diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py index 48f929f..dedaaab 100644 --- a/powerdnsadmin/models/setting.py +++ b/powerdnsadmin/models/setting.py @@ -73,7 +73,6 @@ class Setting(db.Model): 'https://github.com/login/oauth/access_token', 'github_oauth_authorize_url': 'https://github.com/login/oauth/authorize', - 'github_oauth_jwks_url': '', 'github_oauth_metadata_url': '', 'google_oauth_enabled': False, 'google_oauth_client_id': '', @@ -81,7 +80,6 @@ class Setting(db.Model): 'google_token_url': 'https://oauth2.googleapis.com/token', 'google_oauth_scope': 'openid email profile', 'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth', - 'google_oauth_jwks_url': '', 'google_oauth_metadata_url': '', 'google_base_url': 'https://www.googleapis.com/oauth2/v3/', 'azure_oauth_enabled': False, @@ -93,7 +91,6 @@ class Setting(db.Model): 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token', 'azure_oauth_authorize_url': 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize', - 'azure_oauth_jwks_url': '', 'azure_oauth_metadata_url': '', 'azure_sg_enabled': False, 'azure_admin_group': '', @@ -111,7 +108,6 @@ class Setting(db.Model): 'oidc_oauth_api_url': '', 'oidc_oauth_token_url': '', 'oidc_oauth_authorize_url': '', - 'oidc_oauth_jwks_url': '', 'oidc_oauth_metadata_url': '', 'oidc_oauth_logout_url': '', 'oidc_oauth_username': 'preferred_username', diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py index 36b1eb4..fa0aa38 100644 --- a/powerdnsadmin/routes/admin.py +++ b/powerdnsadmin/routes/admin.py @@ -1659,8 +1659,6 @@ def setting_authentication(): request.form.get('google_oauth_scope')) Setting().set('google_authorize_url', request.form.get('google_authorize_url')) - Setting().set('google_oauth_jwks_url', - request.form.get('google_oauth_jwks_url')) Setting().set('google_base_url', request.form.get('google_base_url')) result = { @@ -1694,8 +1692,6 @@ def setting_authentication(): request.form.get('github_oauth_token_url')) Setting().set('github_oauth_authorize_url', request.form.get('github_oauth_authorize_url')) - Setting().set('github_oauth_jwks_url', - request.form.get('github_oauth_jwks_url')) result = { 'status': True, 'msg': @@ -1727,8 +1723,6 @@ def setting_authentication(): request.form.get('azure_oauth_token_url')) Setting().set('azure_oauth_authorize_url', request.form.get('azure_oauth_authorize_url')) - Setting().set('azure_oauth_jwks_url', - request.form.get('azure_oauth_jwks_url')) Setting().set( 'azure_sg_enabled', True if request.form.get('azure_sg_enabled') == 'ON' else False) @@ -1782,8 +1776,6 @@ def setting_authentication(): request.form.get('oidc_oauth_token_url')) Setting().set('oidc_oauth_authorize_url', request.form.get('oidc_oauth_authorize_url')) - Setting().set('oidc_oauth_jwks_url', - request.form.get('oidc_oauth_jwks_url')) Setting().set('oidc_oauth_logout_url', request.form.get('oidc_oauth_logout_url')) Setting().set('oidc_oauth_username', diff --git a/powerdnsadmin/routes/domain.py b/powerdnsadmin/routes/domain.py index 289926c..a6e8b8a 100644 --- a/powerdnsadmin/routes/domain.py +++ b/powerdnsadmin/routes/domain.py @@ -66,7 +66,7 @@ def domain(domain_name): current_app.logger.debug("Fetched rrsets: \n{}".format(pretty_json(rrsets))) # API server might be down, misconfigured - if not rrsets and domain.type != 'Slave': + if not rrsets and domain.type != 'slave': abort(500) quick_edit = Setting().get('record_quick_edit') diff --git a/powerdnsadmin/services/azure.py b/powerdnsadmin/services/azure.py index c1fb626..65f3bf3 100644 --- a/powerdnsadmin/services/azure.py +++ b/powerdnsadmin/services/azure.py @@ -15,18 +15,25 @@ def azure_oauth(): session['azure_token'] = token return token + authlib_params = { + 'client_id': Setting().get('azure_oauth_key'), + 'client_secret': Setting().get('azure_oauth_secret'), + 'api_base_url': Setting().get('azure_oauth_api_url'), + 'request_token_url': None, + 'access_token_url': Setting().get('azure_oauth_token_url'), + 'authorize_url': Setting().get('azure_oauth_authorize_url'), + 'client_kwargs': {'scope': Setting().get('azure_oauth_scope')}, + 'fetch_token': fetch_azure_token, + } + + server_metadata_url = Setting().get('azure_oauth_metadata_url') + + if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0: + authlib_params['server_metadata_url'] = server_metadata_url + azure = authlib_oauth_client.register( 'azure', - client_id=Setting().get('azure_oauth_key'), - client_secret=Setting().get('azure_oauth_secret'), - api_base_url=Setting().get('azure_oauth_api_url'), - request_token_url=None, - access_token_url=Setting().get('azure_oauth_token_url'), - authorize_url=Setting().get('azure_oauth_authorize_url'), - jwks_url=Setting().get('azure_oauth_jwks_url'), - server_metadata_url=Setting().get('azure_oauth_metadata_url'), - client_kwargs={'scope': Setting().get('azure_oauth_scope')}, - fetch_token=fetch_azure_token, + **authlib_params ) @current_app.route('/azure/authorized') diff --git a/powerdnsadmin/services/github.py b/powerdnsadmin/services/github.py index 13c2f00..ff4a20f 100644 --- a/powerdnsadmin/services/github.py +++ b/powerdnsadmin/services/github.py @@ -15,20 +15,28 @@ def github_oauth(): session['github_token'] = token return token + authlib_params = { + 'client_id': Setting().get('github_oauth_key'), + 'client_secret': Setting().get('github_oauth_secret'), + 'request_token_params': {'scope': Setting().get('github_oauth_scope')}, + 'api_base_url': Setting().get('github_oauth_api_url'), + 'request_token_url': None, + 'access_token_url': Setting().get('github_oauth_token_url'), + 'authorize_url': Setting().get('github_oauth_authorize_url'), + 'client_kwargs': {'scope': Setting().get('github_oauth_scope')}, + 'fetch_token': fetch_github_token, + 'update_token': update_token + } + + server_metadata_url = Setting().get('github_oauth_metadata_url') + + if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0: + authlib_params['server_metadata_url'] = server_metadata_url + github = authlib_oauth_client.register( 'github', - client_id=Setting().get('github_oauth_key'), - client_secret=Setting().get('github_oauth_secret'), - request_token_params={'scope': Setting().get('github_oauth_scope')}, - api_base_url=Setting().get('github_oauth_api_url'), - request_token_url=None, - access_token_url=Setting().get('github_oauth_token_url'), - authorize_url=Setting().get('github_oauth_authorize_url'), - jwks_url=Setting().get('github_oauth_jwks_url'), - server_metadata_url=Setting().get('github_oauth_metadata_url'), - client_kwargs={'scope': Setting().get('github_oauth_scope')}, - fetch_token=fetch_github_token, - update_token=update_token) + **authlib_params + ) @current_app.route('/github/authorized') def github_authorized(): diff --git a/powerdnsadmin/services/google.py b/powerdnsadmin/services/google.py index fc9af12..5604819 100644 --- a/powerdnsadmin/services/google.py +++ b/powerdnsadmin/services/google.py @@ -15,19 +15,27 @@ def google_oauth(): session['google_token'] = token return token + authlib_params = { + 'client_id': Setting().get('google_oauth_client_id'), + 'client_secret': Setting().get('google_oauth_client_secret'), + 'api_base_url': Setting().get('google_base_url'), + 'request_token_url': None, + 'access_token_url': Setting().get('google_token_url'), + 'authorize_url': Setting().get('google_authorize_url'), + 'client_kwargs': {'scope': Setting().get('google_oauth_scope')}, + 'fetch_token': fetch_google_token, + 'update_token': update_token + } + + server_metadata_url = Setting().get('google_oauth_metadata_url') + + if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0: + authlib_params['server_metadata_url'] = server_metadata_url + google = authlib_oauth_client.register( 'google', - client_id=Setting().get('google_oauth_client_id'), - client_secret=Setting().get('google_oauth_client_secret'), - api_base_url=Setting().get('google_base_url'), - request_token_url=None, - access_token_url=Setting().get('google_token_url'), - authorize_url=Setting().get('google_authorize_url'), - jwks_url=Setting().get('google_oauth_jwks_url'), - server_metadata_url=Setting().get('google_oauth_metadata_url'), - client_kwargs={'scope': Setting().get('google_oauth_scope')}, - fetch_token=fetch_google_token, - update_token=update_token) + **authlib_params + ) @current_app.route('/google/authorized') def google_authorized(): diff --git a/powerdnsadmin/services/oidc.py b/powerdnsadmin/services/oidc.py index 432457f..7b0cd46 100644 --- a/powerdnsadmin/services/oidc.py +++ b/powerdnsadmin/services/oidc.py @@ -15,19 +15,27 @@ def oidc_oauth(): session['oidc_token'] = token return token + authlib_params = { + 'client_id': Setting().get('oidc_oauth_key'), + 'client_secret': Setting().get('oidc_oauth_secret'), + 'api_base_url': Setting().get('oidc_oauth_api_url'), + 'request_token_url': None, + 'access_token_url': Setting().get('oidc_oauth_token_url'), + 'authorize_url': Setting().get('oidc_oauth_authorize_url'), + 'client_kwargs': {'scope': Setting().get('oidc_oauth_scope')}, + 'fetch_token': fetch_oidc_token, + 'update_token': update_token + } + + server_metadata_url = Setting().get('oidc_oauth_metadata_url') + + if isinstance(server_metadata_url, str) and len(server_metadata_url.strip()) > 0: + authlib_params['server_metadata_url'] = server_metadata_url + oidc = authlib_oauth_client.register( 'oidc', - client_id=Setting().get('oidc_oauth_key'), - client_secret=Setting().get('oidc_oauth_secret'), - api_base_url=Setting().get('oidc_oauth_api_url'), - request_token_url=None, - access_token_url=Setting().get('oidc_oauth_token_url'), - authorize_url=Setting().get('oidc_oauth_authorize_url'), - jwks_url=Setting().get('oidc_oauth_jwks_url'), - server_metadata_url=Setting().get('oidc_oauth_metadata_url'), - client_kwargs={'scope': Setting().get('oidc_oauth_scope')}, - fetch_token=fetch_oidc_token, - update_token=update_token) + **authlib_params + ) @current_app.route('/oidc/authorized') def oidc_authorized(): diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html index c545958..cbe6800 100644 --- a/powerdnsadmin/templates/admin_setting_authentication.html +++ b/powerdnsadmin/templates/admin_setting_authentication.html @@ -806,17 +806,6 @@ value="{{ SETTING.get('google_authorize_url') }}"> -