diff --git a/app/__init__.py b/app/__init__.py index fe9004b..3747067 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -3,7 +3,6 @@ from flask import Flask, request, session, redirect, url_for from flask_login import LoginManager from flask_sqlalchemy import SQLAlchemy as SA from flask_migrate import Migrate -from flask_oauthlib.client import OAuth from authlib.flask.client import OAuth as AuthlibOAuth from sqlalchemy.exc import OperationalError @@ -30,7 +29,6 @@ login_manager = LoginManager() login_manager.init_app(app) db = SQLAlchemy(app) # database migrate = Migrate(app, db) # flask-migrate -oauth_client = OAuth(app) # oauth authlib_oauth_client = AuthlibOAuth(app) # authlib oauth if app.config.get('SAML_ENABLED') and app.config.get('SAML_ENCRYPT'): diff --git a/app/models.py b/app/models.py index c2306f8..538a83f 100644 --- a/app/models.py +++ b/app/models.py @@ -1836,10 +1836,10 @@ class Setting(db.Model): 'google_oauth_enabled': False, 'google_oauth_client_id':'', 'google_oauth_client_secret':'', - 'google_token_url': 'https://accounts.google.com/o/oauth2/token', - 'google_token_params': {'scope': 'email profile'}, - 'google_authorize_url':'https://accounts.google.com/o/oauth2/auth', - 'google_base_url':'https://www.googleapis.com/oauth2/v1/', + 'google_token_url': 'https://oauth2.googleapis.com/token', + 'google_oauth_scope': 'openid email profile', + 'google_authorize_url':'https://accounts.google.com/o/oauth2/v2/auth', + 'google_base_url':'https://www.googleapis.com/oauth2/v3/', 'oidc_oauth_enabled': False, 'oidc_oauth_key': '', 'oidc_oauth_secret': '', diff --git a/app/oauth.py b/app/oauth.py index bb8e7a9..a578341 100644 --- a/app/oauth.py +++ b/app/oauth.py @@ -1,44 +1,44 @@ from ast import literal_eval from flask import request, session, redirect, url_for -from app import app, oauth_client, authlib_oauth_client +from app import app, authlib_oauth_client from app.models import Setting # TODO: -# - Replace Flask-OAuthlib by authlib # - Fix github/google enabling (Currently need to reload the flask app) def github_oauth(): if not Setting().get('github_oauth_enabled'): return None - github = oauth_client.remote_app( + def fetch_github_token(): + return session.get('github_token') + + github = authlib_oauth_client.register( 'github', - consumer_key = Setting().get('github_oauth_key'), - consumer_secret = Setting().get('github_oauth_secret'), + client_id = Setting().get('github_oauth_key'), + client_secret = Setting().get('github_oauth_secret'), request_token_params = {'scope': Setting().get('github_oauth_scope')}, - base_url = Setting().get('github_oauth_api_url'), + api_base_url = Setting().get('github_oauth_api_url'), request_token_url = None, - access_token_method = 'POST', access_token_url = Setting().get('github_oauth_token_url'), - authorize_url = Setting().get('github_oauth_authorize_url') + authorize_url = Setting().get('github_oauth_authorize_url'), + client_kwargs={'scope': Setting().get('github_oauth_scope')}, + fetch_token=fetch_github_token, ) @app.route('/github/authorized') def github_authorized(): session['github_oauthredir'] = url_for('.github_authorized', _external=True) - resp = github.authorized_response() - if resp is None: + token = github.authorize_access_token() + if token is None: return 'Access denied: reason=%s error=%s' % ( request.args['error'], request.args['error_description'] ) - session['github_token'] = (resp['access_token'], '') + session['github_token'] = (token) return redirect(url_for('.login')) - @github.tokengetter - def get_github_oauth_token(): - return session.get('github_token') return github @@ -47,33 +47,34 @@ def google_oauth(): if not Setting().get('google_oauth_enabled'): return None - google = oauth_client.remote_app( + def fetch_google_token(): + return session.get('google_token') + print("afkafna") + + google = authlib_oauth_client.register( 'google', - consumer_key=Setting().get('google_oauth_client_id'), - consumer_secret=Setting().get('google_oauth_client_secret'), - request_token_params=literal_eval(Setting().get('google_token_params')), - base_url=Setting().get('google_base_url'), + client_id=Setting().get('google_oauth_client_id'), + client_secret=Setting().get('google_oauth_client_secret'), + api_base_url=Setting().get('google_base_url'), request_token_url=None, - access_token_method='POST', access_token_url=Setting().get('google_token_url'), authorize_url=Setting().get('google_authorize_url'), + client_kwargs={'scope': Setting().get('google_oauth_scope')}, + fetch_token=fetch_google_token, ) @app.route('/google/authorized') def google_authorized(): - resp = google.authorized_response() - if resp is None: + session['google_oauthredir'] = url_for('.google_authorized', _external=True) + token = google.authorize_access_token() + if token is None: return 'Access denied: reason=%s error=%s' % ( request.args['error_reason'], request.args['error_description'] ) - session['google_token'] = (resp['access_token'], '') + session['google_token'] = (token) return redirect(url_for('.login')) - @google.tokengetter - def get_google_oauth_token(): - return session.get('google_token') - return google def oidc_oauth(): diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html index 605f3de..8566bb6 100644 --- a/app/templates/admin_setting_authentication.html +++ b/app/templates/admin_setting_authentication.html @@ -245,8 +245,8 @@