Merge pull request #13 from nomennesc-io/master

fixed access check for non-administrators
This commit is contained in:
Thomas 2017-12-05 12:51:21 +01:00 committed by GitHub
commit 21e903fa76
3 changed files with 42 additions and 3 deletions

View File

@ -366,7 +366,9 @@ class User(db.Model):
if self.role.name == "Administrator": if self.role.name == "Administrator":
return True return True
query = self.get_domain_query().filter(Domain.name == domain_name) query = db.session.query(User, DomainUser, Domain).filter(User.id == self.id).filter(
User.id == DomainUser.user_id).filter(Domain.id == DomainUser.domain_id).filter(
Domain.name == domain_name)
return query.count() >= 1 return query.count() >= 1
def delete(self): def delete(self):

View File

@ -380,15 +380,45 @@ def login():
error = e.message['desc'] if 'desc' in e.message else e error = e.message['desc'] if 'desc' in e.message else e
return render_template('register.html', error=error) return render_template('register.html', error=error)
@app.route('/logout') def clear_session():
def logout():
session.pop('user_id', None) session.pop('user_id', None)
session.pop('github_token', None) session.pop('github_token', None)
session.pop('google_token', None) session.pop('google_token', None)
session.clear() session.clear()
logout_user() logout_user()
@app.route('/logout')
def logout():
if app.config.get('SAML_ENABLED') and 'samlSessionIndex' in session and app.config.get('SAML_LOGOUT'):
req = utils.prepare_flask_request(request)
auth = utils.init_saml_auth(req)
if app.config.get('SAML_LOGOUT_URL'):
return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
return_to = app.config.get('SAML_LOGOUT_URL'),
session_index = session['samlSessionIndex'], name_id=session['samlNameId']))
return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
session_index = session['samlSessionIndex'],
name_id=session['samlNameId']))
clear_session()
redirect_url = url_for('login')
return redirect(url_for('login')) return redirect(url_for('login'))
@app.route('/saml/sls')
def saml_logout():
req = utils.prepare_flask_request(request)
auth = utils.init_saml_auth(req)
url = auth.process_slo()
errors = auth.get_errors()
if len(errors) == 0:
clear_session()
if url is not None:
return redirect(url)
elif app.config.get('SAML_LOGOUT_URL'):
return redirect(app.config.get('SAML_LOGOUT_URL'))
else:
return redirect(url_for('index'))
else:
return render_template('errors/SAML.html', errors=errors)
@app.route('/dashboard', methods=['GET', 'POST']) @app.route('/dashboard', methods=['GET', 'POST'])
@login_required @login_required

View File

@ -92,6 +92,13 @@ SAML_METADATA_CACHE_LIFETIME = 1
SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>' SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
SAML_SP_CONTACT_NAME = '<contact name>' SAML_SP_CONTACT_NAME = '<contact name>'
SAML_SP_CONTACT_MAIL = '<contact mail>' SAML_SP_CONTACT_MAIL = '<contact mail>'
#Use SAML standard logout mechanism retreived from idp metadata
#If configured false don't care about SAML session on logout.
#Logout from PowerDNS-Admin only and keep SAML session authenticated.
SAML_LOGOUT = False
#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
#for example redirect to google.com after successful saml logout
#SAML_LOGOUT_URL = 'https://google.com'
#Default Auth #Default Auth
BASIC_ENABLED = True BASIC_ENABLED = True