✨ shiny: jetzt mit oidc

Queer-Lexikon · Aug 4, 2024 · 9434ad9 · 9434ad9
1 parent 448bbb0
commit 9434ad9
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 59 deletions.
diff --git a/.gitignore b/.gitignore
@@ -130,6 +130,5 @@ dmypy.json
 
 .DS_Store
 
-config.json
 
 .vscode/settings.json
diff --git a/app.py b/app.py
@@ -1,66 +1,24 @@
-from flask import Flask, url_for, redirect, render_template, request, flash
+from flask import Flask, url_for, redirect, render_template, request, flash, session
 import json
 import subprocess
 import shlex
 import logging
 
-from flask_ldap3_login import LDAP3LoginManager
-from flask_ldap3_login.forms import LDAPLoginForm
-from flask_login import (
-    LoginManager,
-    UserMixin,
-    login_user,
-    login_required,
-    current_user,
-)
+from flask_oidc import OpenIDConnect
+
 from PasswordForm import ChangePassword
 
 
 def create_app():
     app = Flask(__name__)
     app.config.from_file("config.json", load=json.load)
 
-    login_manager = LoginManager(app)
-    login_manager.login_view = "login"
-    ldap_manager = LDAP3LoginManager(app)
-
-    users = {}
-
-    class User(UserMixin):
-        def __init__(self, dn, username, data):
-            self.dn = dn
-            self.username = username
-            self.data = data
-
-        def __repr__(self):
-            return self.dn
-
-        def get_id(self):
-            return self.dn
-
-    @login_manager.user_loader
-    def load_user(id):
-        if id in users:
-            return users[id]
-        else:
-            return None
-
-    @ldap_manager.save_user
-    def save_user(dn, username, data, memberships):
-        user = User(dn, username, data)
-        users[dn] = user
-        return user
-
-    @app.route("/login", methods=("GET", "POST"))
-    def login():
-        form = LDAPLoginForm()
-        if form.validate_on_submit():
-            login_user(form.user)
-            return redirect("/")
-        return render_template("login.html", form=form)
+    oidc = OpenIDConnect()
+
+    oidc.init_app(app)
 
     @app.route("/", methods=("GET", "POST"))
-    @login_required
+    @oidc.require_login
     def index():
         """
         What's in here?
@@ -74,7 +32,7 @@ def index():
         8) if returncode is zero, flash success-message
         """
 
-        mailuser = current_user.data.get("mail")[0]
+        mailuser = session["oidc_auth_profile"].get("email")
         domain = app.config["DOMAIN"]
         isLocalMail = domain in mailuser
         form = ChangePassword()

diff --git a/config.json b/config.json
@@ -0,0 +1,18 @@
+{
+    "UBERSPACE_HOST": "",
+    "DOMAIN": "",
+    "SECRET_KEY": "",
+
+    "OIDC_CLIENT_SECRETS": {
+        "web": {
+            "issuer": "",
+            "auth_uri": "",
+            "client_id": "",
+            "client_secret": "",
+            "redirect_uris": [
+                ""
+            ]
+
+        }
+    }
+}
diff --git a/requirements.txt b/requirements.txt
@@ -1,9 +1,39 @@
-flask==2.3.2
-waitress==2.1.2
-
-flask-login==0.6.2
+annotated-types==0.7.0
+Authlib==1.3.1
+blinker==1.8.2
+certifi==2024.7.4
+cffi==1.16.0
+charset-normalizer==3.3.2
+click==8.1.7
+cryptography==43.0.0
+defusedxml==0.7.1
+Flask==2.3.2
 flask-ldap3-login==0.9.18
-flask-WTF==1.2.1
-wtforms==3.0.1
-
-Werkzeug==2.3.7
+Flask-Login==0.6.2
+flask-oidc==2.2.0
+Flask-pyoidc==3.14.3
+Flask-WTF==1.2.1
+future==1.0.0
+idna==3.7
+importlib_resources==6.4.0
+itsdangerous==2.2.0
+Jinja2==3.1.4
+ldap3==2.9.1
+Mako==1.3.5
+MarkupSafe==2.1.5
+oic==1.6.1
+pyasn1==0.6.0
+pycparser==2.22
+pycryptodomex==3.20.0
+pydantic==2.8.2
+pydantic-settings==2.4.0
+pydantic_core==2.20.1
+pyjwkest==1.4.2
+python-dotenv==1.0.1
+requests==2.32.3
+six==1.16.0
+typing_extensions==4.12.2
+urllib3==2.2.2
+waitress==2.1.2
+Werkzeug==2.3.7
+WTForms==3.0.1
Original file line number	Diff line number	Diff line change
Expand Up		@@ -130,6 +130,5 @@ dmypy.json

		.DS_Store

		config.json

		.vscode/settings.json