cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-01-07 10:55:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Manage Account membership on oidc login

Browse Source
This commit is contained in:
Nick Douma 2020-03-06 16:01:18 +01:00
parent 7ef6f5db4e
commit 27f5c89f70
5 changed files with 54 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
powerdnsadmin/models/setting.py
View File

@ -94,6 +94,8 @@ class Setting(db.Model):
'oidc_oauth_firstname': 'given_name', 'oidc_oauth_firstname': 'given_name',
'oidc_oauth_last_name': 'family_name ', 'oidc_oauth_last_name': 'family_name ',
'oidc_oauth_email': 'email', 'oidc_oauth_email': 'email',
'oidc_oauth_account_name_property': '',
'oidc_oauth_account_description_property': '',
'forward_records_allow_edit': { 'forward_records_allow_edit': {
'A': True, 'A': True,
'AAAA': True, 'AAAA': True,

18
powerdnsadmin/models/user.py
View File

@ -589,3 +589,21 @@ class User(db.Model):
return {'status': True, 'msg': 'Set user role successfully'} return {'status': True, 'msg': 'Set user role successfully'}
else: else:
return {'status': False, 'msg': 'Role does not exist'} return {'status': False, 'msg': 'Role does not exist'}
def get_accounts(self):
"""
Get accounts associated with this user
"""
from .account import Account
from .account_user import AccountUser
accounts = []
query = db.session\
.query(
AccountUser,
Account)\
.filter(User.id == AccountUser.user_id)\
.filter(Account.id == AccountUser.account_id)\
.all()
for q in query:
accounts.append(q[1])
return accounts

4
powerdnsadmin/routes/admin.py
View File

@ -819,6 +819,10 @@ def setting_authentication():
request.form.get('oidc_oauth_last_name')) request.form.get('oidc_oauth_last_name'))
Setting().set('oidc_oauth_email', Setting().set('oidc_oauth_email',
request.form.get('oidc_oauth_email')) request.form.get('oidc_oauth_email'))
Setting().set('oidc_oauth_account_name_property',
request.form.get('oidc_oauth_account_name_property'))
Setting().set('oidc_oauth_account_description_property',
request.form.get('oidc_oauth_account_description_property'))
result = { result = {
'status': True, 'status': True,
'msg': 'msg':

20
powerdnsadmin/routes/index.py
View File

@ -309,6 +309,17 @@ def login():
session.pop('oidc_token', None) session.pop('oidc_token', None)
return redirect(url_for('index.login')) return redirect(url_for('index.login'))
if Setting().get('oidc_oauth_account_name_property') and Setting().get('oidc_oauth_account_description_property'):
name_prop = Setting().get('oidc_oauth_account_name_property')
desc_prop = Setting().get('oidc_oauth_account_description_property')
if name_prop in me and desc_prop in me:
account = handle_account(me[name_prop], me[desc_prop])
account.add_user(user)
user_accounts = user.get_accounts()
for ua in user_accounts:
if ua.name != account.name:
ua.remove_user(user)
session['user_id'] = user.id session['user_id'] = user.id
session['authentication_type'] = 'OAuth' session['authentication_type'] = 'OAuth'
login_user(user, remember=False) login_user(user, remember=False)
@ -879,7 +890,7 @@ def create_group_to_account_mapping():
return group_to_account_mapping return group_to_account_mapping
def handle_account(account_name): def handle_account(account_name, account_description=""):
clean_name = ''.join(c for c in account_name.lower() clean_name = ''.join(c for c in account_name.lower()
if c in "abcdefghijklmnopqrstuvwxyz0123456789") if c in "abcdefghijklmnopqrstuvwxyz0123456789")
if len(clean_name) > Account.name.type.length: if len(clean_name) > Account.name.type.length:
@ -888,13 +899,16 @@ def handle_account(account_name):
account = Account.query.filter_by(name=clean_name).first() account = Account.query.filter_by(name=clean_name).first()
if not account: if not account:
account = Account(name=clean_name.lower(), account = Account(name=clean_name.lower(),
description='', description=account_description,
contact='', contact='',
mail='') mail='')
account.create_account() account.create_account()
history = History(msg='Account {0} created'.format(account.name), history = History(msg='Account {0} created'.format(account.name),
created_by='SAML Assertion') created_by='OIDC/SAML Assertion')
history.add() history.add()
else:
account.description = account_description
account.update_account()
return account return account

16
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -502,9 +502,6 @@
<input type="text" class="form-control" name="oidc_oauth_secret" id="oidc_oauth_secret" placeholder="OIDC OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('oidc_oauth_secret') }}"> <input type="text" class="form-control" name="oidc_oauth_secret" id="oidc_oauth_secret" placeholder="OIDC OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('oidc_oauth_secret') }}">
<span class="help-block with-errors"></span> <span class="help-block with-errors"></span>
</div> </div>
</fieldset>
<fieldset>
<legend>ADVANCE</legend>
<div class="form-group"> <div class="form-group">
<label for="oidc_oauth_scope">Scope</label> <label for="oidc_oauth_scope">Scope</label>
<input type="text" class="form-control" name="oidc_oauth_scope" id="oidc_oauth_scope" placeholder="e.g. email" data-error="Please input scope" value="{{ SETTING.get('oidc_oauth_scope') }}"> <input type="text" class="form-control" name="oidc_oauth_scope" id="oidc_oauth_scope" placeholder="e.g. email" data-error="Please input scope" value="{{ SETTING.get('oidc_oauth_scope') }}">
@ -549,6 +546,19 @@
<span class="help-block with-errors"></span> <span class="help-block with-errors"></span>
</div> </div>
</fieldset> </fieldset>
<fieldset>
<legend>ADVANCE</legend>
<div class="form-group">
<label for="oidc_oauth_account_name_property">Autoprovision Account Name property</label>
<input type="text" class="form-control" name="oidc_oauth_account_name_property" id="oidc_oauth_account_name_property" placeholder="e.g. account_name" data-error="Please input property containing account_name" value="{{ SETTING.get('oidc_oauth_account_name_property') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_account_description_property">Autoprovision Account Description property</label>
<input type="text" class="form-control" name="oidc_oauth_account_description_property" id="oidc_oauth_account_description_property" placeholder="e.g. account_description" data-error="Please input property containing account_description" value="{{ SETTING.get('oidc_oauth_account_description_property') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset>
<div class="form-group"> <div class="form-group">
<button type="submit" class="btn btn-flat btn-primary">Save</button> <button type="submit" class="btn btn-flat btn-primary">Save</button>
</div> </div>