rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Copy OIDC settings to app.config on init

Browse source 
So we avoid locking the settings file at runtime.
This commit is contained in:
Timotej Lazar 2023-09-13 13:14:41 +02:00
parent 0dc2563b31
commit 02059e5043
2 changed files with 14 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
web/__init__.py
View file

@ -17,7 +17,8 @@ def create_app(test_config=None):
'ldap_pass': '', 'ldap_pass': '',
'ldap_base_dn': '', 'ldap_base_dn': '',
'user_group': '', 'user_group': '',
'oidc_tenant': '', 'oidc_url_discovery': '',
'oidc_url_logout': '',
'oidc_client_id': '', 'oidc_client_id': '',
'oidc_client_secret': '', 'oidc_client_secret': '',
'admin_group': '', 'admin_group': '',
@ -35,6 +36,10 @@ def create_app(test_config=None):
db.write('settings', settings) db.write('settings', settings)
app.config['SECRET_KEY'] = settings.get('secret_key', '') app.config['SECRET_KEY'] = settings.get('secret_key', '')
app.config['OIDC_URL_DISCOVERY'] = settings.get('oidc_url_discovery', '')
app.config['OIDC_URL_LOGOUT'] = settings.get('oidc_url_logout', '')
app.config['OIDC_CLIENT_ID'] = settings.get('oidc_client_id', '')
app.config['OIDC_CLIENT_SECRET'] = settings.get('oidc_client_secret', '')
from . import auth from . import auth
auth.init_app(app) auth.init_app(app)

22
web/auth.py
View file

@ -26,14 +26,13 @@ class User(flask_login.UserMixin):
return self.username return self.username
def init_app(app): def init_app(app):
settings = db.load('settings')
login_manager = flask_login.LoginManager(app) login_manager = flask_login.LoginManager(app)
oauth = authlib.integrations.flask_client.OAuth(app) oauth = authlib.integrations.flask_client.OAuth(app)
oauth.register( oauth.register(
name='azure', name='default',
server_metadata_url=f'https://login.microsoftonline.com/{settings.get("oidc_tenant")}/v2.0/.well-known/openid-configuration', server_metadata_url=app.config['OIDC_URL_DISCOVERY'],
client_id=settings.get('oidc_client_id'), client_id=app.config['OIDC_CLIENT_ID'],
client_secret=settings.get('oidc_client_secret'), client_secret=app.config['OIDC_CLIENT_SECRET'],
client_kwargs={'scope': 'openid profile email'}) client_kwargs={'scope': 'openid profile email'})
@login_manager.user_loader @login_manager.user_loader
@ -46,11 +45,11 @@ def init_app(app):
@app.route('/login') @app.route('/login')
def login(): def login():
return oauth.azure.authorize_redirect(flask.url_for('authorize', _external=True)) return oauth.default.authorize_redirect(flask.url_for('authorize', _external=True))
@app.route('/authorize') @app.route('/authorize')
def authorize(): def authorize():
token = oauth.azure.authorize_access_token() token = oauth.default.authorize_access_token()
user = users[user.username] = User(token.get('userinfo', {})) user = users[user.username] = User(token.get('userinfo', {}))
flask_login.login_user(user) flask_login.login_user(user)
return flask.redirect('/') return flask.redirect('/')
@ -59,10 +58,5 @@ def init_app(app):
def logout(): def logout():
flask_login.logout_user() flask_login.logout_user()
return flask.redirect( return flask.redirect(
f'https://login.microsoftonline.com/common/oauth2/v2.0/logout?' flask.current_app.config.get('OIDC_URL_LOGOUT') + '?'
+ urllib.parse.urlencode( + urllib.parse.urlencode({'client_id': config.get('OIDC_CLIENT_ID')}))
{
'returnTo': flask.url_for('home', _external=True),
'client_id': settings.get('oidc_client_id')
},
quote_via=urllib.parse.quote_plus))