diff --git a/configs/docker_config.py b/configs/docker_config.py index e780882..0d006bd 100644 --- a/configs/docker_config.py +++ b/configs/docker_config.py @@ -8,10 +8,19 @@ FILESYSTEM_SESSIONS_ENABLED = True legal_envvars = ( 'SECRET_KEY', + 'OIDC_OAUTH_ENABLED', + 'OIDC_OAUTH_KEY', + 'OIDC_OAUTH_SECRET', 'OIDC_OAUTH_API_URL', 'OIDC_OAUTH_TOKEN_URL', 'OIDC_OAUTH_AUTHORIZE_URL', 'OIDC_OAUTH_METADATA_URL', + 'OIDC_OAUTH_LOGOUT_URL', + 'OIDC_OAUTH_SCOPE', + 'OIDC_OAUTH_USERNAME', + 'OIDC_OAUTH_FIRSTNAME', + 'OIDC_OAUTH_LAST_NAME', + 'OIDC_OAUTH_EMAIL', 'BIND_ADDRESS', 'PORT', 'LOG_LEVEL', @@ -73,6 +82,7 @@ legal_envvars_bool = ( 'MAIL_DEBUG', 'MAIL_USE_TLS', 'MAIL_USE_SSL', + 'OIDC_OAUTH_ENABLED', 'SAML_ENABLED', 'SAML_DEBUG', 'SAML_SIGN_REQUEST', diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py index 14ad275..72305a6 100644 --- a/powerdnsadmin/routes/index.py +++ b/powerdnsadmin/routes/index.py @@ -140,7 +140,7 @@ def oidc_login(): @index_bp.route('/login', methods=['GET', 'POST']) def login(): - SAML_ENABLED = current_app.config.get('SAML_ENABLED') + SAML_ENABLED = current_app.config.get('SAML_ENABLED', False) if g.user is not None and current_user.is_authenticated: return redirect(url_for('dashboard.dashboard')) @@ -956,7 +956,7 @@ def dyndns_update(): ### START SAML AUTHENTICATION ### @index_bp.route('/saml/login') def saml_login(): - if not current_app.config.get('SAML_ENABLED'): + if not current_app.config.get('SAML_ENABLED', False): abort(400) from onelogin.saml2.utils import OneLogin_Saml2_Utils req = saml.prepare_flask_request(request) @@ -968,7 +968,7 @@ def saml_login(): @index_bp.route('/saml/metadata') def saml_metadata(): - if not current_app.config.get('SAML_ENABLED'): + if not current_app.config.get('SAML_ENABLED', False): current_app.logger.error("SAML authentication is disabled.") abort(400) from onelogin.saml2.utils import OneLogin_Saml2_Utils @@ -990,7 +990,7 @@ def saml_metadata(): @csrf.exempt def saml_authorized(): errors = [] - if not current_app.config.get('SAML_ENABLED'): + if not current_app.config.get('SAML_ENABLED', False): current_app.logger.error("SAML authentication is disabled.") abort(400) from onelogin.saml2.utils import OneLogin_Saml2_Utils