mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
OAuth Settings Updates (#1500)
Completed the removal of the OAuth JWKS URL setting as well as the update of how the existing metadata URL settings are being used. For additional information, reference GitHub issue #1499.
This commit is contained in:
commit
1f6a0504c8
@ -73,7 +73,6 @@ class Setting(db.Model):
|
|||||||
'https://github.com/login/oauth/access_token',
|
'https://github.com/login/oauth/access_token',
|
||||||
'github_oauth_authorize_url':
|
'github_oauth_authorize_url':
|
||||||
'https://github.com/login/oauth/authorize',
|
'https://github.com/login/oauth/authorize',
|
||||||
'github_oauth_jwks_url': '',
|
|
||||||
'github_oauth_metadata_url': '',
|
'github_oauth_metadata_url': '',
|
||||||
'google_oauth_enabled': False,
|
'google_oauth_enabled': False,
|
||||||
'google_oauth_client_id': '',
|
'google_oauth_client_id': '',
|
||||||
@ -81,7 +80,6 @@ class Setting(db.Model):
|
|||||||
'google_token_url': 'https://oauth2.googleapis.com/token',
|
'google_token_url': 'https://oauth2.googleapis.com/token',
|
||||||
'google_oauth_scope': 'openid email profile',
|
'google_oauth_scope': 'openid email profile',
|
||||||
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
|
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
|
||||||
'google_oauth_jwks_url': '',
|
|
||||||
'google_oauth_metadata_url': '',
|
'google_oauth_metadata_url': '',
|
||||||
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
|
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
|
||||||
'azure_oauth_enabled': False,
|
'azure_oauth_enabled': False,
|
||||||
@ -93,7 +91,6 @@ class Setting(db.Model):
|
|||||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
|
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
|
||||||
'azure_oauth_authorize_url':
|
'azure_oauth_authorize_url':
|
||||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
|
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
|
||||||
'azure_oauth_jwks_url': '',
|
|
||||||
'azure_oauth_metadata_url': '',
|
'azure_oauth_metadata_url': '',
|
||||||
'azure_sg_enabled': False,
|
'azure_sg_enabled': False,
|
||||||
'azure_admin_group': '',
|
'azure_admin_group': '',
|
||||||
@ -111,7 +108,6 @@ class Setting(db.Model):
|
|||||||
'oidc_oauth_api_url': '',
|
'oidc_oauth_api_url': '',
|
||||||
'oidc_oauth_token_url': '',
|
'oidc_oauth_token_url': '',
|
||||||
'oidc_oauth_authorize_url': '',
|
'oidc_oauth_authorize_url': '',
|
||||||
'oidc_oauth_jwks_url': '',
|
|
||||||
'oidc_oauth_metadata_url': '',
|
'oidc_oauth_metadata_url': '',
|
||||||
'oidc_oauth_logout_url': '',
|
'oidc_oauth_logout_url': '',
|
||||||
'oidc_oauth_username': 'preferred_username',
|
'oidc_oauth_username': 'preferred_username',
|
||||||
|
@ -1680,8 +1680,6 @@ def setting_authentication():
|
|||||||
request.form.get('google_oauth_scope'))
|
request.form.get('google_oauth_scope'))
|
||||||
Setting().set('google_authorize_url',
|
Setting().set('google_authorize_url',
|
||||||
request.form.get('google_authorize_url'))
|
request.form.get('google_authorize_url'))
|
||||||
Setting().set('google_oauth_jwks_url',
|
|
||||||
request.form.get('google_oauth_jwks_url'))
|
|
||||||
Setting().set('google_base_url',
|
Setting().set('google_base_url',
|
||||||
request.form.get('google_base_url'))
|
request.form.get('google_base_url'))
|
||||||
result = {
|
result = {
|
||||||
@ -1715,8 +1713,6 @@ def setting_authentication():
|
|||||||
request.form.get('github_oauth_token_url'))
|
request.form.get('github_oauth_token_url'))
|
||||||
Setting().set('github_oauth_authorize_url',
|
Setting().set('github_oauth_authorize_url',
|
||||||
request.form.get('github_oauth_authorize_url'))
|
request.form.get('github_oauth_authorize_url'))
|
||||||
Setting().set('github_oauth_jwks_url',
|
|
||||||
request.form.get('github_oauth_jwks_url'))
|
|
||||||
result = {
|
result = {
|
||||||
'status': True,
|
'status': True,
|
||||||
'msg':
|
'msg':
|
||||||
@ -1748,8 +1744,6 @@ def setting_authentication():
|
|||||||
request.form.get('azure_oauth_token_url'))
|
request.form.get('azure_oauth_token_url'))
|
||||||
Setting().set('azure_oauth_authorize_url',
|
Setting().set('azure_oauth_authorize_url',
|
||||||
request.form.get('azure_oauth_authorize_url'))
|
request.form.get('azure_oauth_authorize_url'))
|
||||||
Setting().set('azure_oauth_jwks_url',
|
|
||||||
request.form.get('azure_oauth_jwks_url'))
|
|
||||||
Setting().set(
|
Setting().set(
|
||||||
'azure_sg_enabled', True
|
'azure_sg_enabled', True
|
||||||
if request.form.get('azure_sg_enabled') == 'ON' else False)
|
if request.form.get('azure_sg_enabled') == 'ON' else False)
|
||||||
@ -1803,8 +1797,6 @@ def setting_authentication():
|
|||||||
request.form.get('oidc_oauth_token_url'))
|
request.form.get('oidc_oauth_token_url'))
|
||||||
Setting().set('oidc_oauth_authorize_url',
|
Setting().set('oidc_oauth_authorize_url',
|
||||||
request.form.get('oidc_oauth_authorize_url'))
|
request.form.get('oidc_oauth_authorize_url'))
|
||||||
Setting().set('oidc_oauth_jwks_url',
|
|
||||||
request.form.get('oidc_oauth_jwks_url'))
|
|
||||||
Setting().set('oidc_oauth_logout_url',
|
Setting().set('oidc_oauth_logout_url',
|
||||||
request.form.get('oidc_oauth_logout_url'))
|
request.form.get('oidc_oauth_logout_url'))
|
||||||
Setting().set('oidc_oauth_username',
|
Setting().set('oidc_oauth_username',
|
||||||
|
@ -15,18 +15,25 @@ def azure_oauth():
|
|||||||
session['azure_token'] = token
|
session['azure_token'] = token
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
authlib_params = {
|
||||||
|
'client_id': Setting().get('azure_oauth_key'),
|
||||||
|
'client_secret': Setting().get('azure_oauth_secret'),
|
||||||
|
'api_base_url': Setting().get('azure_oauth_api_url'),
|
||||||
|
'request_token_url': None,
|
||||||
|
'access_token_url': Setting().get('azure_oauth_token_url'),
|
||||||
|
'authorize_url': Setting().get('azure_oauth_authorize_url'),
|
||||||
|
'client_kwargs': {'scope': Setting().get('azure_oauth_scope')},
|
||||||
|
'fetch_token': fetch_azure_token,
|
||||||
|
}
|
||||||
|
|
||||||
|
server_metadata_url = Setting().get('azure_oauth_metadata_url')
|
||||||
|
|
||||||
|
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
|
||||||
|
authlib_params['server_metadata_url'] = server_metadata_url
|
||||||
|
|
||||||
azure = authlib_oauth_client.register(
|
azure = authlib_oauth_client.register(
|
||||||
'azure',
|
'azure',
|
||||||
client_id=Setting().get('azure_oauth_key'),
|
**authlib_params
|
||||||
client_secret=Setting().get('azure_oauth_secret'),
|
|
||||||
api_base_url=Setting().get('azure_oauth_api_url'),
|
|
||||||
request_token_url=None,
|
|
||||||
access_token_url=Setting().get('azure_oauth_token_url'),
|
|
||||||
authorize_url=Setting().get('azure_oauth_authorize_url'),
|
|
||||||
jwks_url=Setting().get('azure_oauth_jwks_url'),
|
|
||||||
server_metadata_url=Setting().get('azure_oauth_metadata_url'),
|
|
||||||
client_kwargs={'scope': Setting().get('azure_oauth_scope')},
|
|
||||||
fetch_token=fetch_azure_token,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
@current_app.route('/azure/authorized')
|
@current_app.route('/azure/authorized')
|
||||||
|
@ -15,20 +15,28 @@ def github_oauth():
|
|||||||
session['github_token'] = token
|
session['github_token'] = token
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
authlib_params = {
|
||||||
|
'client_id': Setting().get('github_oauth_key'),
|
||||||
|
'client_secret': Setting().get('github_oauth_secret'),
|
||||||
|
'request_token_params': {'scope': Setting().get('github_oauth_scope')},
|
||||||
|
'api_base_url': Setting().get('github_oauth_api_url'),
|
||||||
|
'request_token_url': None,
|
||||||
|
'access_token_url': Setting().get('github_oauth_token_url'),
|
||||||
|
'authorize_url': Setting().get('github_oauth_authorize_url'),
|
||||||
|
'client_kwargs': {'scope': Setting().get('github_oauth_scope')},
|
||||||
|
'fetch_token': fetch_github_token,
|
||||||
|
'update_token': update_token
|
||||||
|
}
|
||||||
|
|
||||||
|
server_metadata_url = Setting().get('github_oauth_metadata_url')
|
||||||
|
|
||||||
|
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
|
||||||
|
authlib_params['server_metadata_url'] = server_metadata_url
|
||||||
|
|
||||||
github = authlib_oauth_client.register(
|
github = authlib_oauth_client.register(
|
||||||
'github',
|
'github',
|
||||||
client_id=Setting().get('github_oauth_key'),
|
**authlib_params
|
||||||
client_secret=Setting().get('github_oauth_secret'),
|
)
|
||||||
request_token_params={'scope': Setting().get('github_oauth_scope')},
|
|
||||||
api_base_url=Setting().get('github_oauth_api_url'),
|
|
||||||
request_token_url=None,
|
|
||||||
access_token_url=Setting().get('github_oauth_token_url'),
|
|
||||||
authorize_url=Setting().get('github_oauth_authorize_url'),
|
|
||||||
jwks_url=Setting().get('github_oauth_jwks_url'),
|
|
||||||
server_metadata_url=Setting().get('github_oauth_metadata_url'),
|
|
||||||
client_kwargs={'scope': Setting().get('github_oauth_scope')},
|
|
||||||
fetch_token=fetch_github_token,
|
|
||||||
update_token=update_token)
|
|
||||||
|
|
||||||
@current_app.route('/github/authorized')
|
@current_app.route('/github/authorized')
|
||||||
def github_authorized():
|
def github_authorized():
|
||||||
|
@ -15,19 +15,27 @@ def google_oauth():
|
|||||||
session['google_token'] = token
|
session['google_token'] = token
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
authlib_params = {
|
||||||
|
'client_id': Setting().get('google_oauth_client_id'),
|
||||||
|
'client_secret': Setting().get('google_oauth_client_secret'),
|
||||||
|
'api_base_url': Setting().get('google_base_url'),
|
||||||
|
'request_token_url': None,
|
||||||
|
'access_token_url': Setting().get('google_token_url'),
|
||||||
|
'authorize_url': Setting().get('google_authorize_url'),
|
||||||
|
'client_kwargs': {'scope': Setting().get('google_oauth_scope')},
|
||||||
|
'fetch_token': fetch_google_token,
|
||||||
|
'update_token': update_token
|
||||||
|
}
|
||||||
|
|
||||||
|
server_metadata_url = Setting().get('google_oauth_metadata_url')
|
||||||
|
|
||||||
|
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
|
||||||
|
authlib_params['server_metadata_url'] = server_metadata_url
|
||||||
|
|
||||||
google = authlib_oauth_client.register(
|
google = authlib_oauth_client.register(
|
||||||
'google',
|
'google',
|
||||||
client_id=Setting().get('google_oauth_client_id'),
|
**authlib_params
|
||||||
client_secret=Setting().get('google_oauth_client_secret'),
|
)
|
||||||
api_base_url=Setting().get('google_base_url'),
|
|
||||||
request_token_url=None,
|
|
||||||
access_token_url=Setting().get('google_token_url'),
|
|
||||||
authorize_url=Setting().get('google_authorize_url'),
|
|
||||||
jwks_url=Setting().get('google_oauth_jwks_url'),
|
|
||||||
server_metadata_url=Setting().get('google_oauth_metadata_url'),
|
|
||||||
client_kwargs={'scope': Setting().get('google_oauth_scope')},
|
|
||||||
fetch_token=fetch_google_token,
|
|
||||||
update_token=update_token)
|
|
||||||
|
|
||||||
@current_app.route('/google/authorized')
|
@current_app.route('/google/authorized')
|
||||||
def google_authorized():
|
def google_authorized():
|
||||||
|
@ -15,19 +15,27 @@ def oidc_oauth():
|
|||||||
session['oidc_token'] = token
|
session['oidc_token'] = token
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
authlib_params = {
|
||||||
|
'client_id': Setting().get('oidc_oauth_key'),
|
||||||
|
'client_secret': Setting().get('oidc_oauth_secret'),
|
||||||
|
'api_base_url': Setting().get('oidc_oauth_api_url'),
|
||||||
|
'request_token_url': None,
|
||||||
|
'access_token_url': Setting().get('oidc_oauth_token_url'),
|
||||||
|
'authorize_url': Setting().get('oidc_oauth_authorize_url'),
|
||||||
|
'client_kwargs': {'scope': Setting().get('oidc_oauth_scope')},
|
||||||
|
'fetch_token': fetch_oidc_token,
|
||||||
|
'update_token': update_token
|
||||||
|
}
|
||||||
|
|
||||||
|
server_metadata_url = Setting().get('oidc_oauth_metadata_url')
|
||||||
|
|
||||||
|
if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0:
|
||||||
|
authlib_params['server_metadata_url'] = server_metadata_url
|
||||||
|
|
||||||
oidc = authlib_oauth_client.register(
|
oidc = authlib_oauth_client.register(
|
||||||
'oidc',
|
'oidc',
|
||||||
client_id=Setting().get('oidc_oauth_key'),
|
**authlib_params
|
||||||
client_secret=Setting().get('oidc_oauth_secret'),
|
)
|
||||||
api_base_url=Setting().get('oidc_oauth_api_url'),
|
|
||||||
request_token_url=None,
|
|
||||||
access_token_url=Setting().get('oidc_oauth_token_url'),
|
|
||||||
authorize_url=Setting().get('oidc_oauth_authorize_url'),
|
|
||||||
jwks_url=Setting().get('oidc_oauth_jwks_url'),
|
|
||||||
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
|
|
||||||
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
|
|
||||||
fetch_token=fetch_oidc_token,
|
|
||||||
update_token=update_token)
|
|
||||||
|
|
||||||
@current_app.route('/oidc/authorized')
|
@current_app.route('/oidc/authorized')
|
||||||
def oidc_authorized():
|
def oidc_authorized():
|
||||||
|
@ -806,17 +806,6 @@
|
|||||||
value="{{ SETTING.get('google_authorize_url') }}">
|
value="{{ SETTING.get('google_authorize_url') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
|
||||||
<label for="google_oauth_jwks_url">JWKS
|
|
||||||
URL</label>
|
|
||||||
<input type="text" class="form-control"
|
|
||||||
name="google_oauth_jwks_url"
|
|
||||||
id="google_oauth_jwks_url"
|
|
||||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
|
||||||
data-error="Please input JWKS URL"
|
|
||||||
value="{{ SETTING.get('google_oauth_jwks_url') }}">
|
|
||||||
<span class="help-block with-errors"></span>
|
|
||||||
</div>
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="google_base_url">Base URL</label>
|
<label for="google_base_url">Base URL</label>
|
||||||
<input type="text" class="form-control"
|
<input type="text" class="form-control"
|
||||||
@ -957,17 +946,6 @@
|
|||||||
value="{{ SETTING.get('github_oauth_authorize_url') }}">
|
value="{{ SETTING.get('github_oauth_authorize_url') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
|
||||||
<label for="github_oauth_jwks_url">JWKS
|
|
||||||
URL</label>
|
|
||||||
<input type="text" class="form-control"
|
|
||||||
name="github_oauth_jwks_url"
|
|
||||||
id="github_oauth_jwks_url"
|
|
||||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
|
||||||
data-error="Please input JWKS URL"
|
|
||||||
value="{{ SETTING.get('github_oauth_jwks_url') }}">
|
|
||||||
<span class="help-block with-errors"></span>
|
|
||||||
</div>
|
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</div>
|
</div>
|
||||||
<!-- /.card-body -->
|
<!-- /.card-body -->
|
||||||
@ -1096,17 +1074,6 @@
|
|||||||
value="{{ SETTING.get('azure_oauth_authorize_url') }}">
|
value="{{ SETTING.get('azure_oauth_authorize_url') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
|
||||||
<label for="azure_oauth_jwks_url">JWKS
|
|
||||||
URL</label>
|
|
||||||
<input type="text" class="form-control"
|
|
||||||
name="azure_oauth_jwks_url"
|
|
||||||
id="azure_oauth_jwks_url"
|
|
||||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
|
||||||
data-error="Please input JWKS URL"
|
|
||||||
value="{{ SETTING.get('azure_oauth_jwks_url') }}">
|
|
||||||
<span class="help-block with-errors"></span>
|
|
||||||
</div>
|
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>Group Security</legend>
|
<legend>Group Security</legend>
|
||||||
@ -1413,17 +1380,6 @@
|
|||||||
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
|
||||||
<label for="oidc_oauth_jwks_url">JWKS
|
|
||||||
URL</label>
|
|
||||||
<input type="text" class="form-control"
|
|
||||||
name="oidc_oauth_jwks_url"
|
|
||||||
id="oidc_oauth_jwks_url"
|
|
||||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
|
||||||
data-error="Please input JWKS URL"
|
|
||||||
value="{{ SETTING.get('oidc_oauth_jwks_url') }}">
|
|
||||||
<span class="help-block with-errors"></span>
|
|
||||||
</div>
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="oidc_oauth_logout_url">Logout
|
<label for="oidc_oauth_logout_url">Logout
|
||||||
URL</label>
|
URL</label>
|
||||||
|
Loading…
Reference in New Issue
Block a user