tryd to fix a oid connect related bug, but there is still a BIG problem
This commit is contained in:
@@ -7,6 +7,7 @@ Login through API does not start a new session, but instead returns JWT.
|
||||
"""
|
||||
import base64
|
||||
import json
|
||||
import logging
|
||||
from pprint import pprint
|
||||
|
||||
import flask
|
||||
@@ -29,6 +30,8 @@ from backend.api import auth_api_bp, auth_api_providers_ns, auth_api_register_ns
|
||||
from backend.auth import AUTH_PROVIDERS, oidc_auth
|
||||
from backend.models.user_model import User, Group, BlacklistToken
|
||||
|
||||
logger = logging.getLogger("lrc.api.auth")
|
||||
|
||||
|
||||
@auth_api_bp.route('/providers', methods=('GET',))
|
||||
def get_auth_providers():
|
||||
@@ -92,6 +95,7 @@ def login():
|
||||
}
|
||||
return jsonify(token), 200
|
||||
|
||||
|
||||
# Endpoint for revoking the current users access token
|
||||
@auth_api_bp.route('/logout', methods=['GET', 'DELETE'])
|
||||
@jwt_required
|
||||
@@ -135,7 +139,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
|
||||
user = User.get_by_identifier(email)
|
||||
|
||||
if user is not None:
|
||||
app.logger.info("user found -> update user")
|
||||
logger.info("user found -> update user")
|
||||
pprint(user.to_dict())
|
||||
user.first_name = userinfo.get("given_name", "")
|
||||
user.last_name = userinfo.get("family_name", "")
|
||||
@@ -148,7 +152,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
|
||||
last_name=userinfo.get("family_name", ""), external_user=True,
|
||||
groups=user_groups)
|
||||
|
||||
app.logger.info("creating new user")
|
||||
logger.info("creating new user")
|
||||
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
@@ -159,8 +163,11 @@ def create_or_retrieve_user_from_userinfo(userinfo):
|
||||
@auth_api_bp.route('/oidc/<redirect_url>', methods=['GET'])
|
||||
@oidc_auth.oidc_auth()
|
||||
def oidc(redirect_url=None):
|
||||
logger.debug("oidc auth endpoint:")
|
||||
return "fuck!"
|
||||
user = create_or_retrieve_user_from_userinfo(flask.session['userinfo'])
|
||||
if user is None:
|
||||
logger.error("Could not authenticate: could not find or create user.")
|
||||
return "Could not authenticate: could not find or create user.", 401
|
||||
if current_app.config.get("AUTH_RETURN_EXTERNAL_JWT", False):
|
||||
token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY'])
|
||||
@@ -169,13 +176,13 @@ def oidc(redirect_url=None):
|
||||
'access_token': create_access_token(identity=user, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user)
|
||||
})
|
||||
logger.info("Token: {}".format(token))
|
||||
if redirect_url is None:
|
||||
redirect_url = request.headers.get("Referer")
|
||||
if redirect_url is None:
|
||||
redirect_url = request.args.get('redirect_url')
|
||||
if redirect_url is None:
|
||||
redirect_url = "/"
|
||||
app.logger.info("Token: {}".format(token))
|
||||
response = make_response(redirect(redirect_url))
|
||||
response.set_cookie('tokens', base64.b64encode(token.encode('utf-8')))
|
||||
return response
|
||||
@@ -189,8 +196,7 @@ def refresh():
|
||||
as we do not actually verify a password in this endpoint."""
|
||||
jwt_identity = get_jwt_identity()
|
||||
user = User.get_by_identifier(jwt_identity)
|
||||
app.logger.info("Refreshing token for " + str(user))
|
||||
logger.info("Refreshing token for " + str(user))
|
||||
new_token = create_access_token(identity=user, fresh=False)
|
||||
ret = {'access_token': new_token}
|
||||
return jsonify(ret), 200
|
||||
|
||||
|
||||
Reference in New Issue
Block a user