cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-08 14:40:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

OAuth Settings Updates (#1500)

Browse Source 
Completed the removal of the OAuth JWKS URL setting as well as the update of how the existing metadata URL settings are being used.

For additional information, reference GitHub issue #1499.
This commit is contained in:
Matt Scott 2023-04-02 09:35:17 -04:00 committed by GitHub
commit 1f6a0504c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 75 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
powerdnsadmin/models/setting.py
View File

@ -73,7 +73,6 @@ class Setting(db.Model):
'https://github.com/login/oauth/access_token',
'github_oauth_authorize_url':
'https://github.com/login/oauth/authorize',
'github_oauth_jwks_url': '',
'github_oauth_metadata_url': '',
'google_oauth_enabled': False,
'google_oauth_client_id': '',
@ -81,7 +80,6 @@ class Setting(db.Model):
'google_token_url': 'https://oauth2.googleapis.com/token',
'google_oauth_scope': 'openid email profile',
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
'google_oauth_jwks_url': '',
'google_oauth_metadata_url': '',
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
'azure_oauth_enabled': False,
@ -93,7 +91,6 @@ class Setting(db.Model):
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
'azure_oauth_authorize_url':
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
'azure_oauth_jwks_url': '',
'azure_oauth_metadata_url': '',
'azure_sg_enabled': False,
'azure_admin_group': '',
@ -111,7 +108,6 @@ class Setting(db.Model):
'oidc_oauth_api_url': '',
'oidc_oauth_token_url': '',
'oidc_oauth_authorize_url': '',
'oidc_oauth_jwks_url': '',
'oidc_oauth_metadata_url': '',
'oidc_oauth_logout_url': '',
'oidc_oauth_username': 'preferred_username',

8
powerdnsadmin/routes/admin.py
View File

@ -1680,8 +1680,6 @@ def setting_authentication():
request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url',
request.form.get('google_authorize_url'))
Setting().set('google_oauth_jwks_url',
request.form.get('google_oauth_jwks_url'))
Setting().set('google_base_url',
request.form.get('google_base_url'))
result = {
@ -1715,8 +1713,6 @@ def setting_authentication():
request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url',
request.form.get('github_oauth_authorize_url'))
Setting().set('github_oauth_jwks_url',
request.form.get('github_oauth_jwks_url'))
result = {
'status': True,
'msg':
@ -1748,8 +1744,6 @@ def setting_authentication():
request.form.get('azure_oauth_token_url'))
Setting().set('azure_oauth_authorize_url',
request.form.get('azure_oauth_authorize_url'))
Setting().set('azure_oauth_jwks_url',
request.form.get('azure_oauth_jwks_url'))
Setting().set(
'azure_sg_enabled', True
if request.form.get('azure_sg_enabled') == 'ON' else False)
@ -1803,8 +1797,6 @@ def setting_authentication():
request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url'))
Setting().set('oidc_oauth_jwks_url',
request.form.get('oidc_oauth_jwks_url'))
Setting().set('oidc_oauth_logout_url',
request.form.get('oidc_oauth_logout_url'))
Setting().set('oidc_oauth_username',

27
powerdnsadmin/services/azure.py
View File

@ -15,18 +15,25 @@ def azure_oauth():
session['azure_token'] = token
return token
authlib_params = {
'client_id': Setting().get('azure_oauth_key'),
'client_secret': Setting().get('azure_oauth_secret'),
'api_base_url': Setting().get('azure_oauth_api_url'),
'request_token_url': None,
'access_token_url': Setting().get('azure_oauth_token_url'),
'authorize_url': Setting().get('azure_oauth_authorize_url'),
'client_kwargs': {'scope': Setting().get('azure_oauth_scope')},
'fetch_token': fetch_azure_token,
}
server_metadata_url = Setting().get('azure_oauth_metadata_url')
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
authlib_params['server_metadata_url'] = server_metadata_url
azure = authlib_oauth_client.register(
'azure',
client_id=Setting().get('azure_oauth_key'),
client_secret=Setting().get('azure_oauth_secret'),
api_base_url=Setting().get('azure_oauth_api_url'),
request_token_url=None,
access_token_url=Setting().get('azure_oauth_token_url'),
authorize_url=Setting().get('azure_oauth_authorize_url'),
jwks_url=Setting().get('azure_oauth_jwks_url'),
server_metadata_url=Setting().get('azure_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('azure_oauth_scope')},
fetch_token=fetch_azure_token,
**authlib_params
)
@current_app.route('/azure/authorized')

32
powerdnsadmin/services/github.py
View File

@ -15,20 +15,28 @@ def github_oauth():
session['github_token'] = token
return token
authlib_params = {
'client_id': Setting().get('github_oauth_key'),
'client_secret': Setting().get('github_oauth_secret'),
'request_token_params': {'scope': Setting().get('github_oauth_scope')},
'api_base_url': Setting().get('github_oauth_api_url'),
'request_token_url': None,
'access_token_url': Setting().get('github_oauth_token_url'),
'authorize_url': Setting().get('github_oauth_authorize_url'),
'client_kwargs': {'scope': Setting().get('github_oauth_scope')},
'fetch_token': fetch_github_token,
'update_token': update_token
}
server_metadata_url = Setting().get('github_oauth_metadata_url')
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
authlib_params['server_metadata_url'] = server_metadata_url
github = authlib_oauth_client.register(
'github',
client_id=Setting().get('github_oauth_key'),
client_secret=Setting().get('github_oauth_secret'),
request_token_params={'scope': Setting().get('github_oauth_scope')},
api_base_url=Setting().get('github_oauth_api_url'),
request_token_url=None,
access_token_url=Setting().get('github_oauth_token_url'),
authorize_url=Setting().get('github_oauth_authorize_url'),
jwks_url=Setting().get('github_oauth_jwks_url'),
server_metadata_url=Setting().get('github_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('github_oauth_scope')},
fetch_token=fetch_github_token,
update_token=update_token)
**authlib_params
)
@current_app.route('/github/authorized')
def github_authorized():

30
powerdnsadmin/services/google.py
View File

@ -15,19 +15,27 @@ def google_oauth():
session['google_token'] = token
return token
authlib_params = {
'client_id': Setting().get('google_oauth_client_id'),
'client_secret': Setting().get('google_oauth_client_secret'),
'api_base_url': Setting().get('google_base_url'),
'request_token_url': None,
'access_token_url': Setting().get('google_token_url'),
'authorize_url': Setting().get('google_authorize_url'),
'client_kwargs': {'scope': Setting().get('google_oauth_scope')},
'fetch_token': fetch_google_token,
'update_token': update_token
}
server_metadata_url = Setting().get('google_oauth_metadata_url')
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
authlib_params['server_metadata_url'] = server_metadata_url
google = authlib_oauth_client.register(
'google',
client_id=Setting().get('google_oauth_client_id'),
client_secret=Setting().get('google_oauth_client_secret'),
api_base_url=Setting().get('google_base_url'),
request_token_url=None,
access_token_url=Setting().get('google_token_url'),
authorize_url=Setting().get('google_authorize_url'),
jwks_url=Setting().get('google_oauth_jwks_url'),
server_metadata_url=Setting().get('google_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('google_oauth_scope')},
fetch_token=fetch_google_token,
update_token=update_token)
**authlib_params
)
@current_app.route('/google/authorized')
def google_authorized():

30
powerdnsadmin/services/oidc.py
View File

@ -15,19 +15,27 @@ def oidc_oauth():
session['oidc_token'] = token
return token
authlib_params = {
'client_id': Setting().get('oidc_oauth_key'),
'client_secret': Setting().get('oidc_oauth_secret'),
'api_base_url': Setting().get('oidc_oauth_api_url'),
'request_token_url': None,
'access_token_url': Setting().get('oidc_oauth_token_url'),
'authorize_url': Setting().get('oidc_oauth_authorize_url'),
'client_kwargs': {'scope': Setting().get('oidc_oauth_scope')},
'fetch_token': fetch_oidc_token,
'update_token': update_token
}
server_metadata_url = Setting().get('oidc_oauth_metadata_url')
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
authlib_params['server_metadata_url'] = server_metadata_url
oidc = authlib_oauth_client.register(
'oidc',
client_id=Setting().get('oidc_oauth_key'),
client_secret=Setting().get('oidc_oauth_secret'),
api_base_url=Setting().get('oidc_oauth_api_url'),
request_token_url=None,
access_token_url=Setting().get('oidc_oauth_token_url'),
authorize_url=Setting().get('oidc_oauth_authorize_url'),
jwks_url=Setting().get('oidc_oauth_jwks_url'),
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
fetch_token=fetch_oidc_token,
update_token=update_token)
**authlib_params
)
@current_app.route('/oidc/authorized')
def oidc_authorized():

44
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -806,17 +806,6 @@
value="{{ SETTING.get('google_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="google_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="google_oauth_jwks_url"
id="google_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('google_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="google_base_url">Base URL</label>
<input type="text" class="form-control"
@ -957,17 +946,6 @@
value="{{ SETTING.get('github_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="github_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="github_oauth_jwks_url"
id="github_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('github_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset>
</div>
<!-- /.card-body -->
@ -1096,17 +1074,6 @@
value="{{ SETTING.get('azure_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="azure_oauth_jwks_url"
id="azure_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('azure_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset>
<fieldset>
<legend>Group Security</legend>
@ -1413,17 +1380,6 @@
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="oidc_oauth_jwks_url"
id="oidc_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('oidc_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_logout_url">Logout
URL</label>