], '')
session['google_token'] = (token)
return redirect(url_for('.login'))
@google.tokengetter
def get_google_oauth_token():
return session.get('google_token')
return google
def oidc_oauth():

10
app/templates/admin_setting_authentication.html
View file

@ -245,8 +245,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="google_token_params">Token params</label>
<input type="text" class="form-control" name="google_token_params" id="google_token_params" placeholder="e.g. {'scope': 'email profile'}" data-error="Please input token params" value="{{ SETTING.get('google_token_params') }}">
<label for="google_oauth_scope">Scope</label>
<input type="text" class="form-control" name="google_oauth_scope" id="google_oauth_scope" placeholder="e.g. email profile" data-error="Please input scope" value="{{ SETTING.get('google_oauth_scope') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
@ -496,14 +496,14 @@
$('#google_oauth_client_id').prop('required', true);
$('#google_oauth_client_secret').prop('required', true);
$('#google_token_url').prop('required', true);
$('#google_token_params').prop('required', true);
$('#google_oauth_scope').prop('required', true);
$('#google_authorize_url').prop('required', true);
$('#google_base_url').prop('required', true);
} else {
$('#google_oauth_client_id').prop('required', false);
$('#google_oauth_client_secret').prop('required', false);
$('#google_token_url').prop('required', false);
$('#google_token_params').prop('required', false);
$('#google_oauth_scope').prop('required', false);
$('#google_authorize_url').prop('required', false);
$('#google_base_url').prop('required', false);
}
@ -514,7 +514,7 @@
$('#google_oauth_client_id').prop('required', true);
$('#google_oauth_client_secret').prop('required', true);
$('#google_token_url').prop('required', true);
$('#google_token_params').prop('required', true);
$('#google_oauth_scope').prop('required', true);
$('#google_authorize_url').prop('required', true);
$('#google_base_url').prop('required', true);
{% endif %}

17
app/views.py
View file

@ -163,7 +163,8 @@ def google_login():
logging.error('Google OAuth is disabled or you have not yet reloaded the pda application after enabling.')
return abort(400)
else:
return google.authorize(callback=url_for('google_authorized', _external=True))
redirect_uri = url_for('google_authorized', _external=True)
return google.authorize_redirect(redirect_uri)
@app.route('/github/login')
@ -172,7 +173,8 @@ def github_login():
logging.error('Github OAuth is disabled or you have not yet reloaded the pda application after enabling.')
return abort(400)
else:
return github.authorize(callback=url_for('github_authorized', _external=True))
redirect_uri = url_for('github_authorized', _external=True)
return github.authorize_redirect(redirect_uri)
@app.route('/oidc/login')
def oidc_login():
@ -306,11 +308,13 @@ def login():
return redirect(url_for('dashboard'))
if 'google_token' in session:
user_data = google.get('userinfo').data
user_data = json.loads(google.get('userinfo').text)
first_name = user_data['given_name']
surname = user_data['family_name']
email = user_data['email']
user = User.query.filter_by(username=email).first()
if user == None:
user = User.query.filter_by(email=email).first()
if not user:
user = User(username=email,
firstname=first_name,
@ -329,13 +333,14 @@ def login():
return redirect(url_for('index'))
if 'github_token' in session:
me = github.get('user').data
me = json.loads(github.get('user').text)
github_username = me['login']
github_name = me['name']
github_email = me['email']
user = User.query.filter_by(username=github_username).first()
if user == None:
user = User.query.filter_by(email=github_email).first()
if not user:
user = User(username=github_username,
plain_text_password=None,
@ -1532,7 +1537,7 @@ def admin_setting_authentication():
Setting().set('google_oauth_client_id', request.form.get('google_oauth_client_id'))
Setting().set('google_oauth_client_secret', request.form.get('google_oauth_client_secret'))
Setting().set('google_token_url', request.form.get('google_token_url'))
Setting().set('google_token_params', request.form.get('google_token_params'))
Setting().set('google_oauth_scope', request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url', request.form.get('google_authorize_url'))
Setting().set('google_base_url', request.form.get('google_base_url'))
result = {'status': True, 'msg': 'Saved successfully. Please reload PDA to take effect.'}

1
requirements.txt
View file

@ -1,7 +1,6 @@
Flask==1.0.2
Flask-Assets==0.12
Flask-Login==0.4.1
Flask-OAuthlib==0.9.4
Flask-SQLAlchemy==2.3.2
Flask-Migrate==2.2.1
SQLAlchemy==1.2.5