From 02059e5043911aec50c5918212fe47a84f34332a Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Wed, 13 Sep 2023 13:14:41 +0200
Subject: [PATCH] Copy OIDC settings to app.config on init

So we avoid locking the settings file at runtime.
---
 web/__init__.py |  7 ++++++-
 web/auth.py     | 22 ++++++++--------------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/web/__init__.py b/web/__init__.py
index fa73169..b44d011 100644
--- a/web/__init__.py
+++ b/web/__init__.py
@@ -17,7 +17,8 @@ def create_app(test_config=None):
         'ldap_pass': '',
         'ldap_base_dn': '',
         'user_group': '',
-        'oidc_tenant': '',
+        'oidc_url_discovery': '',
+        'oidc_url_logout': '',
         'oidc_client_id': '',
         'oidc_client_secret': '',
         'admin_group': '',
@@ -35,6 +36,10 @@ def create_app(test_config=None):
         db.write('settings', settings)
 
     app.config['SECRET_KEY'] = settings.get('secret_key', '')
+    app.config['OIDC_URL_DISCOVERY'] = settings.get('oidc_url_discovery', '')
+    app.config['OIDC_URL_LOGOUT'] = settings.get('oidc_url_logout', '')
+    app.config['OIDC_CLIENT_ID'] = settings.get('oidc_client_id', '')
+    app.config['OIDC_CLIENT_SECRET'] = settings.get('oidc_client_secret', '')
 
     from . import auth
     auth.init_app(app)
diff --git a/web/auth.py b/web/auth.py
index bd81af5..218c7c0 100644
--- a/web/auth.py
+++ b/web/auth.py
@@ -26,14 +26,13 @@ class User(flask_login.UserMixin):
         return self.username
 
 def init_app(app):
-    settings = db.load('settings')
     login_manager = flask_login.LoginManager(app)
     oauth = authlib.integrations.flask_client.OAuth(app)
     oauth.register(
-        name='azure',
-        server_metadata_url=f'https://login.microsoftonline.com/{settings.get("oidc_tenant")}/v2.0/.well-known/openid-configuration',
-        client_id=settings.get('oidc_client_id'),
-        client_secret=settings.get('oidc_client_secret'),
+        name='default',
+        server_metadata_url=app.config['OIDC_URL_DISCOVERY'],
+        client_id=app.config['OIDC_CLIENT_ID'],
+        client_secret=app.config['OIDC_CLIENT_SECRET'],
         client_kwargs={'scope': 'openid profile email'})
 
     @login_manager.user_loader
@@ -46,11 +45,11 @@ def init_app(app):
 
     @app.route('/login')
     def login():
-        return oauth.azure.authorize_redirect(flask.url_for('authorize', _external=True))
+        return oauth.default.authorize_redirect(flask.url_for('authorize', _external=True))
 
     @app.route('/authorize')
     def authorize():
-        token = oauth.azure.authorize_access_token()
+        token = oauth.default.authorize_access_token()
         user = users[user.username] = User(token.get('userinfo', {}))
         flask_login.login_user(user)
         return flask.redirect('/')
@@ -59,10 +58,5 @@ def init_app(app):
     def logout():
         flask_login.logout_user()
         return flask.redirect(
-            f'https://login.microsoftonline.com/common/oauth2/v2.0/logout?'
-            + urllib.parse.urlencode(
-                {
-                    'returnTo': flask.url_for('home', _external=True),
-                    'client_id': settings.get('oidc_client_id')
-                },
-                quote_via=urllib.parse.quote_plus))
+            flask.current_app.config.get('OIDC_URL_LOGOUT') + '?'
+            + urllib.parse.urlencode({'client_id': config.get('OIDC_CLIENT_ID')}))