diff --git a/backend/__init__.py b/backend/__init__.py index e83ceb3..51da985 100644 --- a/backend/__init__.py +++ b/backend/__init__.py @@ -3,6 +3,7 @@ Backend base module """ import logging +import os from io import StringIO from logging.config import dictConfig from logging.handlers import MemoryHandler @@ -120,7 +121,10 @@ class LrcException(Exception): app = Flask(__name__) -app.config.from_object('backend.config.Config') +if os.environ.get('FLASK_ENV', None) == "development": + app.config.from_object('backend.config.DevelopmentConfig') +else: + app.config.from_object('backend.config.Config') db = SQLAlchemy(app) login_manager = LoginManager() diff --git a/backend/__main__.py b/backend/__main__.py index 7775e89..f737a44 100644 --- a/backend/__main__.py +++ b/backend/__main__.py @@ -26,7 +26,6 @@ def _start_initial_recorder_state_update(run_in_thread=True): async_permanent_cron_recorder_checker.check_object_state() # initial check of all recorders - def _create_and_start_default_scheduler(): print("Starting Scheduler") scheduler = get_default_scheduler() @@ -48,14 +47,23 @@ def main(): add_test_recorder() print(app.config.get("SERVER_NAME", None)) - server_name = app.config.get("SERVER_NAME", None) - if server_name is not None and "ubkaps154.ubka.uni-karlsruhe.de" in server_name: + + if app.config.get("USE_SSL", False): try: context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) - context.load_cert_chain('cert.pem', 'key.pem') - app.run(debug=True, ssl_context=context, threaded=True) + context.load_cert_chain(app.config.get("CERT", 'cert.pem'), app.config.get("KEY", 'key.pem')) + print("using ssl context!") + app.run(debug=True, ssl_context=context, threaded=True, + #host="0.0.0.0", + host=app.config.get("HOST", "0.0.0.0"), + port=app.config.get("PORT", 5443) + ) except FileNotFoundError: - app.run(debug=True, threaded=True) + print("Could not find cert/key.pem!") + app.run(debug=True, threaded=True, + host=app.config.get("HOST", None), + port=app.config.get("PORT", 5443) + ) try: db.create_all() @@ -63,7 +71,7 @@ def main(): logging.critical(e) scheduler = _create_and_start_default_scheduler() - #_start_initial_recorder_state_update(run_in_thread=False) + # _start_initial_recorder_state_update(run_in_thread=False) wsb = WebSocketBase() print("running websocket...(replaces normal app.run()") diff --git a/backend/api/auth_api.py b/backend/api/auth_api.py index 5cc4a05..516b9e5 100644 --- a/backend/api/auth_api.py +++ b/backend/api/auth_api.py @@ -28,6 +28,7 @@ from werkzeug.routing import BuildError from backend import db, app, jwt_extended from backend.api import auth_api_bp, auth_api_providers_ns, auth_api_register_ns from backend.auth import AUTH_PROVIDERS, oidc_auth +from backend.auth.oidc_config import PROVIDER_NAME from backend.models.user_model import User, Group, BlacklistToken logger = logging.getLogger("lrc.api.auth") @@ -133,6 +134,7 @@ def create_or_retrieve_user_from_userinfo(userinfo): try: email = userinfo["email"] except KeyError: + logger.error("email is missing in OIDC userinfo! Can't create user!") return None user_groups = check_and_create_groups(groups=userinfo.get("memberOf", [])) @@ -161,13 +163,12 @@ def create_or_retrieve_user_from_userinfo(userinfo): @auth_api_bp.route('/oidc', methods=['GET']) @auth_api_bp.route('/oidc/', methods=['GET']) -@oidc_auth.oidc_auth() +@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME) def oidc(redirect_url=None): logger.debug("oidc auth endpoint:") - return "fuck!" user = create_or_retrieve_user_from_userinfo(flask.session['userinfo']) if user is None: - logger.error("Could not authenticate: could not find or create user.") + logger.error(f"Could not authenticate: could not find or create user:\n{str(flask.session['userinfo'])}") return "Could not authenticate: could not find or create user.", 401 if current_app.config.get("AUTH_RETURN_EXTERNAL_JWT", False): token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY']) diff --git a/backend/auth/oidc.py b/backend/auth/oidc.py index ca87038..3f4151b 100644 --- a/backend/auth/oidc.py +++ b/backend/auth/oidc.py @@ -18,7 +18,7 @@ from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS OIDCAuthentication.oidc_auth_orig = OIDCAuthentication.oidc_auth OIDCAuthentication.oidc_logout_orig = OIDCAuthentication.oidc_logout - +''' def oidc_auth_default_provider(self): """monkey patch oidc_auth""" return self.oidc_auth_orig(PROVIDER_NAME) @@ -31,6 +31,7 @@ def oidc_logout_default_provider(self): OIDCAuthentication.oidc_auth = oidc_auth_default_provider OIDCAuthentication.oidc_logout = oidc_logout_default_provider +''' oidc_auth = OIDCAuthentication(OIDC_PROVIDERS) @@ -40,6 +41,7 @@ def create_or_retrieve_user_from_userinfo(userinfo): try: email = userinfo["email"] except KeyError: + app.logger.error("email is missing in OIDC userinfo! Can't create user!") return None user = User.get_by_identifier(email) @@ -62,7 +64,7 @@ def create_or_retrieve_user_from_userinfo(userinfo): @auth_bp.route('/oidc', methods=['GET']) -@oidc_auth.oidc_auth() +@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME) def oidc(): user_session = UserSession(flask.session) app.logger.info(user_session.userinfo) @@ -78,8 +80,10 @@ def oidc(): @auth_bp.route('/oidc_logout', methods=['GET']) +@oidc_auth.oidc_logout def oidc_logout(): - oidc_auth.oidc_logout() + # oidc_auth.oidc_logout() + app.logger.debug("Logging out current user!") return redirect('/') diff --git a/backend/auth/oidc_config.py b/backend/auth/oidc_config.py index 1c795fb..a925d89 100644 --- a/backend/auth/oidc_config.py +++ b/backend/auth/oidc_config.py @@ -10,6 +10,10 @@ PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit" PROVIDER_NAME = 'kit_oidc' PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL, client_metadata=CLIENT_METADATA, - auth_request_params={'scope': ['openid', 'email', 'profile']}) + auth_request_params={'scope': ['openid', 'email']} + # auth_request_params={'scope': ['openid', 'profile']} # avoid to get profile + # -> cookie is getting too large + # auth_request_params={'scope': ['openid', 'email', 'profile']} + ) OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG} diff --git a/backend/config.py b/backend/config.py index 37999f4..3525ee4 100644 Binary files a/backend/config.py and b/backend/config.py differ diff --git a/backend/cron/cron_state_checker.py b/backend/cron/cron_state_checker.py index 0020dca..376524d 100644 --- a/backend/cron/cron_state_checker.py +++ b/backend/cron/cron_state_checker.py @@ -170,6 +170,6 @@ async_cron_recorder_checker = StateChecker([check_capture_agent_state, ping_capt async_permanent_cron_recorder_checker = StateChecker( [check_capture_agent_state, ping_capture_agent, check_stream_sanity], Recorder) -for r in Recorder.get_all(): - async_permanent_cron_recorder_checker.add_object_to_state_check(r.id) +#for r in Recorder.get_all(): +# async_permanent_cron_recorder_checker.add_object_to_state_check(r.id) diff --git a/backend/serve_frontend.py b/backend/serve_frontend.py index 59e1b25..7ccacb9 100644 --- a/backend/serve_frontend.py +++ b/backend/serve_frontend.py @@ -10,6 +10,7 @@ from flask_pyoidc.user_session import UserSession from backend import app from backend.auth import oidc_auth +from backend.auth.oidc_config import PROVIDER_NAME fe_path = os.path.abspath(os.path.join(app.root_path, os.pardir, os.pardir, "frontend", "dist")) if not os.path.exists(fe_path) or not os.path.exists(os.path.join(fe_path, "index.html")): @@ -37,7 +38,7 @@ def send_img(path): @fe_bp.route('/test') -@oidc_auth.oidc_auth() +@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME) def test_oidc(): user_session = UserSession(flask.session) access_token = user_session.access_token