mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-28 14:05:41 +00:00
Merge pull request #5 from thomasDOTde/feature-google-oauth
Feature google oauth
This commit is contained in:
Thomas
GitHub
commit
0a72a17e4c
@ -11,6 +11,7 @@ login_manager = LoginManager()
|
|||||||
login_manager.init_app(app)
|
login_manager.init_app(app)
|
||||||
db = SQLAlchemy(app)
|
db = SQLAlchemy(app)
|
||||||
|
|
||||||
|
|
||||||
def enable_github_oauth(GITHUB_ENABLE):
|
def enable_github_oauth(GITHUB_ENABLE):
|
||||||
if not GITHUB_ENABLE:
|
if not GITHUB_ENABLE:
|
||||||
return None, None
|
return None, None
|
||||||
@ -46,7 +47,47 @@ def enable_github_oauth(GITHUB_ENABLE):
|
|||||||
|
|
||||||
return oauth, github
|
return oauth, github
|
||||||
|
|
||||||
|
|
||||||
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
|
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
|
||||||
|
|
||||||
|
|
||||||
|
def enable_google_oauth(GOOGLE_ENABLE):
|
||||||
|
if not GOOGLE_ENABLE:
|
||||||
|
return None
|
||||||
|
from flask_oauthlib.client import OAuth
|
||||||
|
oauth = OAuth(app)
|
||||||
|
|
||||||
|
google = oauth.remote_app(
|
||||||
|
'google',
|
||||||
|
consumer_key=app.config['GOOGLE_OAUTH_CLIENT_ID'],
|
||||||
|
consumer_secret=app.config['GOOGLE_OAUTH_CLIENT_SECRET'],
|
||||||
|
request_token_params=app.config['GOOGLE_TOKEN_PARAMS'],
|
||||||
|
base_url=app.config['GOOGLE_BASE_URL'],
|
||||||
|
request_token_url=None,
|
||||||
|
access_token_method='POST',
|
||||||
|
access_token_url=app.config['GOOGLE_TOKEN_URL'],
|
||||||
|
authorize_url=app.config['GOOGLE_AUTHORIZE_URL'],
|
||||||
|
)
|
||||||
|
|
||||||
|
@app.route('/user/authorized')
|
||||||
|
def authorized():
|
||||||
|
resp = google.authorized_response()
|
||||||
|
if resp is None:
|
||||||
|
return 'Access denied: reason=%s error=%s' % (
|
||||||
|
request.args['error_reason'],
|
||||||
|
request.args['error_description']
|
||||||
|
)
|
||||||
|
session['google_token'] = (resp['access_token'], '')
|
||||||
|
return redirect(url_for('.login'))
|
||||||
|
|
||||||
|
@google.tokengetter
|
||||||
|
def get_google_oauth_token():
|
||||||
|
return session.get('google_token')
|
||||||
|
|
||||||
|
return google
|
||||||
|
|
||||||
|
|
||||||
|
google = enable_google_oauth(app.config.get('GOOGLE_OAUTH_ENABLE'))
|
||||||
|
|
||||||
|
|
||||||
from app import views, models
|
from app import views, models
|
||||||
|
|||||||
@ -98,6 +98,9 @@
|
|||||||
<!-- /.col -->
|
<!-- /.col -->
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
{% if google_enabled %}
|
||||||
|
<a href="{{ url_for('google_login') }}">Google oauth login</a>
|
||||||
|
{% endif %}
|
||||||
{% if saml_enabled %}
|
{% if saml_enabled %}
|
||||||
<br>
|
<br>
|
||||||
<a href="{{ url_for('saml_login') }}">SAML login</a>
|
<a href="{{ url_for('saml_login') }}">SAML login</a>
|
||||||
|
|||||||
32
app/views.py
32
app/views.py
@ -17,7 +17,7 @@ from werkzeug import secure_filename
|
|||||||
from werkzeug.security import gen_salt
|
from werkzeug.security import gen_salt
|
||||||
|
|
||||||
from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting
|
from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting
|
||||||
from app import app, login_manager, github
|
from app import app, login_manager, github, google
|
||||||
from lib import utils
|
from lib import utils
|
||||||
|
|
||||||
from onelogin.saml2.auth import OneLogin_Saml2_Auth
|
from onelogin.saml2.auth import OneLogin_Saml2_Auth
|
||||||
@ -162,6 +162,14 @@ def register():
|
|||||||
else:
|
else:
|
||||||
return render_template('errors/404.html'), 404
|
return render_template('errors/404.html'), 404
|
||||||
|
|
||||||
|
|
||||||
|
@app.route('/google/login')
|
||||||
|
def google_login():
|
||||||
|
if not app.config.get('GOOGLE_OAUTH_ENABLE'):
|
||||||
|
return abort(400)
|
||||||
|
return google.authorize(callback=url_for('authorized', _external=True))
|
||||||
|
|
||||||
|
|
||||||
@app.route('/github/login')
|
@app.route('/github/login')
|
||||||
def github_login():
|
def github_login():
|
||||||
if not app.config.get('GITHUB_OAUTH_ENABLE'):
|
if not app.config.get('GITHUB_OAUTH_ENABLE'):
|
||||||
@ -242,11 +250,31 @@ def login():
|
|||||||
BASIC_ENABLED = app.config['BASIC_ENABLED']
|
BASIC_ENABLED = app.config['BASIC_ENABLED']
|
||||||
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
|
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
|
||||||
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
|
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
|
||||||
|
GOOGLE_ENABLE = app.config.get('GOOGLE_OAUTH_ENABLE')
|
||||||
SAML_ENABLED = app.config.get('SAML_ENABLED')
|
SAML_ENABLED = app.config.get('SAML_ENABLED')
|
||||||
|
|
||||||
if g.user is not None and current_user.is_authenticated:
|
if g.user is not None and current_user.is_authenticated:
|
||||||
return redirect(url_for('dashboard'))
|
return redirect(url_for('dashboard'))
|
||||||
|
|
||||||
|
if 'google_token' in session:
|
||||||
|
user_data = google.get('userinfo').data
|
||||||
|
first_name = user_data['given_name']
|
||||||
|
surname = user_data['family_name']
|
||||||
|
email = user_data['email']
|
||||||
|
user = User.query.filter_by(username=email).first()
|
||||||
|
if not user:
|
||||||
|
# create user
|
||||||
|
user = User(username=email,
|
||||||
|
firstname=first_name,
|
||||||
|
lastname=surname,
|
||||||
|
plain_text_password=gen_salt(7),
|
||||||
|
email=email)
|
||||||
|
user.create_local_user()
|
||||||
|
|
||||||
|
session['user_id'] = user.id
|
||||||
|
login_user(user, remember = False)
|
||||||
|
return redirect(url_for('index'))
|
||||||
|
|
||||||
if 'github_token' in session:
|
if 'github_token' in session:
|
||||||
me = github.get('user')
|
me = github.get('user')
|
||||||
user_info = me.data
|
user_info = me.data
|
||||||
@ -266,6 +294,7 @@ def login():
|
|||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
return render_template('login.html',
|
return render_template('login.html',
|
||||||
github_enabled=GITHUB_ENABLE,
|
github_enabled=GITHUB_ENABLE,
|
||||||
|
google_enabled=GOOGLE_ENABLE,
|
||||||
saml_enabled=SAML_ENABLED,
|
saml_enabled=SAML_ENABLED,
|
||||||
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
|
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
|
||||||
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
|
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
|
||||||
@ -354,6 +383,7 @@ def login():
|
|||||||
def logout():
|
def logout():
|
||||||
session.pop('user_id', None)
|
session.pop('user_id', None)
|
||||||
session.pop('github_token', None)
|
session.pop('github_token', None)
|
||||||
|
session.pop('google_token', None)
|
||||||
session.clear()
|
session.clear()
|
||||||
logout_user()
|
logout_user()
|
||||||
return redirect(url_for('login'))
|
return redirect(url_for('login'))
|
||||||
|
|||||||
@ -65,6 +65,19 @@ GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
|
|||||||
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
|
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
|
||||||
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
|
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
|
||||||
|
|
||||||
|
|
||||||
|
# Google OAuth
|
||||||
|
GOOGLE_OAUTH_ENABLE = False
|
||||||
|
GOOGLE_OAUTH_CLIENT_ID = ' '
|
||||||
|
GOOGLE_OAUTH_CLIENT_SECRET = ' '
|
||||||
|
GOOGLE_REDIRECT_URI = '/user/authorized'
|
||||||
|
GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
|
||||||
|
GOOGLE_TOKEN_PARAMS = {
|
||||||
|
'scope': 'email profile'
|
||||||
|
}
|
||||||
|
GOOGLE_AUTHORIZE_URL='https://accounts.google.com/o/oauth2/auth'
|
||||||
|
GOOGLE_BASE_URL='https://www.googleapis.com/oauth2/v1/'
|
||||||
|
|
||||||
# SAML Authnetication
|
# SAML Authnetication
|
||||||
SAML_ENABLED = False
|
SAML_ENABLED = False
|
||||||
SAML_DEBUG = True
|
SAML_DEBUG = True
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user