Merge branch 'master' into record_adjustment

2025-06-14 12:06:06 +00:00 · 2019-12-16 15:54:38 +07:00
parent 3196297f57 de581e9e1d
commit f5b88ebc73
6 changed files with 186 additions and 116 deletions
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -28,11 +28,13 @@ from ..services.google import google_oauth
 from ..services.github import github_oauth
 from ..services.azure import azure_oauth
 from ..services.oidc import oidc_oauth
+from ..services.saml import SAML

 google = None
 github = None
 azure = None
 oidc = None
+saml = None

 index_bp = Blueprint('index',
                     __name__,
@ -46,10 +48,12 @@ def register_modules():
    global github
    global azure
    global oidc
+    global saml
    google = google_oauth()
    github = github_oauth()
    azure = azure_oauth()
    oidc = oidc_oauth()
+    saml = SAML()


@index_bp.before_request
@ -351,8 +355,8 @@ def logout():
            'SAML_ENABLED'
    ) and 'samlSessionIndex' in session and current_app.config.get(
            'SAML_LOGOUT'):
-        req = utils.prepare_flask_request(request)
-        auth = utils.init_saml_auth(req)
+        req = saml.prepare_flask_request(request)
+        auth = saml.init_saml_auth(req)
        if current_app.config.get('SAML_LOGOUT_URL'):
            return redirect(
                auth.logout(
@ -579,10 +583,10 @@ def dyndns_update():
 def saml_login():
    if not current_app.config.get('SAML_ENABLED'):
        abort(400)
-    req = utils.prepare_flask_request(request)
-    auth = utils.init_saml_auth(req)
+    req = saml.prepare_flask_request(request)
+    auth = saml.init_saml_auth(req)
    redirect_url = OneLogin_Saml2_Utils.get_self_url(req) + url_for(
-        'saml_authorized')
+        'index.saml_authorized')
    return redirect(auth.login(return_to=redirect_url))


@ -592,8 +596,8 @@ def saml_metadata():
        current_app.logger.error("SAML authentication is disabled.")
        abort(400)

-    req = utils.prepare_flask_request(request)
-    auth = utils.init_saml_auth(req)
+    req = saml.prepare_flask_request(request)
+    auth = saml.init_saml_auth(req)
    settings = auth.get_settings()
    metadata = settings.get_sp_metadata()
    errors = settings.validate_metadata(metadata)
@ -612,8 +616,8 @@ def saml_authorized():
    if not current_app.config.get('SAML_ENABLED'):
        current_app.logger.error("SAML authentication is disabled.")
        abort(400)
-    req = utils.prepare_flask_request(request)
-    auth = utils.init_saml_auth(req)
+    req = saml.prepare_flask_request(request)
+    auth = saml.init_saml_auth(req)
    auth.process_response()
    errors = auth.get_errors()
    if len(errors) == 0:
@ -719,7 +723,7 @@ def saml_authorized():
        session['authentication_type'] = 'SAML'
        login_user(user, remember=False)
        signin_history(user.username, 'SAML', True)
-        return redirect(url_for('index'))
+        return redirect(url_for('index.login'))
    else:
        return render_template('errors/SAML.html', errors=errors)

@ -765,8 +769,8 @@ def uplift_to_admin(user):

@index_bp.route('/saml/sls')
 def saml_logout():
-    req = utils.prepare_flask_request(request)
-    auth = utils.init_saml_auth(req)
+    req = saml.prepare_flask_request(request)
+    auth = saml.init_saml_auth(req)
    url = auth.process_slo()
    errors = auth.get_errors()
    if len(errors) == 0: