Merge pull request #1335 from ymage/add_oidc_env_vars_and_metadata_url

Add OIDC env vars and set SAML_ENABLED as False if unset
This commit is contained in:
Matt Scott 2023-02-23 21:27:29 -05:00 committed by GitHub
commit e00f3ec47e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 4 deletions

View File

@ -8,10 +8,19 @@ FILESYSTEM_SESSIONS_ENABLED = True
legal_envvars = ( legal_envvars = (
'SECRET_KEY', 'SECRET_KEY',
'OIDC_OAUTH_ENABLED',
'OIDC_OAUTH_KEY',
'OIDC_OAUTH_SECRET',
'OIDC_OAUTH_API_URL', 'OIDC_OAUTH_API_URL',
'OIDC_OAUTH_TOKEN_URL', 'OIDC_OAUTH_TOKEN_URL',
'OIDC_OAUTH_AUTHORIZE_URL', 'OIDC_OAUTH_AUTHORIZE_URL',
'OIDC_OAUTH_METADATA_URL', 'OIDC_OAUTH_METADATA_URL',
'OIDC_OAUTH_LOGOUT_URL',
'OIDC_OAUTH_SCOPE',
'OIDC_OAUTH_USERNAME',
'OIDC_OAUTH_FIRSTNAME',
'OIDC_OAUTH_LAST_NAME',
'OIDC_OAUTH_EMAIL',
'BIND_ADDRESS', 'BIND_ADDRESS',
'PORT', 'PORT',
'LOG_LEVEL', 'LOG_LEVEL',
@ -73,6 +82,7 @@ legal_envvars_bool = (
'MAIL_DEBUG', 'MAIL_DEBUG',
'MAIL_USE_TLS', 'MAIL_USE_TLS',
'MAIL_USE_SSL', 'MAIL_USE_SSL',
'OIDC_OAUTH_ENABLED',
'SAML_ENABLED', 'SAML_ENABLED',
'SAML_DEBUG', 'SAML_DEBUG',
'SAML_SIGN_REQUEST', 'SAML_SIGN_REQUEST',

View File

@ -140,7 +140,7 @@ def oidc_login():
@index_bp.route('/login', methods=['GET', 'POST']) @index_bp.route('/login', methods=['GET', 'POST'])
def login(): def login():
SAML_ENABLED = current_app.config.get('SAML_ENABLED') SAML_ENABLED = current_app.config.get('SAML_ENABLED', False)
if g.user is not None and current_user.is_authenticated: if g.user is not None and current_user.is_authenticated:
return redirect(url_for('dashboard.dashboard')) return redirect(url_for('dashboard.dashboard'))
@ -956,7 +956,7 @@ def dyndns_update():
### START SAML AUTHENTICATION ### ### START SAML AUTHENTICATION ###
@index_bp.route('/saml/login') @index_bp.route('/saml/login')
def saml_login(): def saml_login():
if not current_app.config.get('SAML_ENABLED'): if not current_app.config.get('SAML_ENABLED', False):
abort(400) abort(400)
from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.utils import OneLogin_Saml2_Utils
req = saml.prepare_flask_request(request) req = saml.prepare_flask_request(request)
@ -968,7 +968,7 @@ def saml_login():
@index_bp.route('/saml/metadata') @index_bp.route('/saml/metadata')
def saml_metadata(): def saml_metadata():
if not current_app.config.get('SAML_ENABLED'): if not current_app.config.get('SAML_ENABLED', False):
current_app.logger.error("SAML authentication is disabled.") current_app.logger.error("SAML authentication is disabled.")
abort(400) abort(400)
from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.utils import OneLogin_Saml2_Utils
@ -990,7 +990,7 @@ def saml_metadata():
@csrf.exempt @csrf.exempt
def saml_authorized(): def saml_authorized():
errors = [] errors = []
if not current_app.config.get('SAML_ENABLED'): if not current_app.config.get('SAML_ENABLED', False):
current_app.logger.error("SAML authentication is disabled.") current_app.logger.error("SAML authentication is disabled.")
abort(400) abort(400)
from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.utils import OneLogin_Saml2_Utils