cwinfo/powerdns-admin
4
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-06-15 12:36:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #800 from cyso/pr/oidc-account

Browse Source 
OIDC User and Account management during login
This commit is contained in:
Khanh Ngo
2020-10-10 14:32:14 +02:00
committed by GitHub
parent a679073928 f9f966df75
commit 55ad73d92e
5 changed files with 79 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
powerdnsadmin/routes/admin.py
View File

@ -953,6 +953,10 @@ def setting_authentication():
request.form.get('oidc_oauth_last_name'))
Setting().set('oidc_oauth_email',
request.form.get('oidc_oauth_email'))
Setting().set('oidc_oauth_account_name_property',
request.form.get('oidc_oauth_account_name_property'))
Setting().set('oidc_oauth_account_description_property',
request.form.get('oidc_oauth_account_description_property'))
result = {
'status': True,
'msg':

43
powerdnsadmin/routes/index.py
View File

@ -380,11 +380,28 @@ def login():
firstname=oidc_givenname,
lastname=oidc_familyname,
email=oidc_email)
result = user.create_local_user()
if not result['status']:
session.pop('oidc_token', None)
return redirect(url_for('index.login'))
else:
user.firstname = oidc_givenname
user.lastname = oidc_familyname
user.email = oidc_email
user.plain_text_password = None
result = user.update_local_user()
if not result['status']:
session.pop('oidc_token', None)
return redirect(url_for('index.login'))
if Setting().get('oidc_oauth_account_name_property') and Setting().get('oidc_oauth_account_description_property'):
name_prop = Setting().get('oidc_oauth_account_name_property')
desc_prop = Setting().get('oidc_oauth_account_description_property')
if name_prop in me and desc_prop in me:
account = handle_account(me[name_prop], me[desc_prop])
account.add_user(user)
user_accounts = user.get_accounts()
for ua in user_accounts:
if ua.name != account.name:
ua.remove_user(user)
session['user_id'] = user.id
session['authentication_type'] = 'OAuth'
@ -519,6 +536,13 @@ def logout():
session_index=session['samlSessionIndex'],
name_id=session['samlNameId']))
redirect_uri = url_for('index.login')
oidc_logout = Setting().get('oidc_oauth_logout_url')
if 'oidc_token' in session and oidc_logout:
redirect_uri = "{}?redirect_uri={}".format(
oidc_logout, url_for('index.login', _external=True))
# Clean cookies and flask session
clear_session()
@ -542,7 +566,7 @@ def logout():
return res
return redirect(url_for('index.login'))
return redirect(redirect_uri)
@index_bp.route('/register', methods=['GET', 'POST'])
@ -956,7 +980,7 @@ def create_group_to_account_mapping():
return group_to_account_mapping
def handle_account(account_name):
def handle_account(account_name, account_description=""):
clean_name = ''.join(c for c in account_name.lower()
if c in "abcdefghijklmnopqrstuvwxyz0123456789")
if len(clean_name) > Account.name.type.length:
@ -965,13 +989,16 @@ def handle_account(account_name):
account = Account.query.filter_by(name=clean_name).first()
if not account:
account = Account(name=clean_name.lower(),
description='',
description=account_description,
contact='',
mail='')
account.create_account()
history = History(msg='Account {0} created'.format(account.name),
created_by='SAML Assertion')
created_by='OIDC/SAML Assertion')
history.add()
else:
account.description = account_description
account.update_account()
return account