mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-04 11:05:32 +00:00
Merge pull request #1432 from PowerDNS-Admin/1431-feature-add-oauth-setting-for-jwks-url
Feature: Added new JWKS URL setting for each OAuth provider
This commit is contained in:
commit
7ce1f09522
@ -28,7 +28,7 @@ class Setting(db.Model):
|
||||
'allow_user_create_domain': False,
|
||||
'allow_user_remove_domain': False,
|
||||
'allow_user_view_history': False,
|
||||
'delete_sso_accounts': False,
|
||||
'delete_sso_accounts': False,
|
||||
'bg_domain_updates': False,
|
||||
'enable_api_rr_history': True,
|
||||
'preserve_history': False,
|
||||
@ -44,7 +44,7 @@ class Setting(db.Model):
|
||||
'local_db_enabled': True,
|
||||
'signup_enabled': True,
|
||||
'autoprovisioning': False,
|
||||
'urn_value':'',
|
||||
'urn_value': '',
|
||||
'autoprovisioning_attribute': '',
|
||||
'purge': False,
|
||||
'verify_user_email': False,
|
||||
@ -69,15 +69,17 @@ class Setting(db.Model):
|
||||
'github_oauth_scope': 'email',
|
||||
'github_oauth_api_url': 'https://api.github.com/user',
|
||||
'github_oauth_token_url':
|
||||
'https://github.com/login/oauth/access_token',
|
||||
'https://github.com/login/oauth/access_token',
|
||||
'github_oauth_authorize_url':
|
||||
'https://github.com/login/oauth/authorize',
|
||||
'https://github.com/login/oauth/authorize',
|
||||
'github_oauth_jwks_url': '',
|
||||
'google_oauth_enabled': False,
|
||||
'google_oauth_client_id': '',
|
||||
'google_oauth_client_secret': '',
|
||||
'google_token_url': 'https://oauth2.googleapis.com/token',
|
||||
'google_oauth_scope': 'openid email profile',
|
||||
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
|
||||
'google_oauth_jwks_url': '',
|
||||
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
|
||||
'azure_oauth_enabled': False,
|
||||
'azure_oauth_key': '',
|
||||
@ -85,9 +87,10 @@ class Setting(db.Model):
|
||||
'azure_oauth_scope': 'User.Read openid email profile',
|
||||
'azure_oauth_api_url': 'https://graph.microsoft.com/v1.0/',
|
||||
'azure_oauth_token_url':
|
||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
|
||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
|
||||
'azure_oauth_authorize_url':
|
||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
|
||||
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
|
||||
'azure_oauth_jwks_url': '',
|
||||
'azure_sg_enabled': False,
|
||||
'azure_admin_group': '',
|
||||
'azure_operator_group': '',
|
||||
@ -104,6 +107,7 @@ class Setting(db.Model):
|
||||
'oidc_oauth_api_url': '',
|
||||
'oidc_oauth_token_url': '',
|
||||
'oidc_oauth_authorize_url': '',
|
||||
'oidc_oauth_jwks_url': '',
|
||||
'oidc_oauth_metadata_url': '',
|
||||
'oidc_oauth_logout_url': '',
|
||||
'oidc_oauth_username': 'preferred_username',
|
||||
@ -284,7 +288,7 @@ class Setting(db.Model):
|
||||
result = self.query.filter(Setting.name == setting).first()
|
||||
|
||||
if result is not None:
|
||||
if hasattr(result,'value'):
|
||||
if hasattr(result, 'value'):
|
||||
result = result.value
|
||||
return strtobool(result) if result in [
|
||||
'True', 'False'
|
||||
|
@ -1642,6 +1642,8 @@ def setting_authentication():
|
||||
request.form.get('google_oauth_scope'))
|
||||
Setting().set('google_authorize_url',
|
||||
request.form.get('google_authorize_url'))
|
||||
Setting().set('google_oauth_jwks_url',
|
||||
request.form.get('google_oauth_jwks_url'))
|
||||
Setting().set('google_base_url',
|
||||
request.form.get('google_base_url'))
|
||||
result = {
|
||||
@ -1673,6 +1675,8 @@ def setting_authentication():
|
||||
request.form.get('github_oauth_token_url'))
|
||||
Setting().set('github_oauth_authorize_url',
|
||||
request.form.get('github_oauth_authorize_url'))
|
||||
Setting().set('github_oauth_jwks_url',
|
||||
request.form.get('github_oauth_jwks_url'))
|
||||
result = {
|
||||
'status': True,
|
||||
'msg':
|
||||
@ -1702,6 +1706,8 @@ def setting_authentication():
|
||||
request.form.get('azure_oauth_token_url'))
|
||||
Setting().set('azure_oauth_authorize_url',
|
||||
request.form.get('azure_oauth_authorize_url'))
|
||||
Setting().set('azure_oauth_jwks_url',
|
||||
request.form.get('azure_oauth_jwks_url'))
|
||||
Setting().set(
|
||||
'azure_sg_enabled', True
|
||||
if request.form.get('azure_sg_enabled') == 'ON' else False)
|
||||
@ -1753,6 +1759,8 @@ def setting_authentication():
|
||||
request.form.get('oidc_oauth_token_url'))
|
||||
Setting().set('oidc_oauth_authorize_url',
|
||||
request.form.get('oidc_oauth_authorize_url'))
|
||||
Setting().set('oidc_oauth_jwks_url',
|
||||
request.form.get('oidc_oauth_jwks_url'))
|
||||
Setting().set('oidc_oauth_metadata_url',
|
||||
request.form.get('oidc_oauth_metadata_url'))
|
||||
Setting().set('oidc_oauth_logout_url',
|
||||
|
@ -23,6 +23,7 @@ def azure_oauth():
|
||||
request_token_url=None,
|
||||
access_token_url=Setting().get('azure_oauth_token_url'),
|
||||
authorize_url=Setting().get('azure_oauth_authorize_url'),
|
||||
jwks_url=Setting().get('azure_oauth_jwks_url'),
|
||||
client_kwargs={'scope': Setting().get('azure_oauth_scope')},
|
||||
fetch_token=fetch_azure_token,
|
||||
)
|
||||
|
@ -24,6 +24,7 @@ def github_oauth():
|
||||
request_token_url=None,
|
||||
access_token_url=Setting().get('github_oauth_token_url'),
|
||||
authorize_url=Setting().get('github_oauth_authorize_url'),
|
||||
jwks_url=Setting().get('github_oauth_jwks_url'),
|
||||
client_kwargs={'scope': Setting().get('github_oauth_scope')},
|
||||
fetch_token=fetch_github_token,
|
||||
update_token=update_token)
|
||||
|
@ -23,6 +23,7 @@ def google_oauth():
|
||||
request_token_url=None,
|
||||
access_token_url=Setting().get('google_token_url'),
|
||||
authorize_url=Setting().get('google_authorize_url'),
|
||||
jwks_url=Setting().get('google_oauth_jwks_url'),
|
||||
client_kwargs={'scope': Setting().get('google_oauth_scope')},
|
||||
fetch_token=fetch_google_token,
|
||||
update_token=update_token)
|
||||
|
@ -23,6 +23,7 @@ def oidc_oauth():
|
||||
request_token_url=None,
|
||||
access_token_url=Setting().get('oidc_oauth_token_url'),
|
||||
authorize_url=Setting().get('oidc_oauth_authorize_url'),
|
||||
jwks_url=Setting().get('oidc_oauth_jwks_url'),
|
||||
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
|
||||
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
|
||||
fetch_token=fetch_oidc_token,
|
||||
|
@ -663,6 +663,17 @@
|
||||
value="{{ SETTING.get('google_authorize_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="google_oauth_jwks_url">JWKS
|
||||
URL</label>
|
||||
<input type="text" class="form-control"
|
||||
name="google_oauth_jwks_url"
|
||||
id="google_oauth_jwks_url"
|
||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
||||
data-error="Please input JWKS URL"
|
||||
value="{{ SETTING.get('google_oauth_jwks_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="google_base_url">Base URL</label>
|
||||
<input type="text" class="form-control"
|
||||
@ -791,10 +802,21 @@
|
||||
name="github_oauth_authorize_url"
|
||||
id="github_oauth_authorize_url"
|
||||
placeholder="e.g. https://github.com/login/oauth/authorize"
|
||||
data-error="Plesae input Authorize URL"
|
||||
data-error="Please input Authorize URL"
|
||||
value="{{ SETTING.get('github_oauth_authorize_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="github_oauth_jwks_url">JWKS
|
||||
URL</label>
|
||||
<input type="text" class="form-control"
|
||||
name="github_oauth_jwks_url"
|
||||
id="github_oauth_jwks_url"
|
||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
||||
data-error="Please input JWKS URL"
|
||||
value="{{ SETTING.get('github_oauth_jwks_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
</div>
|
||||
<!-- /.card-body -->
|
||||
@ -915,6 +937,17 @@
|
||||
value="{{ SETTING.get('azure_oauth_authorize_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="azure_oauth_jwks_url">JWKS
|
||||
URL</label>
|
||||
<input type="text" class="form-control"
|
||||
name="azure_oauth_jwks_url"
|
||||
id="azure_oauth_jwks_url"
|
||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
||||
data-error="Please input JWKS URL"
|
||||
value="{{ SETTING.get('azure_oauth_jwks_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>GROUP SECURITY</legend>
|
||||
@ -1206,10 +1239,21 @@
|
||||
name="oidc_oauth_authorize_url"
|
||||
id="oidc_oauth_authorize_url"
|
||||
placeholder="e.g. https://oidc.com/login/oauth/authorize"
|
||||
data-error="Plesae input Authorize URL"
|
||||
data-error="Please input Authorize URL"
|
||||
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="oidc_oauth_jwks_url">JWKS
|
||||
URL</label>
|
||||
<input type="text" class="form-control"
|
||||
name="oidc_oauth_jwks_url"
|
||||
id="oidc_oauth_jwks_url"
|
||||
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
|
||||
data-error="Please input JWKS URL"
|
||||
value="{{ SETTING.get('oidc_oauth_jwks_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="oidc_oauth_metadata_url">Metadata
|
||||
URL</label>
|
||||
@ -1217,7 +1261,7 @@
|
||||
name="oidc_oauth_metadata_url"
|
||||
id="oidc_oauth_metadata_url"
|
||||
placeholder="e.g. https://oidc.com/login/oauth/.well-known/openid-configuration"
|
||||
data-error="Plesae input Metadata URL"
|
||||
data-error="Please input Metadata URL"
|
||||
value="{{ SETTING.get('oidc_oauth_metadata_url') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
@ -1270,7 +1314,7 @@
|
||||
<input type="text" class="form-control"
|
||||
name="oidc_oauth_email" id="oidc_oauth_email"
|
||||
placeholder="e.g. email"
|
||||
data-error="Plesae input Email claim"
|
||||
data-error="Please input Email claim"
|
||||
value="{{ SETTING.get('oidc_oauth_email') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user