moved everything to a new module called backend

2019-10-23 15:00:33 +02:00
parent 310d5f4820
commit 6b4f7c8118
52 changed files with 2 additions and 380 deletions
--- a/backend/auth/init.py
+++ b/backend/auth/init.py
@@ -0,0 +1,78 @@
+#  Copyright (c) 2019. Tobias Kurze
+"""
+Base module for auth aspects.
+
+Also this module contains mainly code for login through HTML pages served by the backend.
+If frontend pages are build by frontend code (JS, etc.) authentication should consider using api functions.
+(For more info, see api.auth_api.py.)
+
+This code uses login_user and logout user (to start and end sessions) ... API code returns JWTs.
+"""
+from flask import Blueprint, jsonify, url_for
+from flask_login import logout_user, LoginManager
+from werkzeug.routing import BuildError
+
+from backend import jwt_extended
+from backend.models import BlacklistToken, User
+
+auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
+
+from backend.auth.config import AUTH_PROVIDERS, DEFAULT_FRONTEND_PROVIDER
+from backend.auth.oidc_config import OIDC_PROVIDERS
+
+from backend.auth.oidc import oidc_auth
+
+from .basic_auth import *
+
+
+def auth_decorator(): # custom decorator
+    pass
+
+
+@auth_bp.route('/login', methods=['GET', 'POST'])
+def login():
+    try:
+        prov = AUTH_PROVIDERS[DEFAULT_FRONTEND_PROVIDER]
+    except KeyError:
+        return "No known default provider specified!"
+    url = prov["url"]
+    try:
+        url = url_for(prov["url"], next=request.endpoint)
+    except BuildError as e:
+        pass
+        #logger.log("Can't create endpoint for '{}' (specified provider: {}).".format(e.endpoint, DEFAULT_PROVIDER))
+    return redirect(url)
+
+
+@auth_bp.route('/login_select', methods=['GET'])
+def login_select():
+    return render_template('login_select.html', providers=AUTH_PROVIDERS)
+
+
+@auth_bp.route('/logout', methods=('GET', ))
+def logout():
+    logout_user()
+
+
+@jwt_extended.user_claims_loader
+def add_claims_to_access_token(user):
+    if isinstance(user, str):
+        return {}
+    return {'role': user.role, 'groups': [g.to_dict() for g in user.groups]}
+
+
+@jwt_extended.user_identity_loader
+def user_identity_loader(user):
+    return user.email
+
+
+@jwt_extended.user_loader_callback_loader
+def user_loader_callback(identity):
+    print("### user_loader_callback_loader")
+    return User.get_by_identifier(identity)
+
+
+@jwt_extended.token_in_blacklist_loader
+def check_if_token_in_blacklist(decrypted_token):
+    jti = decrypted_token['jti']
+    return BlacklistToken.get_by_token(jti) is not None