cwinfo/powerdns-admin
4
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-07-05 13:44:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

OIDC (#1)

Browse Source 
Implemented OIDC using authlib
This commit is contained in:
Chris Pritchard
2018-10-21 23:38:12 +01:00
committed by GitHub
parent 4540d9a293
commit 396ce14b9f
8 changed files with 189 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
app/views.py
View File

@ -4,6 +4,7 @@ import os
import traceback
import re
import datetime
import json
from distutils.util import strtobool
from distutils.version import StrictVersion
from functools import wraps
@ -19,7 +20,7 @@ from werkzeug import secure_filename
from .models import User, Account, Domain, Record, Role, Server, History, Anonymous, Setting, DomainSetting, DomainTemplate, DomainTemplateRecord
from app import app, login_manager
from app.lib import utils
from app.oauth import github_oauth, google_oauth
from app.oauth import github_oauth, google_oauth, oidc_oauth
from app.decorators import admin_role_required, operator_role_required, can_access_domain, can_configure_dnssec, can_create_domain
if app.config['SAML_ENABLED']:
@ -53,8 +54,10 @@ def inject_setting():
def register_modules():
global google
global github
global oidc
google = google_oauth()
github = github_oauth()
oidc = oidc_oauth()
# START USER AUTHENTICATION HANDLER
@ -171,6 +174,15 @@ def github_login():
else:
return github.authorize(callback=url_for('github_authorized', _external=True))
@app.route('/oidc/login')
def oidc_login():
if not Setting().get('oidc_oauth_enabled') or oidc is None:
logging.error('OIDC OAuth is disabled or you have not yet reloaded the pda application after enabling.')
return abort(400)
else:
redirect_uri = url_for('oidc_authorized', _external=True)
return oidc.authorize_redirect(redirect_uri)
@app.route('/saml/login')
def saml_login():
@ -341,6 +353,31 @@ def login():
login_user(user, remember = False)
return redirect(url_for('index'))
if 'oidc_token' in session:
me = json.loads(oidc.get('userinfo').text)
oidc_username = me["preferred_username"]
oidc_givenname = me["name"]
oidc_familyname = ""
oidc_email = me["email"]
user = User.query.filter_by(username=oidc_username).first()
if not user:
user = User(username=oidc_username,
plain_text_password=None,
firstname=oidc_givenname,
lastname=oidc_familyname,
email=oidc_email)
result = user.create_local_user()
if not result['status']:
session.pop('oidc_token', None)
return redirect(url_for('login'))
session['user_id'] = user.id
session['authentication_type'] = 'OAuth'
login_user(user, remember = False)
return redirect(url_for('index'))
if request.method == 'GET':
return render_template('login.html', saml_enabled=SAML_ENABLED)
@ -1508,6 +1545,15 @@ def admin_setting_authentication():
Setting().set('github_oauth_token_url', request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url', request.form.get('github_oauth_authorize_url'))
result = {'status': True, 'msg': 'Saved successfully. Please reload PDA to take effect.'}
elif conf_type == 'oidc':
Setting().set('oidc_oauth_enabled', True if request.form.get('oidc_oauth_enabled') else False)
Setting().set('oidc_oauth_key', request.form.get('oidc_oauth_key'))
Setting().set('oidc_oauth_secret', request.form.get('oidc_oauth_secret'))
Setting().set('oidc_oauth_scope', request.form.get('oidc_oauth_scope'))
Setting().set('oidc_oauth_api_url', request.form.get('oidc_oauth_api_url'))
Setting().set('oidc_oauth_token_url', request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url', request.form.get('oidc_oauth_authorize_url'))
result = {'status': True, 'msg': 'Saved successfully. Please reload PDA to take effect.'}
else:
return abort(400)