From cc334f17272fe72a9ed8291a515cb5a70d115fe6 Mon Sep 17 00:00:00 2001
From: Tobias Kurze <kurze.tobias@googlemail.com>
Date: Tue, 28 Jul 2020 15:09:08 +0200
Subject: [PATCH] oidc working again (getting less info to limit cookie size)

---
 backend/__init__.py                |   6 +++++-
 backend/__main__.py                |  22 +++++++++++++++-------
 backend/api/auth_api.py            |   7 ++++---
 backend/auth/oidc.py               |  10 +++++++---
 backend/auth/oidc_config.py        |   6 +++++-
 backend/config.py                  | Bin 4744 -> 5228 bytes
 backend/cron/cron_state_checker.py |   4 ++--
 backend/serve_frontend.py          |   3 ++-
 8 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/backend/__init__.py b/backend/__init__.py
index e83ceb3..51da985 100644
--- a/backend/__init__.py
+++ b/backend/__init__.py
@@ -3,6 +3,7 @@
 Backend base module
 """
 import logging
+import os
 from io import StringIO
 from logging.config import dictConfig
 from logging.handlers import MemoryHandler
@@ -120,7 +121,10 @@ class LrcException(Exception):
 
 
 app = Flask(__name__)
-app.config.from_object('backend.config.Config')
+if os.environ.get('FLASK_ENV', None) == "development":
+    app.config.from_object('backend.config.DevelopmentConfig')
+else:
+    app.config.from_object('backend.config.Config')
 db = SQLAlchemy(app)
 
 login_manager = LoginManager()
diff --git a/backend/__main__.py b/backend/__main__.py
index 7775e89..f737a44 100644
--- a/backend/__main__.py
+++ b/backend/__main__.py
@@ -26,7 +26,6 @@ def _start_initial_recorder_state_update(run_in_thread=True):
         async_permanent_cron_recorder_checker.check_object_state()  # initial check of all recorders
 
 
-
 def _create_and_start_default_scheduler():
     print("Starting Scheduler")
     scheduler = get_default_scheduler()
@@ -48,14 +47,23 @@ def main():
     add_test_recorder()
 
     print(app.config.get("SERVER_NAME", None))
-    server_name = app.config.get("SERVER_NAME", None)
-    if server_name is not None and "ubkaps154.ubka.uni-karlsruhe.de" in server_name:
+
+    if app.config.get("USE_SSL", False):
         try:
             context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
-            context.load_cert_chain('cert.pem', 'key.pem')
-            app.run(debug=True, ssl_context=context, threaded=True)
+            context.load_cert_chain(app.config.get("CERT", 'cert.pem'), app.config.get("KEY", 'key.pem'))
+            print("using ssl context!")
+            app.run(debug=True, ssl_context=context, threaded=True,
+                    #host="0.0.0.0",
+                    host=app.config.get("HOST", "0.0.0.0"),
+                    port=app.config.get("PORT", 5443)
+                    )
         except FileNotFoundError:
-            app.run(debug=True, threaded=True)
+            print("Could not find cert/key.pem!")
+            app.run(debug=True, threaded=True,
+                    host=app.config.get("HOST", None),
+                    port=app.config.get("PORT", 5443)
+                    )
 
     try:
         db.create_all()
@@ -63,7 +71,7 @@ def main():
         logging.critical(e)
 
     scheduler = _create_and_start_default_scheduler()
-    #_start_initial_recorder_state_update(run_in_thread=False)
+    # _start_initial_recorder_state_update(run_in_thread=False)
 
     wsb = WebSocketBase()
     print("running websocket...(replaces normal app.run()")
diff --git a/backend/api/auth_api.py b/backend/api/auth_api.py
index 5cc4a05..516b9e5 100644
--- a/backend/api/auth_api.py
+++ b/backend/api/auth_api.py
@@ -28,6 +28,7 @@ from werkzeug.routing import BuildError
 from backend import db, app, jwt_extended
 from backend.api import auth_api_bp, auth_api_providers_ns, auth_api_register_ns
 from backend.auth import AUTH_PROVIDERS, oidc_auth
+from backend.auth.oidc_config import PROVIDER_NAME
 from backend.models.user_model import User, Group, BlacklistToken
 
 logger = logging.getLogger("lrc.api.auth")
@@ -133,6 +134,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
     try:
         email = userinfo["email"]
     except KeyError:
+        logger.error("email is missing in OIDC userinfo! Can't create user!")
         return None
 
     user_groups = check_and_create_groups(groups=userinfo.get("memberOf", []))
@@ -161,13 +163,12 @@ def create_or_retrieve_user_from_userinfo(userinfo):
 
 @auth_api_bp.route('/oidc', methods=['GET'])
 @auth_api_bp.route('/oidc/<redirect_url>', methods=['GET'])
-@oidc_auth.oidc_auth()
+@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME)
 def oidc(redirect_url=None):
     logger.debug("oidc auth endpoint:")
-    return "fuck!"
     user = create_or_retrieve_user_from_userinfo(flask.session['userinfo'])
     if user is None:
-        logger.error("Could not authenticate: could not find or create user.")
+        logger.error(f"Could not authenticate: could not find or create user:\n{str(flask.session['userinfo'])}")
         return "Could not authenticate: could not find or create user.", 401
     if current_app.config.get("AUTH_RETURN_EXTERNAL_JWT", False):
         token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY'])
diff --git a/backend/auth/oidc.py b/backend/auth/oidc.py
index ca87038..3f4151b 100644
--- a/backend/auth/oidc.py
+++ b/backend/auth/oidc.py
@@ -18,7 +18,7 @@ from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS
 OIDCAuthentication.oidc_auth_orig = OIDCAuthentication.oidc_auth
 OIDCAuthentication.oidc_logout_orig = OIDCAuthentication.oidc_logout
 
-
+'''
 def oidc_auth_default_provider(self):
     """monkey patch oidc_auth"""
     return self.oidc_auth_orig(PROVIDER_NAME)
@@ -31,6 +31,7 @@ def oidc_logout_default_provider(self):
 
 OIDCAuthentication.oidc_auth = oidc_auth_default_provider
 OIDCAuthentication.oidc_logout = oidc_logout_default_provider
+'''
 
 oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
 
@@ -40,6 +41,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
     try:
         email = userinfo["email"]
     except KeyError:
+        app.logger.error("email is missing in OIDC userinfo! Can't create user!")
         return None
     user = User.get_by_identifier(email)
 
@@ -62,7 +64,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
 
 
 @auth_bp.route('/oidc', methods=['GET'])
-@oidc_auth.oidc_auth()
+@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME)
 def oidc():
     user_session = UserSession(flask.session)
     app.logger.info(user_session.userinfo)
@@ -78,8 +80,10 @@ def oidc():
 
 
 @auth_bp.route('/oidc_logout', methods=['GET'])
+@oidc_auth.oidc_logout
 def oidc_logout():
-    oidc_auth.oidc_logout()
+    # oidc_auth.oidc_logout()
+    app.logger.debug("Logging out current user!")
     return redirect('/')
 
 
diff --git a/backend/auth/oidc_config.py b/backend/auth/oidc_config.py
index 1c795fb..a925d89 100644
--- a/backend/auth/oidc_config.py
+++ b/backend/auth/oidc_config.py
@@ -10,6 +10,10 @@ PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit"
 PROVIDER_NAME = 'kit_oidc'
 PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL,
                                         client_metadata=CLIENT_METADATA,
-                                        auth_request_params={'scope': ['openid', 'email', 'profile']})
+                                        auth_request_params={'scope': ['openid', 'email']}
+                                        # auth_request_params={'scope': ['openid', 'profile']}  # avoid to get profile
+                                        # -> cookie is getting too large
+                                        # auth_request_params={'scope': ['openid', 'email', 'profile']}
+                                        )
 
 OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG}
diff --git a/backend/config.py b/backend/config.py
index 37999f49768eb6c3059fcbd2558b704f1f6faf23..3525ee4f9b84bd04ba91493e3c22cafb68c4fef9 100644
GIT binary patch
literal 5228
zcmV-y6qD-!M@dveQdv+`05RSaShd=bg7@JfOK86-0`Hh#Y&XcjNXv%Xa)bLkO7GZ~
zM-A8{kb5UnbfO!DRmyBlBEVGLb}K^+(b7BQ*4PUYF*S{;#Nkpn9NOU!Wf3IfPwH@b
zlDG*o0gi%>-_igne7e0;U(bfu|GXf?@xZFj*U>c+bDsFucA|!OfVm!M_}4*+Zb7AF
zE;aqZrig*91diQ^N$GO)W#qT~KxT@nObnT#yyFK_5d72XzJ3#2kf<l8q>NplBfRP<
z*6L3r9vM)p3-GMPCxGGJq|_WPzAXP1fjwQy9r|olq_63-6W$+Vwbr8Y5-!&3^DT<c
zyAYIvA`V5~^3!A@$fi-_ctHd7`ES*6gjUi?{pLH?sjIxMX0G-f<?JanBvkILnG#(1
zR|4v-!!{0<L6(e!0dRU#YHNN=w8h4ma@h=L4|<hvc|?4iD|EI34jX?-Pn6x(G6ha5
zIDz~G$0P%_<4P{uY>G<mQ37T@eScZAxTHfN8+AZayu;_(<<z3-eT&%JbioQ<%#s6x
zr*g`DwesfOB!!~CEAyl(ZQ}}lQ<nZWeY*MKNL2*UcV&}o91|_V`ldaP##K^@+pCx{
zfDrcdqWV?1(ZYt_s!*bmIhUL+9YkEnFgT$S3l^8r<tYQ~by-1oFK`2u@<_+H-D-I;
zq@2-+lG&oy<oWx{$&>~$iyCES+0&+$*z4b}b~C1mB-=$=B>Wg$!D=Uo-42>q6V`YX
z6N0s`jZM{<1Q6%6^M$~N*a%6iBBkw@Suv6GzavCKXs<xZc-vqSGcDS$<k<)OOd3?R
zk&w6irZ5@BR;TMcqMtaSDvro;kx0$rl`|1?nCuGgF=wMfTbq6+3!8uJ^V^-0&=mi>
z4_8SXJr9R-82>0T)j!@VIFV;KeO|uL_S?o2Qam8veGN+Y6yeuW<4|M$p)+v`!C37x
zNpmS9s*Hy!?b|A;(9X#}Wb8c6Hn=^56^CEbf&|sQIuybNL9EMQ0jf9gYMefNpjurf
z&k|*^L#}S>lB;9pWF`2_FJR>oGZHjUXjRx5j5i?y^Y*iLTzFuL2Yd{@8cioapZ`s7
z`mT|viJ#8zS?WF*_Ntg@nis`tFQAr71C|RaW<+`3x&Z7<>*|FsQN8*KRhk_431{U_
z0FRySpIhRZr8w-J&DMi8nN8_rmmV-tw|$vgj49)xX%ezX81<q>6hKqB%e@M{b&Zvg
zF^}!6AH%p+9$BGO>MayXCB(Zi&#p?B;O4?vBMAr{dDGzk@#F^vKMr#6D9knl?R1Tg
z?PV9g^BpjsVzamVUw*>OY~_GG7CONBfwF@|7@xQ_V|v3<t{89ESIF!9`mvC6+?#s9
z`35-@9@5K<&tpNLd9gsZq21Ukn`Nn}-IJ30%L}fWa`w4yiU(Vxhu-XPvr8xuXfOW1
z#}_$xX;{GRE|o<tz8p}umbhC(|018wI4~cT&@!7R&D{TQ?1|+_p1P*<3ud5!)6%s;
z(q6L)aA`mtOO%{G`W@&1@m`y3L<L10C$IFuig)YF5zy14Ns$NuhS)#?h|!e7PZ#{C
zJLvdnc=IQzQ~4ysWiKR<TGZs+HmuoBmPg`njs6Jb2#8Dp;1rSJ1@cZsT(fi&Kdb_+
zaa-NnjIL}^Lt%fQaGRNQKG{UxL@b<?DMMMop(_Q#mFK-Fl)A@@vC9qy*@9kkW)(Ax
zM)Y0)l5thb2xMq4^(f<1XvPb<)NjO)D_qXkt4^L5U}T<W6TCR}0j?2bM`4o7P{D)s
zqN>%>J}O?U7Vs7<6$i_l7{0s*+WA4L6du;!UCM-oP}_kKALK~Fmw))x_pVu4?a@2I
zs#v}Bpo?TSLw&%WfI%G+;pTK(@>x)pLl1r{Zu1nFRPHA^a8Mgn_CSM9G4@ln)L=Up
ze%u!@JYrr0ex@ne{S?pZWvX(=<#N5n&@31b!)Mb4;-<Pr39;G)mlTIy`7LgIvd~lT
z3B8Mvo7*{%hPTyg$XoDL#z_Ko)chwS%6>RID5Qw2@K(PP2O$E#<Di1ABgjM?neb^8
zx4=F82u~z@xV#yQ(tzP_8baweE<79xGCdH;_zKR*`_6Z@T0K|y_f-7VI+spLCWDHu
z7U4B=P>O3N2H#%~aoTbMd?(%S!7vAbOTXl$p>ElCmkE`C%6@JyxKeiB)UYMjjwx#G
zD|F=uS?FUB6<*N`qCs3r+i4q|J;nom^(7j(^LM2fubapAgjn(ypSO?jaRMA2ySOOT
zU?zIHRSm%JaVu)%ut}afLtNh61cr4q#odHtbXblcTCt;_KT$57qeloObeAk}dtXls
z^v-{R63g9JMGzv*2ojLC7bfELh@{`JExhpg&F!;n6++VbfuLB=ehkKs`a&ol0>z(=
z*~_Y))=qz9LN1UEj+Z?iWs5D97zgE2^K96;SnGwnm6yX<p4+q?sO(E^kK|u(O!Zyt
z^|S<1d!W#GX1KcC4s0&vV`RfQfx(?Bn339;h?k@j$spYrat*%`rC%p1IgeYJQ#7_<
ztD}M*`?vA8nlXN@`P~UZh$|c5MstfLJ)i0<!hsm3;Am;gI}^pNaLbnc!Y2-ynGuLO
zxZx_7)so^W&xkwfQJ5$HECMP5jW;Db1sl8nvKxzbA6tDdkx<ZIdOf!4Fu)-{R1EhM
zxj@jclo5M?#a>btAP3c1f(mgRn(9ajs?a<)_$_{vR~q6znsDO3!pE_<?g2=2HmNi1
z71IpxKh>*(Nn#Yi^L0DpEyV7`)*bMu+7&HBf|)3LpP8&&UmUvh8iP^7a>vxTc7)$Y
zn>zc-vp+52T{MRvhl{cZJbb$?^4Ef|ey9hj*4<Zsq<V?qS=}+c84SH3E$FbOswMZ%
zrzWInfG|w`?fJLN$B?yZmxArQ0EYzp1`%obBGHchjl$92QbJmkhCCg#lEnJcq8kG=
zzFgy-z(d$H(}}dL0MK*g&>^<CoGvY7nAZTZg*vxoe&a*rxD(2~T07#xVY{upluiQ#
z{m}#Icf6*Dg1<<^W>=2AeI_$b)h!@nM1f`31vQZ?m0)CJ_*RLHN{7~d{5ut>Y#uK#
z58L+EutLv7nC=7hejqpMR)1V_!1%?tI=_Tng+!VB@rgNKSwm2QjHDRTlp&uw+x{xO
zWq%Y>s>+f3$f1wbeM6BRlo(#%B#g+ZC$*Tpj1b)Je)RAun#`OQCZkak?(VGJ1~{ry
zh5tknF{Cho@}v#3wO6rc!DdEW`Vm)oIf(M*t2y#+6p_1tmaHnYU%f{bKuXHJCo13{
z0@@COQW<}y;;B<;O^M%-els3{Cw_2<7P;TL0KEfN>EH~0K`v8a7Qk;nT2)+!09WRe
z&M_UoQ=3i0vH2$t4@WgWz5~GujM5do`~MbVuae>B#F2LdyqmsU0!e1BeHsfcWK;|{
z4MEdNZ70ShV>-W!h`I4=^jV>Bh_U>oO4QK>`y*6`u6zgn+n%Ou@t^U;h7Q~${nw##
z^)8*$w$6}e=2n4(&w+=KL)>qggB9qY_Y=_YOOZ*Te?)Y+pjH#2f_48Sw0PEYvBPRc
zyr~r)Y$mFjgKl@Eh<LDtw;kd`mk-+!+@NjfAJHVkMpSliO4i7GD|!jp2_w7LaW{x@
zxI!X^PRZklvX%I{h5_pa<FnT{-Fu}{j#Gx^5F~p8QNUmGbZHRqy||I~-K5=|Ou|=v
z#i5wekq;pc9|;D0ic)j4Ysq@eOdj|8NLZ^4ad#7&oOE5wv-*ukxNBVXD`LiBgi^tY
z!a`d5BG1e4<rk(00Y9FN>;618N;XMZ0YDjd6!jjaqk4+>;zb1DgwBBj_>RumX{ql8
zoE>@k-n*V?T90lEp|8~pE!+@2*-q#yFAK|q$q55j%uOz-p>!eqLcFkNs1&)r6P8}S
z@NX-{pVe4o`trA$JY*wusSuhio1W0`TGC~!RZ$JU)+CNG?zEQa0l=&q+-{gn;`>Pj
z4~EK1lnUOXUXjRsBI3xD7QEbowaQ!g47%3-^z)_}0cF>0A>h3Skyt9+F_eXP&>1Hy
zaJ|KOuGC1ww|dok`E=pKpcf>2oX@vfLg7RM-pu`3yEHgZurK^vxRPk=C#OS_2n7_T
zWqX5SSj|JvNGoR#P@Sglu6BcH5GzT<-mkushmO0@8xpm1|5uyCx5gE^JP{Q^SZp|s
z*<w!Ik(eHP+|CDULs{@?aRWcxuyL2v3AzMq>nTG)C{NngG#T7BEv)*w+6oL!?Z(HN
z+{ur=^F+Gav9uywr57(e$2;Q?UP?s4d@tsh6@Ug?3aa`hohzI(!sz(UEp_LKoq{%a
z@Rd=nmst8f;KO$ZRVFhC9}ZO1Ht2@Dk~9(3NeLe8D8cQ;oiwY33l($h>A!V&^)-<2
z?XbqT!mo_mjL@eaw_XY}0M|m=fa5S0RM<kpyOpvB*`JRwVk~l>t%p=G3tkne*GHdx
zk$gPwsYL(`t?aGlx!(CUUngmGcNH35Xp(wXVs2RX>9<0n5qn$?ggZaA%jyh1rD2>N
zbIv;`{5-D_Ao0AeOQ91-vnNV?L=TxX(OeSl|Cc;(-S7mAa!fc+6HWkQ$w;$Knwj}5
z0ZVanEsUnico|Qo2Nzqf41bqeffy>SWJ!Xb>RdW(sV#BFShUec!K+Dxb^jr)jAkIz
zM*b}LJNSud%J%}b$U<yj_^&Q?^k`AJ9-53(T&N&ue9i7?iA}I3%4D3p_`i6KD*KH}
z<7)I)iJMlkGUod`Y{kdKjX_$dTdKwHK3387dOti@C?p?vH`u0ozXu_4+fNW<?t{rD
zx{PTwfSSG1KU)|k3mMl}u9Jjt1`eikC2j|V$LY1+6!-xRk5lEBV@Y5Xwz!brT-jhl
zj!kUVuIkLbzV|D%Q;K_ad2KbnP%WtwKvy@8<E=wjDw+h$pzb$#M{q=U<kQZ&IPVVR
zQdAi7tUiW-m>T#}Q&pl$5nmt!EKTv=NXCN$k8p8$(MJ#H!Axp}fZ=c&fo{AXGBd~_
zGJi2cVfD4>D?Cd=;=WHYa<AqdZCw2QX({6%=Yt>8HW(k*Fa~YCfdY>kJ+N;<W-u0(
zel%bDs7?lWk2DmCx&Lb+ObknuOjsz(6RFg`_KBLA`WSEloYs!z3-WDZOKV9sL33%y
zvmM}K-rD0c%f`|^L7HM4vsrAt!!mOuk(V=$yMAS0wx^<d!g)j*dBEl_2G#guqMiC?
zNNPrcR%7TILu7Qu1;G%&=JYjht!G59E1Mi6v75!vEwch99brX3YO{u&NV5(+6^vNF
zA{kPjEZA@3CHkJ1M}=G1`SHySe7&TKxW+KbElz6?xU<RjCJMmsKB$XAIJW{D#8#8*
z(0#tJ|Af2A+~*kb(s?!<sv!Ez5nExePH(6CV4rWRWR62#zDRdPT|nxz9;eVL`>!b$
z(T<aL)7bFk+>;gn<<9j3%b@2B+Xyj_bdOTygv+a@oi&g*L6k3r(Kk`x5pSR+f@J4A
zCrvsMhHxao+NF~VJpWgcUZ9`j!kG$1geE}_9itodd1BAMRi^rS&QJ<0_?5{gG@>s~
z56h#VrY1e`Z#mmjgICkquYM}+Y966~-E`WM?q6oW{#`A6OzJn9%Z+zh?Ue(N2sF)+
zVlr41Cs}))A=Wf;D~v1voq;-T+VYn3@C}KqVVLfswY8_x3Njs}7>tOoY!<2Ul;Ohd
zSha`ryZy=v8m)(rmr>;4SZvxj`a!h*3*=2|41&gDZQ5(I*xF60Jbt}dk0scF7Pk~y
zpsCdo!=;phJFvIoOiy>QS!>^72m!2<vZzm~Pl9i_BNJ521bY9p^stkNW0rqpv;Tdx
zPNPiaz`_|H+~$Ui_Mus=`tSehP0AfFJ|v+Kyr#jS%+03)rW#^B9*>h0)Qf;B0Lli-
zZ4I18Ez~3zmZA#t=5aWxA>b`jvw}h4MqYKZbEmp#K<Cy(H>-OeOzW+5$D|LVc|RaG
zVkd|^E4_256S>etF9+@@W5G_4^x=3vV~gO3nr!;I#(nf1;KgI!@V2q|wTUt-zpEW~
z%GkcCcx5tvHH7V?nPC1!n3t4&v`0xaqFxc7sVC@;l|fop-p@C5JUCzb<ED#B%^&CV
z1;UodRV%N)yE(d3(GPzt(oA0eahjR&uf<x5yfj^@T+SQE%CT}m$~UQ}^2V{80pR__
zaT;Mb=&o$$#H%{>2~B^IBlg()|8A$vVTWorz4<@85BV69>6zY{VD*6>u;PfLXNS;K
zD@Bt5rqOZr?o$2l%G(C!@mcMDrw1L!{zsY)Hmp0FyJ|t0e#yROtMh<uNw|Msoow!L
z&JsQ3FcL}<e<m27ed0P)exx2x-s<s7k}ag1uzP_C${iIKKi;r%G9rX@7q;^<Xvq*r
zSl!^jxmat?3uptZPijcR<?aj2mc9YUjQe=`8nn;2@*L$^qWopA0ns}hcO2#VYkI}m
zmXB)s&m8pq8le42Y=|D_0n=iBn_j_vFiPle#PVYd!jT68)QbsO9DJxeEN@s8$ToXd
z)hxs`VGZLAq3OTPU_MFt%wwm*wnz0ch=mAarr}(%Kbxx5t+P<+?(t6UV75*41OYtn
zH}u|bLn;l#p>o6;I8_~(&lW0!UFbDZG*ms;vx4>pfJPg+kRaG***!ds;9P3(yU9jX
zFuUfo@-6=n-IfZ+Gs!rKzw?ld7w~iyh!4=LUtt%b7gsj6H4$95rP|_l+%QROH3PYN
zh{VI0eHUAr)S?%8RS(R^_HGa72h$MI9MTlQAa_2|<r0H%2c2dBw90TE`%$q}^3mj<
zRy`X<o87^~n~>vgHII>MS<I%&C&t}i2GC$W8{)Ai)XzBy?yW;v=bw~;SF!qgi`*LZ
m_DMv@rY1BR6c3{8uuF2ePk)GoVY*|~&iZ;x6mcC{b%Bh04?NQV

literal 4744
zcmV;35_jzYM@dveQdv+`0BcTF8B9ORVig*GU>aqqu)e`t2yy7zyZ$EV+uihd6E=Ag
zm%0s;Yqg~a<E=51JJ_si0vr=<n}V|au(`XMOnqA3(NGNi0GFk;-{Mc;Ga13A9nmL#
zd445I6)+m}iE8UV&Ym$iNRYK7l<8Na6F|_BQ_7YwW*AG9T#d4rJ^0xwhoH^0lTDy3
zM_o!Dy4T@Rrnvq@L>eVVB#Q4A4mtocjoX+(4mP=dX!y+cg!38X6F#C{lB{Vy6jz`R
z+M{ns65RZR_DZ)f2Nt#Y<7@=<wH(H%<v?E}<wP#~Y|!h)R-O9-vl^L=6rWHA7!Ux7
z0VQ}SA$BlecP^cwIk}aJ!#lXCLKT#jqH0oOt-V9A$rrQSy=Sf@W|^4X5PMs2L|>%Z
zJi8q*`Ovn}htJtMFF~8_w~aC&?TCE3zV{@7#*T_D^o)VMQ2@R5By_L-DVr9SI#0{z
zJO21&_oECG;F)^4@rD@;O8E)k0jGICGAc~;FI%JL`N1iKKeS7q_Jb>9he~nh2A<28
zo`&$Ouw*|MWpz|XJ$tCwCL5Z^a@I2m2!AJka8z5^L0X5?4dY;i#TysVwvX9wg(Z7r
zllMm{3`5NNV#j<15yGTr(?2y!LIO1B9V8y7bmwN_7Rz^lK-K8Z<X+XQXTbOVCE2)&
z6vb=0^#I-V($(%shw{Jr#~9)ZJZ=RYsCNA=N_*Q8j~VAT!sOOLPl36|xt_l;adfO6
z{mCgbj;=`D{MZY}0^_O>zgi6;)im;v65*#~Do-`HjO_N)wa8mJ`ckoW6HT5p_I*OQ
zDVAG2Hm^+yuaqk_5W6IzIIJ$-_99#0jmeK3V&8={fV%AvXb#!i3<Ni%7y`;fs^2sV
zO5gdBxU>{ahx-+w!pquFvTFKQk?)i5H<*v<cGI4PGX%9f1{+xk&Qkse>7mbN0&nuP
zGuS?R?*^Dq%t!ru(M#Q>k~f9CG1yEu3WLF80?`xgwr@m^sdg{z7#eP?eaSxuXpd?l
zBNql%=mk)&s&2;t17BeckXS1OSpq(ZC;SoGx|n2PLGSx_UYZ5}UpBQ~Zw<&11n5F+
zKa>NS+gY-PcEOHdgsp1kR#eS40>r=ijS$5Sf%lZqAIdk)K~%_zn%`NBz%Y`(vc*_h
zi9%h1<W$dm!=~h3r5eKh`CD1k@uUw>&@+Qf10P6g)P*TPa_xRX+&2xP;fXE;BLBS(
z&<xiD8B>LeGV#UKnYf?v7_i;8wQM`DrBeEi24}!?1wx<bA$fOfee-L=2g9i9Z(9-u
zR_nyHjvRi4ch9TNq~lcHl7ZVAUdG1dCkw3Q7cdOG`V$P#2=+z$x*U*KBy+6RXCB`?
zJX5;$(oWHiL<-B9nl9`#kn`ceJ>uo09}Jn_SoGCNzbW!bMh;L~-M)_+Lqbzf)B|g)
z#Gne$!6Z=GI==9>MGpVMrlZUb&=koU)dV3fJ7`M1Vf@bJK^L&WCk?*kz{)e9CF$vI
zP5XX&As4u*iP8m#LqJO$i!ZGTRJV|IT1P|UEgSd3Zp&z2i13cU2~b93K3ZF~DM@Mz
zb<-9A)Uc>+3Li<$vA!cvD13&1i@<A6r8u2g1WZ(%_Wl?M9^zd&HcPA@X-cU@?YVB&
z&s_cHh;CZUjGStqD!B|5(8&t06i)|UzcE;?E2eM~4taogVFB=fzEFVMFqfUVa|zf@
zV8^D?`KYwyT3Tr4mKz;abywfLhL!qa^tm2gP$brY)Y@_J6|+cPI9Ut&I=)PRV7~D4
z|K3Gqrq*Af>^P05e?s%Fxj8|za@}}Dnx|0557G*B(OtsvEb#EqEUc8x+AAanqh(EV
zm@b7j9rm?7Q1KOJMz?I@Czo!0dgk*%-~6CrSIOz4<Dcug*6)_HOrH50wRv<Sec$o+
z-oo4scV`mN%p+2;O(?a6kc!+(h|L=2?|}hNaWW-CkC=Z$e{Tn=!>P*0`|$$=jH|_%
z98{tB9@TG-1MKqmhCylaPJAs5q3mC{7A;T(`A(63#02png1`yHk@26v`Y-^1<E*X^
zQATwybTv0k!zx*wOGZ>-lD$BGKbBl36S{&PHfzndXR-o5lvr3U)n~`N>oAYG;D)S$
zLTY12Cy+V<($S<62k}E=hzq_Vp@=cet0k%1tZE57#=DqY*SIU;ERUpv%;8K6pz5YP
z&}F@7V|E)}QYbOV^K!!H_%Y`He4Kq>U+{u{hR(_%dOar)6yt22r5+z0Ik`%P>romi
znx55_MGQ<oX1*0#8-1I<H@Mw)Dj<n_8&i?E$m8&_!x_Ny%iDWLn>+8pFjV-^NoRDr
z$Ak`%|D9=)oBY&Gx>ZER3vk=MR8et4QSYbF>d0m)Ki5JKZ9v&wXyn(aIC?(f#j)U!
zVU2&}UYouE$@S*cg(idQp!;;(jF2It`(E9hi&O$Fy!f{G?dv_Pcxx;XlMg5ihv|YG
zQJ0D)V?thu;NL88tB{tz0%*=J5~!-fcE^XP3gnS>)i{-k<7dZTR((zv`9}>}Ho#xK
zMh%sn?67Nq3<xuLSD|0uMBSNIZ8$S6@@~^C5AjEM12R)K;ExNj_~@E$G}k>Po3Oi0
zv^*#65K|=oiFtL78hNhWDyP*8yU7kJ6zJ1Nv7zp>zT;RNe-f`zch2(I0}zhX(i;ko
znY8GmV))OjJDioKrI*=%Y=&Ij_$F{^GnJI1`$dR-(hHwAwFe2L0Jpr*F5VIoPq0VR
zVkbH+P!qt#rS*Bb)}k-?=;2-Vjs`?9O6ki^&Sp*r&%0>-QW^r7j5Xm+4IY9L^8?CY
zjR(v%Eg{9J$BoQ-OU>pw4=_YE%1{2g+c7KI-XL1Z9hl*>n-|{+8hNkXo5r%YWf#S7
zmhAk93$Avtb}C(!_aSYGZxbl5^$=|UQX?al9#y(0drFm&BkEDDd-^D_@ixV&Jj)-o
z!$O+xod@+IZ5)Fb4ibElD$(OtBytAJ>{USyQcJ-yb&`|MESH+K8pm1St^)88(o(Tn
zuoT70R_dKN2$g6_R-qw?jNW%~MUq9Q!chl(^KhT3EUnwV$idB)QKGn-l>7B5{R97q
zRcu9^nE<+rWjk@H%=m_Gy2XoGvmpUP2gc@H$_g_;aCy%kuPCOi*%NjhAX=Bo=W6@5
z+I=Sx%GnxaLM`hw6I3>}k&GvWvgL>QTfKGyV;#Qw!lKT0->h(CJw<rLs?FvA!%U9h
zgq+L~(UH%3kTfomw=^L`j#A<Lc37s5urf=l)@5`8*XiPAz1q+Ku<lrXc;Og7GUG{z
zXv|$jDx}3;E)Ienxw-&hban?`S+!i}=(b;;;KpiD#ovp*1JH+NlKe0iSvTYO<=#CH
zQ6BqoAOl#3OWh`Jkj6<%#xI&zE=enucMsPtudP-%;n1WkQf?TZcQCCZ4mdt?x{(aq
zs5h{NH6kh*Mnt)C7-<o~q|{v-5R_I%%=bD^$hv34k4^(59L4U@9$YGIqBEO6)oAO5
z)&6%@_HPKi<f0Z!*Zn=7bcuPC#2}@tu*msaUE2H-*c+D<wj|I9Zo3^tXG_;zbIBuC
zRtTfKUWM7D-9z*DyY(kRl}u0aMkH%mo)^S2aHfS|E;qVl3e4}B5-de&b+-gU;4e&S
zo&|mx_8$P2Zoq9b_$EBqUhx|MH{4HRQgF6nj)OA>CRmA=3_kRK<dpcQud`s@M!UwE
zkc%DD@5eFsf(xxzp;5B6m?;{p>G<(EK8LwMm8yjG#8|ILpaVqh*m0NT6Cr;Yk_5Tx
z%6WH_P;!TKMFKcH!EhaCD_xm)fywr9Wk(N}#1oeuKTah!1WMs*Y*dts8?2(8W>T(*
z#8x(+IfgfN3yJiMemuav=N~vo_37j7>B*e%8Uu1}^gF424AsGaOG^u?r408^^foBN
zecI6*xKzs?!?<J6d~#kk6QDQGvIBy~{ap~OZ6=Y^ZMAbB@TX!?MI%UGG}~Ict{yI&
zW!R*$*wq9T1@u`q{hnUUH{4y;6y$!&l>k4DuuI$BBb%_*A?M|a`G6i|-(_uJTkrK_
z#E;4X;tj};?+#0lK_4xVkP|FdnAGU2BBL>gUB^F_*O6ILJ#%YCtxtpPuDIpC1_la2
z!W65xEum<5Qg7wT__eMf?Kt9^=2BAHDM--Qp009UjTQh#m}3-P6I*wiW;-^pYZZ-o
zr$jyDJ|_Q&$toxCDWxX1jBhV3=w&CWNaA@%HJ}41GBTTatK~s(&$6W#=XHj(pWr4M
za|Mr=JdE#1p!F8@NB2{~h;I}Ydq3T|$Z<^DEy8oIZeLH-r2+*<t6fid+~-Nn(uNV7
z$Lr*rKsnfyFMuEm`|2#+#$C?S8#OjHat^UH50zcs;BCi4S$&bKFj+^AaF^?LPevj4
zkpq2<4l89v67Ge@3ZXRNm)l&OfbxM`yrKHQg!uXpZsecB#$Yh^p-UAB*eI4fOVQhH
z^8zeJ(U?Q|f%`?tYi6|;26AlXOSJ0Bd2pu3le$t6o}u3)Cg6Stbh3smFh9<Hpev>H
zC3)!zj`gR=?09_W4htI*Xyi$xiW*g{qyV&mJ&XF6)g-L3ugy0W&_Ab9qR!>f`>uHe
zicd<$kSi+>9#y<P>Zt>-mX-hS)dqMw&<zH}a(d@Cr@~L8*TzkJ#c?f*(|C;OH(bL<
zF(kGu<Pkbb=u;Uwn%g_)=11FEQz*^n)%Z>OpAEAVZ7XpP*-e|Ll;=y$==xIQdNVtL
ziqbi3X1A#Qp4)hU2d>v@qHwAEQKPNdbw7k}h_k>dVYop-m)-HdP2_#n4%JHdiD;{G
z2GV+RGcJq2SQV&VfouDVmlp{p>2iKht0B<Df{q(f^I{C|L=b^dyYa<&>#p=gsI(9E
zn6x-cX?j)$6s+tdkvfMefz;YZhpBF0SL%HI8Y05-lLKs~ao*{A?+<pw<3>Zf9$iB+
zGb7Q}zYCS=zP7g{y=wWfnMIzG8@w*6{_%;UhPkfVRd|5OVZ^<;(Q$R(lbOGfV*34T
zBWKn-c2<MNjElu44Ck!N!|@xN*RkKs!oPzl^hBqo#a>akE+ctS(Ps#&H`Nk5yuNR<
z91Z&skel)E185HaHvHHf9pD@wk8Xv6qD9V&Fa(y>CtP)F7*Wuo1l<go+1ZK>tCwjU
zG^IYPc~x)lO8$-n>z%N|c1pMUj9WZ@XTh<F#<WR@js)oy&3O{r9Ko{49v6t?3nF1A
z9}G-)W#TU%P30eCvwnD^pc%wuv*fg5H+zBGzbZV0N|7Iq1#OQZBR&*zM2~f+x=Od%
zmi$`h@>KyEpbsdjGm|l!Gq+n2&r;R%)Zo+VH2R?YZjT)Pcz77ntZnxg=z`j*zO;}B
zuUDQF`W^wtR9L2-GMZ=~G8dY!$GxL(iiu?a^C48vM3@DU$N>~xL4(+vb|$u~vsp*#
zM&B%siT)}+dP@TJ6(T1v5KXtPbQh<Ac;FR6`#epF;cSHAIo}&q*`WxtTts|<xhXC*
z+OfilvxiD)<kL7BwL|e`T)B)c6aXyH<SZLHR;hKjOo+=mj~#IT3j{*|lhKHhl26md
z8Z~3=!28hB2D~zKyvi^TN`2)~uIe`dH<)$e=fd-Gr_MvQ&?@HesRycrd)Lb&=)8!?
zKXa7)Qm8TnIk#pN!d%UG^k0rgnA~+vB&v`G%3=R~jrBv4;CbTF!Bx7&7b5R+lYGDz
zsAx**iJaWTq`c0RiDp$i^RI$UEM88cWC*G*#V0*IF=Uy`TYleT-9fMd|F|o6Qds9u
zZJ&b(e+VwBwN7ZOhG1=kR5o2W*+BHlIdpUMu-e3CIb;rf*C;ReJ0<90DBdqE$wabO
z{^CTY^m5&94MZ<3NN<Xu&0<;f%11;2{MjzEOK8`Ai3R(XG#IY+b^9bH!oziaUU5Fn
zHRKC@E|WTHs1?TtK(k<df+ypF!3Q6zzIoJ49&aRAtbwUa07ej)Py7SJ$i2UAnf@$;
zDp`CiS}es=K25Qi$#g}{4B(aj>1Yj{d!orT8UEWsclI#fn>Dhot}6D86+4G-l~f?R
zyeRy5Yn7BSnJMz!jj|2#BDb+M@&~%qq<cEufIi7e85u%Ad}^~j4tquEK1mh9N{N;N
z*UGY!!KYUb*WaB<eE_h&TQjmc+ztxUv@Y*F0&u{M`Cq49DHu1I=vDc#zk#whf{VGU
z?_p>D`0Vi+Tkyo~NN;V&5H^8GPU@4QV)a@iUERn4x=IID1M6TaoA+5eov9`(vhRKp
WyUxpzi1O-UrMKGZFJ8B3dkAuXC^Yi`

diff --git a/backend/cron/cron_state_checker.py b/backend/cron/cron_state_checker.py
index 0020dca..376524d 100644
--- a/backend/cron/cron_state_checker.py
+++ b/backend/cron/cron_state_checker.py
@@ -170,6 +170,6 @@ async_cron_recorder_checker = StateChecker([check_capture_agent_state, ping_capt
 async_permanent_cron_recorder_checker = StateChecker(
     [check_capture_agent_state, ping_capture_agent, check_stream_sanity], Recorder)
 
-for r in Recorder.get_all():
-    async_permanent_cron_recorder_checker.add_object_to_state_check(r.id)
+#for r in Recorder.get_all():
+#    async_permanent_cron_recorder_checker.add_object_to_state_check(r.id)
 
diff --git a/backend/serve_frontend.py b/backend/serve_frontend.py
index 59e1b25..7ccacb9 100644
--- a/backend/serve_frontend.py
+++ b/backend/serve_frontend.py
@@ -10,6 +10,7 @@ from flask_pyoidc.user_session import UserSession
 
 from backend import app
 from backend.auth import oidc_auth
+from backend.auth.oidc_config import PROVIDER_NAME
 
 fe_path = os.path.abspath(os.path.join(app.root_path, os.pardir, os.pardir, "frontend", "dist"))
 if not os.path.exists(fe_path) or not os.path.exists(os.path.join(fe_path, "index.html")):
@@ -37,7 +38,7 @@ def send_img(path):
 
 
 @fe_bp.route('/test')
-@oidc_auth.oidc_auth()
+@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME)
 def test_oidc():
     user_session = UserSession(flask.session)
     access_token = user_session.access_token