mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
migrated to authlib
This commit is contained in:
parent
396ce14b9f
commit
8a20d3f2d8
@ -3,7 +3,6 @@ from flask import Flask, request, session, redirect, url_for
|
||||
from flask_login import LoginManager
|
||||
from flask_sqlalchemy import SQLAlchemy as SA
|
||||
from flask_migrate import Migrate
|
||||
from flask_oauthlib.client import OAuth
|
||||
from authlib.flask.client import OAuth as AuthlibOAuth
|
||||
from sqlalchemy.exc import OperationalError
|
||||
|
||||
@ -30,7 +29,6 @@ login_manager = LoginManager()
|
||||
login_manager.init_app(app)
|
||||
db = SQLAlchemy(app) # database
|
||||
migrate = Migrate(app, db) # flask-migrate
|
||||
oauth_client = OAuth(app) # oauth
|
||||
authlib_oauth_client = AuthlibOAuth(app) # authlib oauth
|
||||
|
||||
if app.config.get('SAML_ENABLED') and app.config.get('SAML_ENCRYPT'):
|
||||
|
@ -1836,10 +1836,10 @@ class Setting(db.Model):
|
||||
'google_oauth_enabled': False,
|
||||
'google_oauth_client_id':'',
|
||||
'google_oauth_client_secret':'',
|
||||
'google_token_url': 'https://accounts.google.com/o/oauth2/token',
|
||||
'google_token_params': {'scope': 'email profile'},
|
||||
'google_authorize_url':'https://accounts.google.com/o/oauth2/auth',
|
||||
'google_base_url':'https://www.googleapis.com/oauth2/v1/',
|
||||
'google_token_url': 'https://oauth2.googleapis.com/token',
|
||||
'google_oauth_scope': 'openid email profile',
|
||||
'google_authorize_url':'https://accounts.google.com/o/oauth2/v2/auth',
|
||||
'google_base_url':'https://www.googleapis.com/oauth2/v3/',
|
||||
'oidc_oauth_enabled': False,
|
||||
'oidc_oauth_key': '',
|
||||
'oidc_oauth_secret': '',
|
||||
|
55
app/oauth.py
55
app/oauth.py
@ -1,44 +1,44 @@
|
||||
from ast import literal_eval
|
||||
from flask import request, session, redirect, url_for
|
||||
|
||||
from app import app, oauth_client, authlib_oauth_client
|
||||
from app import app, authlib_oauth_client
|
||||
from app.models import Setting
|
||||
|
||||
# TODO:
|
||||
# - Replace Flask-OAuthlib by authlib
|
||||
# - Fix github/google enabling (Currently need to reload the flask app)
|
||||
|
||||
def github_oauth():
|
||||
if not Setting().get('github_oauth_enabled'):
|
||||
return None
|
||||
|
||||
github = oauth_client.remote_app(
|
||||
def fetch_github_token():
|
||||
return session.get('github_token')
|
||||
|
||||
github = authlib_oauth_client.register(
|
||||
'github',
|
||||
consumer_key = Setting().get('github_oauth_key'),
|
||||
consumer_secret = Setting().get('github_oauth_secret'),
|
||||
client_id = Setting().get('github_oauth_key'),
|
||||
client_secret = Setting().get('github_oauth_secret'),
|
||||
request_token_params = {'scope': Setting().get('github_oauth_scope')},
|
||||
base_url = Setting().get('github_oauth_api_url'),
|
||||
api_base_url = Setting().get('github_oauth_api_url'),
|
||||
request_token_url = None,
|
||||
access_token_method = 'POST',
|
||||
access_token_url = Setting().get('github_oauth_token_url'),
|
||||
authorize_url = Setting().get('github_oauth_authorize_url')
|
||||
authorize_url = Setting().get('github_oauth_authorize_url'),
|
||||
client_kwargs={'scope': Setting().get('github_oauth_scope')},
|
||||
fetch_token=fetch_github_token,
|
||||
)
|
||||
|
||||
@app.route('/github/authorized')
|
||||
def github_authorized():
|
||||
session['github_oauthredir'] = url_for('.github_authorized', _external=True)
|
||||
resp = github.authorized_response()
|
||||
if resp is None:
|
||||
token = github.authorize_access_token()
|
||||
if token is None:
|
||||
return 'Access denied: reason=%s error=%s' % (
|
||||
request.args['error'],
|
||||
request.args['error_description']
|
||||
)
|
||||
session['github_token'] = (resp['access_token'], '')
|
||||
session['github_token'] = (token)
|
||||
return redirect(url_for('.login'))
|
||||
|
||||
@github.tokengetter
|
||||
def get_github_oauth_token():
|
||||
return session.get('github_token')
|
||||
|
||||
return github
|
||||
|
||||
@ -47,33 +47,34 @@ def google_oauth():
|
||||
if not Setting().get('google_oauth_enabled'):
|
||||
return None
|
||||
|
||||
google = oauth_client.remote_app(
|
||||
def fetch_google_token():
|
||||
return session.get('google_token')
|
||||
print("afkafna")
|
||||
|
||||
google = authlib_oauth_client.register(
|
||||
'google',
|
||||
consumer_key=Setting().get('google_oauth_client_id'),
|
||||
consumer_secret=Setting().get('google_oauth_client_secret'),
|
||||
request_token_params=literal_eval(Setting().get('google_token_params')),
|
||||
base_url=Setting().get('google_base_url'),
|
||||
client_id=Setting().get('google_oauth_client_id'),
|
||||
client_secret=Setting().get('google_oauth_client_secret'),
|
||||
api_base_url=Setting().get('google_base_url'),
|
||||
request_token_url=None,
|
||||
access_token_method='POST',
|
||||
access_token_url=Setting().get('google_token_url'),
|
||||
authorize_url=Setting().get('google_authorize_url'),
|
||||
client_kwargs={'scope': Setting().get('google_oauth_scope')},
|
||||
fetch_token=fetch_google_token,
|
||||
)
|
||||
|
||||
@app.route('/google/authorized')
|
||||
def google_authorized():
|
||||
resp = google.authorized_response()
|
||||
if resp is None:
|
||||
session['google_oauthredir'] = url_for('.google_authorized', _external=True)
|
||||
token = google.authorize_access_token()
|
||||
if token is None:
|
||||
return 'Access denied: reason=%s error=%s' % (
|
||||
request.args['error_reason'],
|
||||
request.args['error_description']
|
||||
)
|
||||
session['google_token'] = (resp['access_token'], '')
|
||||
session['google_token'] = (token)
|
||||
return redirect(url_for('.login'))
|
||||
|
||||
@google.tokengetter
|
||||
def get_google_oauth_token():
|
||||
return session.get('google_token')
|
||||
|
||||
return google
|
||||
|
||||
def oidc_oauth():
|
||||
|
@ -245,8 +245,8 @@
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="google_token_params">Token params</label>
|
||||
<input type="text" class="form-control" name="google_token_params" id="google_token_params" placeholder="e.g. {'scope': 'email profile'}" data-error="Please input token params" value="{{ SETTING.get('google_token_params') }}">
|
||||
<label for="google_oauth_scope">Scope</label>
|
||||
<input type="text" class="form-control" name="google_oauth_scope" id="google_oauth_scope" placeholder="e.g. email profile" data-error="Please input scope" value="{{ SETTING.get('google_oauth_scope') }}">
|
||||
<span class="help-block with-errors"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
@ -496,14 +496,14 @@
|
||||
$('#google_oauth_client_id').prop('required', true);
|
||||
$('#google_oauth_client_secret').prop('required', true);
|
||||
$('#google_token_url').prop('required', true);
|
||||
$('#google_token_params').prop('required', true);
|
||||
$('#google_oauth_scope').prop('required', true);
|
||||
$('#google_authorize_url').prop('required', true);
|
||||
$('#google_base_url').prop('required', true);
|
||||
} else {
|
||||
$('#google_oauth_client_id').prop('required', false);
|
||||
$('#google_oauth_client_secret').prop('required', false);
|
||||
$('#google_token_url').prop('required', false);
|
||||
$('#google_token_params').prop('required', false);
|
||||
$('#google_oauth_scope').prop('required', false);
|
||||
$('#google_authorize_url').prop('required', false);
|
||||
$('#google_base_url').prop('required', false);
|
||||
}
|
||||
@ -514,7 +514,7 @@
|
||||
$('#google_oauth_client_id').prop('required', true);
|
||||
$('#google_oauth_client_secret').prop('required', true);
|
||||
$('#google_token_url').prop('required', true);
|
||||
$('#google_token_params').prop('required', true);
|
||||
$('#google_oauth_scope').prop('required', true);
|
||||
$('#google_authorize_url').prop('required', true);
|
||||
$('#google_base_url').prop('required', true);
|
||||
{% endif %}
|
||||
|
17
app/views.py
17
app/views.py
@ -163,7 +163,8 @@ def google_login():
|
||||
logging.error('Google OAuth is disabled or you have not yet reloaded the pda application after enabling.')
|
||||
return abort(400)
|
||||
else:
|
||||
return google.authorize(callback=url_for('google_authorized', _external=True))
|
||||
redirect_uri = url_for('google_authorized', _external=True)
|
||||
return google.authorize_redirect(redirect_uri)
|
||||
|
||||
|
||||
@app.route('/github/login')
|
||||
@ -172,7 +173,8 @@ def github_login():
|
||||
logging.error('Github OAuth is disabled or you have not yet reloaded the pda application after enabling.')
|
||||
return abort(400)
|
||||
else:
|
||||
return github.authorize(callback=url_for('github_authorized', _external=True))
|
||||
redirect_uri = url_for('github_authorized', _external=True)
|
||||
return github.authorize_redirect(redirect_uri)
|
||||
|
||||
@app.route('/oidc/login')
|
||||
def oidc_login():
|
||||
@ -306,11 +308,13 @@ def login():
|
||||
return redirect(url_for('dashboard'))
|
||||
|
||||
if 'google_token' in session:
|
||||
user_data = google.get('userinfo').data
|
||||
user_data = json.loads(google.get('userinfo').text)
|
||||
first_name = user_data['given_name']
|
||||
surname = user_data['family_name']
|
||||
email = user_data['email']
|
||||
user = User.query.filter_by(username=email).first()
|
||||
if user == None:
|
||||
user = User.query.filter_by(email=email).first()
|
||||
if not user:
|
||||
user = User(username=email,
|
||||
firstname=first_name,
|
||||
@ -329,13 +333,14 @@ def login():
|
||||
return redirect(url_for('index'))
|
||||
|
||||
if 'github_token' in session:
|
||||
me = github.get('user').data
|
||||
|
||||
me = json.loads(github.get('user').text)
|
||||
github_username = me['login']
|
||||
github_name = me['name']
|
||||
github_email = me['email']
|
||||
|
||||
user = User.query.filter_by(username=github_username).first()
|
||||
if user == None:
|
||||
user = User.query.filter_by(email=github_email).first()
|
||||
if not user:
|
||||
user = User(username=github_username,
|
||||
plain_text_password=None,
|
||||
@ -1532,7 +1537,7 @@ def admin_setting_authentication():
|
||||
Setting().set('google_oauth_client_id', request.form.get('google_oauth_client_id'))
|
||||
Setting().set('google_oauth_client_secret', request.form.get('google_oauth_client_secret'))
|
||||
Setting().set('google_token_url', request.form.get('google_token_url'))
|
||||
Setting().set('google_token_params', request.form.get('google_token_params'))
|
||||
Setting().set('google_oauth_scope', request.form.get('google_oauth_scope'))
|
||||
Setting().set('google_authorize_url', request.form.get('google_authorize_url'))
|
||||
Setting().set('google_base_url', request.form.get('google_base_url'))
|
||||
result = {'status': True, 'msg': 'Saved successfully. Please reload PDA to take effect.'}
|
||||
|
@ -1,7 +1,6 @@
|
||||
Flask==1.0.2
|
||||
Flask-Assets==0.12
|
||||
Flask-Login==0.4.1
|
||||
Flask-OAuthlib==0.9.4
|
||||
Flask-SQLAlchemy==2.3.2
|
||||
Flask-Migrate==2.2.1
|
||||
SQLAlchemy==1.2.5
|
||||
|
Loading…
Reference in New Issue
Block a user