mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 22:50:26 +00:00
github oauth login
This commit is contained in:
parent
68dc4f4148
commit
186aedcfc7
@ -1,7 +1,7 @@
|
||||
from werkzeug.contrib.fixers import ProxyFix
|
||||
from flask import Flask
|
||||
from flask.ext.login import LoginManager
|
||||
from flask.ext.sqlalchemy import SQLAlchemy
|
||||
from flask import Flask, request, session, redirect, url_for
|
||||
from flask_login import LoginManager
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config.from_object('config')
|
||||
@ -11,4 +11,42 @@ login_manager = LoginManager()
|
||||
login_manager.init_app(app)
|
||||
db = SQLAlchemy(app)
|
||||
|
||||
def enable_github_oauth(GITHUB_ENABLE):
|
||||
if not GITHUB_ENABLE:
|
||||
return None, None
|
||||
from flask_oauthlib.client import OAuth
|
||||
oauth = OAuth(app)
|
||||
github = oauth.remote_app(
|
||||
'github',
|
||||
consumer_key=app.config['GITHUB_OAUTH_KEY'],
|
||||
consumer_secret=app.config['GITHUB_OAUTH_SECRET'],
|
||||
request_token_params={'scope': app.config['GITHUB_OAUTH_SCOPE']},
|
||||
base_url=app.config['GITHUB_OAUTH_URL'],
|
||||
request_token_url=None,
|
||||
access_token_method='POST',
|
||||
access_token_url=app.config['GITHUB_OAUTH_TOKEN'],
|
||||
authorize_url=app.config['GITHUB_OAUTH_AUTHORIZE']
|
||||
)
|
||||
|
||||
@app.route('/user/authorized')
|
||||
def authorized():
|
||||
session['github_oauthredir'] = url_for('.authorized', _external=True)
|
||||
resp = github.authorized_response()
|
||||
if resp is None:
|
||||
return 'Access denied: reason=%s error=%s' % (
|
||||
request.args['error'],
|
||||
request.args['error_description']
|
||||
)
|
||||
session['github_token'] = (resp['access_token'], '')
|
||||
return redirect(url_for('.login'))
|
||||
|
||||
@github.tokengetter
|
||||
def get_github_oauth_token():
|
||||
return session.get('github_token')
|
||||
|
||||
return oauth, github
|
||||
|
||||
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
|
||||
|
||||
|
||||
from app import views, models
|
||||
|
@ -58,7 +58,6 @@
|
||||
<div class="form-group">
|
||||
<input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken">
|
||||
</div>
|
||||
|
||||
{% if ldap_enabled and basic_enabled %}
|
||||
<div class="form-group">
|
||||
<select class="form-control" name="auth_method">
|
||||
@ -99,6 +98,10 @@
|
||||
<!-- /.col -->
|
||||
</div>
|
||||
</form>
|
||||
{% if github_enabled %}
|
||||
<a href="{{ url_for('github_login') }}">Github oauth login</a>
|
||||
{% endif %}
|
||||
<br>
|
||||
{% if signup_enabled %}
|
||||
<a href="{{ url_for('register') }}" class="text-center">Create an account </a>
|
||||
{% endif %}
|
||||
|
38
app/views.py
38
app/views.py
@ -4,14 +4,16 @@ import jinja2
|
||||
import traceback
|
||||
import pyqrcode
|
||||
import base64
|
||||
import random
|
||||
import string
|
||||
|
||||
from functools import wraps
|
||||
from flask_login import login_user, logout_user, current_user, login_required
|
||||
from flask import Flask, g, request, make_response, jsonify, render_template, session, redirect, url_for, send_from_directory
|
||||
from flask import Flask, g, request, make_response, jsonify, render_template, session, redirect, url_for, send_from_directory, abort
|
||||
from werkzeug import secure_filename
|
||||
|
||||
from lib import utils
|
||||
from app import app, login_manager
|
||||
from app import app, login_manager, github
|
||||
from .models import User, Role, Domain, DomainUser, Record, Server, History, Anonymous, Setting, DomainSetting
|
||||
|
||||
from io import BytesIO
|
||||
@ -32,6 +34,9 @@ if StrictVersion(PDNS_VERSION) >= StrictVersion('4.0.0'):
|
||||
else:
|
||||
NEW_SCHEMA = False
|
||||
|
||||
def random_password(n):
|
||||
return ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(n))
|
||||
|
||||
@app.context_processor
|
||||
def inject_fullscreen_layout_setting():
|
||||
fullscreen_layout_setting = Setting.query.filter(Setting.name == 'fullscreen_layout').first()
|
||||
@ -153,6 +158,12 @@ def register():
|
||||
else:
|
||||
return render_template('errors/404.html'), 404
|
||||
|
||||
@app.route('/github/login')
|
||||
def github_login():
|
||||
if not app.config.get('GITHUB_OAUTH_ENABLE'):
|
||||
return abort(400)
|
||||
return github.authorize(callback=url_for('authorized', _external=True))
|
||||
|
||||
@app.route('/login', methods=['GET', 'POST'])
|
||||
@login_manager.unauthorized_handler
|
||||
def login():
|
||||
@ -161,12 +172,31 @@ def login():
|
||||
LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else ''
|
||||
BASIC_ENABLED = app.config['BASIC_ENABLED']
|
||||
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
|
||||
GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE')
|
||||
|
||||
if g.user is not None and current_user.is_authenticated:
|
||||
return redirect(url_for('dashboard'))
|
||||
|
||||
if 'github_token' in session:
|
||||
me = github.get('user')
|
||||
user_info = me.data
|
||||
user = User.query.filter_by(username=user_info['name']).first()
|
||||
if not user:
|
||||
# create user
|
||||
user = User(username=user_info['name'],
|
||||
plain_text_password=random_password(7),
|
||||
email=user_info['email'])
|
||||
user.create_local_user()
|
||||
|
||||
session['user_id'] = user.id
|
||||
login_user(user, remember = False)
|
||||
return redirect(url_for('index'))
|
||||
|
||||
if request.method == 'GET':
|
||||
return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
|
||||
return render_template('login.html',
|
||||
github_enabled=GITHUB_ENABLE,
|
||||
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
|
||||
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
|
||||
|
||||
# process login
|
||||
username = request.form['username']
|
||||
@ -229,6 +259,8 @@ def login():
|
||||
|
||||
@app.route('/logout')
|
||||
def logout():
|
||||
session.pop('user_id')
|
||||
session.pop('github_token')
|
||||
logout_user()
|
||||
return redirect(url_for('login'))
|
||||
|
||||
|
@ -33,6 +33,15 @@ LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
|
||||
LDAP_USERNAMEFIELD = 'uid'
|
||||
LDAP_FILTER = '(objectClass=inetorgperson)'
|
||||
|
||||
# Github Oauth
|
||||
GITHUB_OAUTH_ENABLE = False
|
||||
GITHUB_OAUTH_KEY = 'G0j1Q15aRsn36B3aD6nwKLiYbeirrUPU8nDd1wOC'
|
||||
GITHUB_OAUTH_SECRET = '0WYrKWePeBDkxlezzhFbDn1PBnCwEa0vCwVFvy6iLtgePlpT7WfUlAa9sZgm'
|
||||
GITHUB_OAUTH_SCOPE = 'email'
|
||||
GITHUB_OAUTH_URL = 'http://127.0.0.1:5000/api/v3/'
|
||||
GITHUB_OAUTH_TOKEN = 'http://127.0.0.1:5000/oauth/token'
|
||||
GITHUB_OAUTH_AUTHORIZE = 'http://127.0.0.1:5000/oauth/authorize'
|
||||
|
||||
#Default Auth
|
||||
BASIC_ENABLED = True
|
||||
SIGNUP_ENABLED = True
|
||||
|
Loading…
Reference in New Issue
Block a user