tobias/lrc-backend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

oicd now working

Browse Source
This commit is contained in:
Tobias Kurze
2019-03-26 14:58:37 +01:00
parent bc50e23a22
commit cad27733f0
5 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
api/auth_api.py
View File

@@ -10,6 +10,7 @@ from functools import wraps
from random import randint from random import randint
from flask_login import logout_user, login_user from flask_login import logout_user, login_user
from werkzeug.routing import BuildError
from backend import db from backend import db
from backend.api import auth_api_bp from backend.api import auth_api_bp
@@ -27,10 +28,14 @@ def create_jwt(user: User, validity_min=30):
@auth_api_bp.route('/providers', methods=('GET',)) @auth_api_bp.route('/providers', methods=('GET',))
def get_auth_providers(): def get_auth_providers():
providers = list() providers = dict()
for p in AUTH_PROVIDERS: for p in AUTH_PROVIDERS:
provider = dict(p) provider = dict(AUTH_PROVIDERS[p])
provider["url"] = url_for(p["url"]) try:
provider["url"] = url_for(AUTH_PROVIDERS[p]["url"])
except BuildError:
provider["url"] = AUTH_PROVIDERS[p]["url"]
providers[p] = provider
return jsonify(providers) return jsonify(providers)
@@ -48,6 +53,8 @@ def login():
print("login") print("login")
print(request) print(request)
data = request.get_json() data = request.get_json()
if not data:
return jsonify({'message': 'Invalid request data', 'authenticated': False}), 401
print(data) print(data)
user = User.authenticate(**data) user = User.authenticate(**data)
@@ -61,5 +68,5 @@ def login():
@auth_api_bp.route('/logout', methods=('GET', )) @auth_api_bp.route('/logout', methods=('GET', ))
def logout(): def logout():
pass return jsonify({'message': 'Not yet implemented!', 'authenticated': False}), 401
#logout_user() #logout_user()

3
auth/__init__.py
View File

@@ -12,10 +12,9 @@ from werkzeug.routing import BuildError
auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates') auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER
from backend.auth.oidc import OIDCAuthentication
from backend.auth.oidc_config import OIDC_PROVIDERS from backend.auth.oidc_config import OIDC_PROVIDERS
oidc_auth = OIDCAuthentication(OIDC_PROVIDERS) from backend.auth.oidc import oidc_auth
from .basic_auth import * from .basic_auth import *

31
auth/oidc.py
View File

@@ -8,7 +8,9 @@ from flask import jsonify
from flask_pyoidc.flask_pyoidc import OIDCAuthentication from flask_pyoidc.flask_pyoidc import OIDCAuthentication
from flask_pyoidc.user_session import UserSession from flask_pyoidc.user_session import UserSession
from .import auth_bp from backend import app
from backend.models.user_model import User
from . import auth_bp
from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS
@@ -21,12 +23,29 @@ OIDCAuthentication.oidc_auth = oidc_auth_default_provider
oidc_auth = OIDCAuthentication(OIDC_PROVIDERS) oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
@auth_bp.route('/oidc', methods=['GET', 'POST'])
def create_or_retrieve_user_from_userinfo(userinfo):
try:
email = userinfo["email"]
except KeyError:
return None
user = User.get_by_identifier(email)
if user is not None:
app.logger("user found")
return user
user = User(email=email, first_name=userinfo.get("given_name", ""),
last_name=userinfo.get("family_name", ""))
@auth_bp.route('/oidc', methods=['GET'])
@oidc_auth.oidc_auth() @oidc_auth.oidc_auth()
def oidc(): def oidc():
pass
user_session = UserSession(flask.session) user_session = UserSession(flask.session)
access_token = user_session.access_token create_or_retrieve_user_from_userinfo(user_session.userinfo)
#login_user(user) #login_user(user)
return jsonify(id_token=flask.session['id_token'], access_token=flask.session['access_token']) return jsonify(id_token=user_session.id_token,
access_token=flask.session['access_token'],
userinfo=user_session.userinfo)

3
auth/oidc_config.py
View File

@@ -9,6 +9,7 @@ CLIENT_METADATA = ClientMetadata(REG_RESPONSE_CLIENT_ID, REG_RESPONSE_CLIENT_SEC
PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit" PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit"
PROVIDER_NAME = 'kit_oidc' PROVIDER_NAME = 'kit_oidc'
PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL, PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL,
client_metadata=CLIENT_METADATA) client_metadata=CLIENT_METADATA,
auth_request_params={'scope': ['openid', 'email', 'profile']})
OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG} OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG}

10
models/user_model.py
View File

@@ -59,9 +59,12 @@ class User(UserMixin, db.Model):
backref=db.backref('followers', lazy='dynamic'), backref=db.backref('followers', lazy='dynamic'),
lazy='dynamic') lazy='dynamic')
def __init__(self, email, password): def __init__(self, **kwargs):
self.email = email super(User, self).__init__(**kwargs)
password = kwargs.get("password", None)
if password is not None:
self.password = sha256_crypt.encrypt(password) self.password = sha256_crypt.encrypt(password)
# do custom initialization here
@staticmethod @staticmethod
def get_by_identifier(identifier): def get_by_identifier(identifier):
@@ -71,7 +74,8 @@ class User(UserMixin, db.Model):
:return: :return:
""" """
return User.query.filter(or_(User.nickname == identifier, return User.query.filter(or_(User.nickname == identifier,
User.email == identifier)).first() User.email == identifier),
User.id == identifier).first()
@staticmethod @staticmethod
def get_all(): def get_all():