cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-18 22:39:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added new JWKS URL setting for each OAuth provider and updated the associated authorization service to use the setting during the initialization of the authlib.

Browse Source
This commit is contained in:
Matt Scott 2023-03-11 14:46:58 -05:00
parent b8ab0d3478
commit fd30e3ff49
7 changed files with 71 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
powerdnsadmin/models/setting.py
View File

@ -28,7 +28,7 @@ class Setting(db.Model):
'allow_user_create_domain': False,
'allow_user_remove_domain': False,
'allow_user_view_history': False,
'delete_sso_accounts': False,
'delete_sso_accounts': False,
'bg_domain_updates': False,
'enable_api_rr_history': True,
'preserve_history': False,
@ -44,7 +44,7 @@ class Setting(db.Model):
'local_db_enabled': True,
'signup_enabled': True,
'autoprovisioning': False,
'urn_value':'',
'urn_value': '',
'autoprovisioning_attribute': '',
'purge': False,
'verify_user_email': False,
@ -69,15 +69,17 @@ class Setting(db.Model):
'github_oauth_scope': 'email',
'github_oauth_api_url': 'https://api.github.com/user',
'github_oauth_token_url':
'https://github.com/login/oauth/access_token',
'https://github.com/login/oauth/access_token',
'github_oauth_authorize_url':
'https://github.com/login/oauth/authorize',
'https://github.com/login/oauth/authorize',
'github_oauth_jwks_url': '',
'google_oauth_enabled': False,
'google_oauth_client_id': '',
'google_oauth_client_secret': '',
'google_token_url': 'https://oauth2.googleapis.com/token',
'google_oauth_scope': 'openid email profile',
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
'google_oauth_jwks_url': '',
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
'azure_oauth_enabled': False,
'azure_oauth_key': '',
@ -85,9 +87,10 @@ class Setting(db.Model):
'azure_oauth_scope': 'User.Read openid email profile',
'azure_oauth_api_url': 'https://graph.microsoft.com/v1.0/',
'azure_oauth_token_url':
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
'azure_oauth_authorize_url':
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
'azure_oauth_jwks_url': '',
'azure_sg_enabled': False,
'azure_admin_group': '',
'azure_operator_group': '',
@ -104,6 +107,7 @@ class Setting(db.Model):
'oidc_oauth_api_url': '',
'oidc_oauth_token_url': '',
'oidc_oauth_authorize_url': '',
'oidc_oauth_jwks_url': '',
'oidc_oauth_metadata_url': '',
'oidc_oauth_logout_url': '',
'oidc_oauth_username': 'preferred_username',
@ -284,7 +288,7 @@ class Setting(db.Model):
result = self.query.filter(Setting.name == setting).first()
if result is not None:
if hasattr(result,'value'):
if hasattr(result, 'value'):
result = result.value
return strtobool(result) if result in [
'True', 'False'

8
powerdnsadmin/routes/admin.py
View File

@ -1642,6 +1642,8 @@ def setting_authentication():
request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url',
request.form.get('google_authorize_url'))
Setting().set('google_oauth_jwks_url',
request.form.get('google_oauth_jwks_url'))
Setting().set('google_base_url',
request.form.get('google_base_url'))
result = {
@ -1673,6 +1675,8 @@ def setting_authentication():
request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url',
request.form.get('github_oauth_authorize_url'))
Setting().set('github_oauth_jwks_url',
request.form.get('github_oauth_jwks_url'))
result = {
'status': True,
'msg':
@ -1702,6 +1706,8 @@ def setting_authentication():
request.form.get('azure_oauth_token_url'))
Setting().set('azure_oauth_authorize_url',
request.form.get('azure_oauth_authorize_url'))
Setting().set('azure_oauth_jwks_url',
request.form.get('azure_oauth_jwks_url'))
Setting().set(
'azure_sg_enabled', True
if request.form.get('azure_sg_enabled') == 'ON' else False)
@ -1753,6 +1759,8 @@ def setting_authentication():
request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url'))
Setting().set('oidc_oauth_jwks_url',
request.form.get('oidc_oauth_jwks_url'))
Setting().set('oidc_oauth_metadata_url',
request.form.get('oidc_oauth_metadata_url'))
Setting().set('oidc_oauth_logout_url',

1
powerdnsadmin/services/azure.py
View File

@ -23,6 +23,7 @@ def azure_oauth():
request_token_url=None,
access_token_url=Setting().get('azure_oauth_token_url'),
authorize_url=Setting().get('azure_oauth_authorize_url'),
jwks_url=Setting().get('azure_oauth_jwks_url'),
client_kwargs={'scope': Setting().get('azure_oauth_scope')},
fetch_token=fetch_azure_token,
)

1
powerdnsadmin/services/github.py
View File

@ -24,6 +24,7 @@ def github_oauth():
request_token_url=None,
access_token_url=Setting().get('github_oauth_token_url'),
authorize_url=Setting().get('github_oauth_authorize_url'),
jwks_url=Setting().get('github_oauth_jwks_url'),
client_kwargs={'scope': Setting().get('github_oauth_scope')},
fetch_token=fetch_github_token,
update_token=update_token)

1
powerdnsadmin/services/google.py
View File

@ -23,6 +23,7 @@ def google_oauth():
request_token_url=None,
access_token_url=Setting().get('google_token_url'),
authorize_url=Setting().get('google_authorize_url'),
jwks_url=Setting().get('google_oauth_jwks_url'),
client_kwargs={'scope': Setting().get('google_oauth_scope')},
fetch_token=fetch_google_token,
update_token=update_token)

1
powerdnsadmin/services/oidc.py
View File

@ -23,6 +23,7 @@ def oidc_oauth():
request_token_url=None,
access_token_url=Setting().get('oidc_oauth_token_url'),
authorize_url=Setting().get('oidc_oauth_authorize_url'),
jwks_url=Setting().get('oidc_oauth_jwks_url'),
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
fetch_token=fetch_oidc_token,

52
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -663,6 +663,17 @@
value="{{ SETTING.get('google_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="google_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="google_oauth_jwks_url"
id="google_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('google_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="google_base_url">Base URL</label>
<input type="text" class="form-control"
@ -791,10 +802,21 @@
name="github_oauth_authorize_url"
id="github_oauth_authorize_url"
placeholder="e.g. https://github.com/login/oauth/authorize"
data-error="Plesae input Authorize URL"
data-error="Please input Authorize URL"
value="{{ SETTING.get('github_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="github_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="github_oauth_jwks_url"
id="github_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('github_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset>
</div>
<!-- /.card-body -->
@ -915,6 +937,17 @@
value="{{ SETTING.get('azure_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="azure_oauth_jwks_url"
id="azure_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('azure_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
</fieldset>
<fieldset>
<legend>GROUP SECURITY</legend>
@ -1206,10 +1239,21 @@
name="oidc_oauth_authorize_url"
id="oidc_oauth_authorize_url"
placeholder="e.g. https://oidc.com/login/oauth/authorize"
data-error="Plesae input Authorize URL"
data-error="Please input Authorize URL"
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_jwks_url">JWKS
URL</label>
<input type="text" class="form-control"
name="oidc_oauth_jwks_url"
id="oidc_oauth_jwks_url"
placeholder="e.g. https://{yourDomain}/.well-known/jwks.json"
data-error="Please input JWKS URL"
value="{{ SETTING.get('oidc_oauth_jwks_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_metadata_url">Metadata
URL</label>
@ -1217,7 +1261,7 @@
name="oidc_oauth_metadata_url"
id="oidc_oauth_metadata_url"
placeholder="e.g. https://oidc.com/login/oauth/.well-known/openid-configuration"
data-error="Plesae input Metadata URL"
data-error="Please input Metadata URL"
value="{{ SETTING.get('oidc_oauth_metadata_url') }}">
<span class="help-block with-errors"></span>
</div>
@ -1270,7 +1314,7 @@
<input type="text" class="form-control"
name="oidc_oauth_email" id="oidc_oauth_email"
placeholder="e.g. email"
data-error="Plesae input Email claim"
data-error="Please input Email claim"
value="{{ SETTING.get('oidc_oauth_email') }}">
<span class="help-block with-errors"></span>
</div>