Merge pull request #1335 from ymage/add_oidc_env_vars_and_metadata_url

Add OIDC env vars and set SAML_ENABLED as False if unset
2024-11-08 14:40:27 +00:00 · 2023-02-23 21:27:29 -05:00 · 2023-02-23 21:27:29 -05:00 · e00f3ec47e
commit e00f3ec47e
parent 4a5b78c3ef 63db17ec21
2 changed files with 14 additions and 4 deletions
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@ -8,10 +8,19 @@ FILESYSTEM_SESSIONS_ENABLED = True

 legal_envvars = (
    'SECRET_KEY',
+    'OIDC_OAUTH_ENABLED',
+    'OIDC_OAUTH_KEY',
+    'OIDC_OAUTH_SECRET',
    'OIDC_OAUTH_API_URL',
    'OIDC_OAUTH_TOKEN_URL',
    'OIDC_OAUTH_AUTHORIZE_URL',
    'OIDC_OAUTH_METADATA_URL',
+    'OIDC_OAUTH_LOGOUT_URL',
+    'OIDC_OAUTH_SCOPE',
+    'OIDC_OAUTH_USERNAME',
+    'OIDC_OAUTH_FIRSTNAME',
+    'OIDC_OAUTH_LAST_NAME',
+    'OIDC_OAUTH_EMAIL',
    'BIND_ADDRESS',
    'PORT',
    'LOG_LEVEL',
@ -73,6 +82,7 @@ legal_envvars_bool = (
    'MAIL_DEBUG',
    'MAIL_USE_TLS',
    'MAIL_USE_SSL',
+    'OIDC_OAUTH_ENABLED',
    'SAML_ENABLED',
    'SAML_DEBUG',
    'SAML_SIGN_REQUEST',
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -140,7 +140,7 @@ def oidc_login():

@index_bp.route('/login', methods=['GET', 'POST'])
 def login():
-    SAML_ENABLED = current_app.config.get('SAML_ENABLED')
+    SAML_ENABLED = current_app.config.get('SAML_ENABLED', False)

    if g.user is not None and current_user.is_authenticated:
        return redirect(url_for('dashboard.dashboard'))
@ -956,7 +956,7 @@ def dyndns_update():
 ### START SAML AUTHENTICATION ###
@index_bp.route('/saml/login')
 def saml_login():
-    if not current_app.config.get('SAML_ENABLED'):
+    if not current_app.config.get('SAML_ENABLED', False):
        abort(400)
    from onelogin.saml2.utils import OneLogin_Saml2_Utils
    req = saml.prepare_flask_request(request)
@ -968,7 +968,7 @@ def saml_login():

@index_bp.route('/saml/metadata')
 def saml_metadata():
-    if not current_app.config.get('SAML_ENABLED'):
+    if not current_app.config.get('SAML_ENABLED', False):
        current_app.logger.error("SAML authentication is disabled.")
        abort(400)
    from onelogin.saml2.utils import OneLogin_Saml2_Utils
@ -990,7 +990,7 @@ def saml_metadata():
@csrf.exempt
 def saml_authorized():
    errors = []
-    if not current_app.config.get('SAML_ENABLED'):
+    if not current_app.config.get('SAML_ENABLED', False):
        current_app.logger.error("SAML authentication is disabled.")
        abort(400)
    from onelogin.saml2.utils import OneLogin_Saml2_Utils