better separation between api and frontend login

2019-04-02 10:47:53 +02:00
parent ed57dc2720
commit 024f063bea
7 changed files with 80 additions and 14 deletions
--- a/api/auth_api.py
+++ b/api/auth_api.py
@@ -2,7 +2,10 @@
 """
 This module provides functions related to authentication through the API.
 For example: listing of available auth providers or registration of users.
+
+Login through API does not start a new session, but instead returns JWT.
 """
+import flask
 from datetime import datetime, timedelta
 import jwt
 from flask import request, jsonify, current_app, url_for
@@ -12,9 +15,9 @@ from random import randint
 from flask_login import logout_user, login_user
 from werkzeug.routing import BuildError

-from backend import db
+from backend import db, app
 from backend.api import auth_api_bp
-from backend.auth import AUTH_PROVIDERS
+from backend.auth import AUTH_PROVIDERS, oidc_auth
 from backend.models.user_model import User


@@ -62,11 +65,39 @@ def login():
        return jsonify({'message': 'Invalid credentials', 'authenticated': False}), 401

    token = create_jwt(user)
-    #login_user(user)
    return jsonify({'token': token.decode('UTF-8')})


-@auth_api_bp.route('/logout', methods=('GET', ))
-def logout():
-    return jsonify({'message': 'Not yet implemented!', 'authenticated': False}), 401
-    #logout_user()
+
+def create_or_retrieve_user_from_userinfo(userinfo):
+    try:
+        email = userinfo["email"]
+    except KeyError:
+        return None
+    user = User.get_by_identifier(email)
+
+    if user is not None:
+        app.logger.info("user found")
+        return user
+
+    user = User(email=email, first_name=userinfo.get("given_name", ""),
+                last_name=userinfo.get("family_name", ""))
+
+    app.logger.info("creating new user")
+
+    db.session.add(user)
+    db.session.commit()
+    return user
+
+
+@auth_api_bp.route('/oidc', methods=['GET'])
+@oidc_auth.oidc_auth()
+def oidc():
+    user = create_or_retrieve_user_from_userinfo(flask.session['userinfo'])
+    if user is None:
+        return "Could not authenticate: could not find or create user.", 401
+    if current_app.config.get("AUTH_RETURN_EXTERNAL_JWT", False):
+        token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY'])
+    else:
+        token = create_jwt(user)
+    return token