added user and group API and models

2019-04-04 16:05:36 +02:00
parent cfa12717e0
commit 8b7b2f489c
12 changed files with 337 additions and 79 deletions
--- a/auth/oidc.py
+++ b/auth/oidc.py
@@ -4,7 +4,7 @@ OIDC login auth module
 """

 import flask
-from flask import jsonify
+from flask import jsonify, redirect, url_for
 from flask_login import login_user
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_pyoidc.user_session import UserSession
@@ -15,17 +15,28 @@ from . import auth_bp
 from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS


+OIDCAuthentication.oidc_auth_orig = OIDCAuthentication.oidc_auth
+OIDCAuthentication.oidc_logout_orig = OIDCAuthentication.oidc_logout
+
+
 def oidc_auth_default_provider(self):
+    """monkey patch oidc_auth"""
    return self.oidc_auth_orig(PROVIDER_NAME)


-OIDCAuthentication.oidc_auth_orig = OIDCAuthentication.oidc_auth
+def oidc_logout_default_provider(self):
+    """monkey patch oidc_logout"""
+    return self.oidc_logout_orig(PROVIDER_NAME)
+
+
 OIDCAuthentication.oidc_auth = oidc_auth_default_provider
+OIDCAuthentication.oidc_logout = oidc_logout_default_provider

 oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)


 def create_or_retrieve_user_from_userinfo(userinfo):
+    """Updates and returns ar creates a user from userinfo (part of OIDC token)."""
    try:
        email = userinfo["email"]
    except KeyError:
@@ -34,6 +45,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):

    if user is not None:
        app.logger.info("user found")
+        #TODO: update user!
        return user

    user = User(email=email, first_name=userinfo.get("given_name", ""),
@@ -57,3 +69,9 @@ def oidc():
    return jsonify(id_token=user_session.id_token,
                   access_token=flask.session['access_token'],
                   userinfo=user_session.userinfo)
+
+
+@auth_bp.route('/oidc_logout', methods=['GET'])
+def oidc_logout():
+    oidc_auth.oidc_logout()
+    return redirect('/')
--- a/auth/utils.py
+++ b/auth/utils.py
@@ -0,0 +1,42 @@
+import flask_jwt_extended
+from flask_jwt_extended import jwt_optional, get_jwt_identity
+from functools import wraps
+
+from backend import jwt_auth
+from backend.models.user_model import User
+
+
+def requires_permission_level(permission_level):
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            if flask_jwt_extended.verify_jwt_in_request():
+                current_user_id = get_jwt_identity()
+                user = User.get_by_identifier(current_user_id)
+                if user is not None:
+                    if user.has_permission(permission_level):
+                    #for g in user.groups:
+                    #    if g.permissions
+                        #TODO
+                        pass
+                    else:
+                        pass
+                        # return FALSE
+            #if not session.get('email'):
+            #    return redirect(url_for('users.login'))
+
+            #user = User.find_by_email(session['email'])
+            #elif not user.allowed(access_level):
+            #    return redirect(url_for('users.profile', message="You do not have access to that page. Sorry!"))
+            return f(*args, **kwargs)
+        return decorated_function
+    return decorator
+
+
+def require_jwt():
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            return jwt_auth.login_required(jwt_optional(f(*args, **kwargs)))
+        return decorated_function
+    return decorator