Oauth working somehow (?)
This commit is contained in:
parent
a0be02e687
commit
3d5d95904a
2
cps.py
2
cps.py
|
@ -36,6 +36,7 @@ from cps.shelf import shelf
|
||||||
from cps.admin import admi
|
from cps.admin import admi
|
||||||
from cps.gdrive import gdrive
|
from cps.gdrive import gdrive
|
||||||
from cps.editbooks import editbook
|
from cps.editbooks import editbook
|
||||||
|
from cps.oauth_bb import oauth
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
@ -48,6 +49,7 @@ if __name__ == '__main__':
|
||||||
app.register_blueprint(admi)
|
app.register_blueprint(admi)
|
||||||
app.register_blueprint(gdrive)
|
app.register_blueprint(gdrive)
|
||||||
app.register_blueprint(editbook)
|
app.register_blueprint(editbook)
|
||||||
|
app.register_blueprint(oauth)
|
||||||
Server.startServer()
|
Server.startServer()
|
||||||
|
|
||||||
|
|
||||||
|
|
36
cps/admin.py
36
cps/admin.py
|
@ -432,28 +432,28 @@ def configuration_helper(origin):
|
||||||
content.config_updatechannel = int(to_save["config_updater"])
|
content.config_updatechannel = int(to_save["config_updater"])
|
||||||
|
|
||||||
# GitHub OAuth configuration
|
# GitHub OAuth configuration
|
||||||
content.config_use_github_oauth = ("config_use_github_oauth" in to_save and
|
if "config_login_type" in to_save and to_save["config_login_type"] == "2":
|
||||||
to_save["config_use_github_oauth"] == "on")
|
if "config_github_oauth_client_id" in to_save:
|
||||||
if "config_github_oauth_client_id" in to_save:
|
content.config_github_oauth_client_id = to_save["config_github_oauth_client_id"]
|
||||||
content.config_github_oauth_client_id = to_save["config_github_oauth_client_id"]
|
if "config_github_oauth_client_secret" in to_save:
|
||||||
if "config_github_oauth_client_secret" in to_save:
|
content.config_github_oauth_client_secret = to_save["config_github_oauth_client_secret"]
|
||||||
content.config_github_oauth_client_secret = to_save["config_github_oauth_client_secret"]
|
|
||||||
|
|
||||||
if content.config_github_oauth_client_id != config.config_github_oauth_client_id or \
|
if content.config_github_oauth_client_id != config.config_github_oauth_client_id or \
|
||||||
content.config_github_oauth_client_secret != config.config_github_oauth_client_secret:
|
content.config_github_oauth_client_secret != config.config_github_oauth_client_secret:
|
||||||
reboot_required = True
|
reboot_required = True
|
||||||
|
content.config_login_type = ub.LOGIN_OAUTH_GITHUB
|
||||||
|
|
||||||
# Google OAuth configuration
|
# Google OAuth configuration
|
||||||
content.config_use_google_oauth = ("config_use_google_oauth" in to_save and
|
if "config_login_type" in to_save and to_save["config_login_type"] == "3":
|
||||||
to_save["config_use_google_oauth"] == "on")
|
if "config_google_oauth_client_id" in to_save:
|
||||||
if "config_google_oauth_client_id" in to_save:
|
content.config_google_oauth_client_id = to_save["config_google_oauth_client_id"]
|
||||||
content.config_google_oauth_client_id = to_save["config_google_oauth_client_id"]
|
if "config_google_oauth_client_secret" in to_save:
|
||||||
if "config_google_oauth_client_secret" in to_save:
|
content.config_google_oauth_client_secret = to_save["config_google_oauth_client_secret"]
|
||||||
content.config_google_oauth_client_secret = to_save["config_google_oauth_client_secret"]
|
|
||||||
|
|
||||||
if content.config_google_oauth_client_id != config.config_google_oauth_client_id or \
|
if content.config_google_oauth_client_id != config.config_google_oauth_client_id or \
|
||||||
content.config_google_oauth_client_secret != config.config_google_oauth_client_secret:
|
content.config_google_oauth_client_secret != config.config_google_oauth_client_secret:
|
||||||
reboot_required = True
|
reboot_required = True
|
||||||
|
content.config_login_type = ub.LOGIN_OAUTH_GOOGLE
|
||||||
|
|
||||||
if "config_log_level" in to_save:
|
if "config_log_level" in to_save:
|
||||||
content.config_log_level = int(to_save["config_log_level"])
|
content.config_log_level = int(to_save["config_log_level"])
|
||||||
|
|
|
@ -26,22 +26,40 @@ from flask_dance.contrib.google import make_google_blueprint, google
|
||||||
from flask_dance.consumer import oauth_authorized, oauth_error
|
from flask_dance.consumer import oauth_authorized, oauth_error
|
||||||
from oauth import OAuthBackend
|
from oauth import OAuthBackend
|
||||||
from sqlalchemy.orm.exc import NoResultFound
|
from sqlalchemy.orm.exc import NoResultFound
|
||||||
from flask import flash, session, redirect, url_for, request, make_response, abort
|
from flask import session, request, make_response, abort
|
||||||
import json
|
import json
|
||||||
from cps import config, app
|
from cps import config, app
|
||||||
import ub
|
import ub
|
||||||
from flask_login import login_user, login_required, current_user
|
from flask_login import login_user, current_user
|
||||||
|
from flask import Blueprint, flash, redirect, url_for
|
||||||
from flask_babel import gettext as _
|
from flask_babel import gettext as _
|
||||||
# from web import github_oauth_required
|
# from web import github_oauth_required
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
from web import login_required
|
||||||
|
|
||||||
oauth_check = {}
|
oauth_check = {}
|
||||||
|
oauth = Blueprint('oauth', __name__)
|
||||||
|
|
||||||
|
|
||||||
def github_oauth_required(f):
|
def github_oauth_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def inner(*args, **kwargs):
|
def inner(*args, **kwargs):
|
||||||
if config.config_use_github_oauth:
|
if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
if request.is_xhr:
|
||||||
|
data = {'status': 'error', 'message': 'Not Found'}
|
||||||
|
response = make_response(json.dumps(data, ensure_ascii=False))
|
||||||
|
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
||||||
|
return response, 404
|
||||||
|
abort(404)
|
||||||
|
|
||||||
|
return inner
|
||||||
|
|
||||||
|
|
||||||
|
def google_oauth_required(f):
|
||||||
|
@wraps(f)
|
||||||
|
def inner(*args, **kwargs):
|
||||||
|
if config.config_use_google_oauth == ub.LOGIN_OAUTH_GOOGLE:
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
if request.is_xhr:
|
if request.is_xhr:
|
||||||
data = {'status': 'error', 'message': 'Not Found'}
|
data = {'status': 'error', 'message': 'Not Found'}
|
||||||
|
@ -96,12 +114,12 @@ if ub.oauth_support:
|
||||||
github_blueprint = make_github_blueprint(
|
github_blueprint = make_github_blueprint(
|
||||||
client_id=config.config_github_oauth_client_id,
|
client_id=config.config_github_oauth_client_id,
|
||||||
client_secret=config.config_github_oauth_client_secret,
|
client_secret=config.config_github_oauth_client_secret,
|
||||||
redirect_to="github_login",)
|
redirect_to="oauth.github_login",)
|
||||||
|
|
||||||
google_blueprint = make_google_blueprint(
|
google_blueprint = make_google_blueprint(
|
||||||
client_id=config.config_google_oauth_client_id,
|
client_id=config.config_google_oauth_client_id,
|
||||||
client_secret=config.config_google_oauth_client_secret,
|
client_secret=config.config_google_oauth_client_secret,
|
||||||
redirect_to="google_login",
|
redirect_to="oauth.google_login",
|
||||||
scope=[
|
scope=[
|
||||||
"https://www.googleapis.com/auth/plus.me",
|
"https://www.googleapis.com/auth/plus.me",
|
||||||
"https://www.googleapis.com/auth/userinfo.email",
|
"https://www.googleapis.com/auth/userinfo.email",
|
||||||
|
@ -115,9 +133,9 @@ if ub.oauth_support:
|
||||||
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
||||||
|
|
||||||
|
|
||||||
if config.config_use_github_oauth:
|
if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
|
||||||
register_oauth_blueprint(github_blueprint, 'GitHub')
|
register_oauth_blueprint(github_blueprint, 'GitHub')
|
||||||
if config.config_use_google_oauth:
|
if config.config_login_type == ub.LOGIN_OAUTH_GOOGLE:
|
||||||
register_oauth_blueprint(google_blueprint, 'Google')
|
register_oauth_blueprint(google_blueprint, 'Google')
|
||||||
|
|
||||||
|
|
||||||
|
@ -264,7 +282,7 @@ if ub.oauth_support:
|
||||||
)
|
)
|
||||||
flash(msg, category="error")
|
flash(msg, category="error")
|
||||||
|
|
||||||
'''
|
|
||||||
@oauth.route('/github')
|
@oauth.route('/github')
|
||||||
@github_oauth_required
|
@github_oauth_required
|
||||||
def github_login():
|
def github_login():
|
||||||
|
@ -295,7 +313,7 @@ if ub.oauth_support:
|
||||||
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login')
|
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login')
|
||||||
flash(_(u"Google Oauth error, please retry later."), category="error")
|
flash(_(u"Google Oauth error, please retry later."), category="error")
|
||||||
return redirect(url_for('web.login'))
|
return redirect(url_for('web.login'))
|
||||||
'''
|
|
||||||
|
|
||||||
@oauth_error.connect_via(google_blueprint)
|
@oauth_error.connect_via(google_blueprint)
|
||||||
def google_error(blueprint, error, error_description=None, error_uri=None):
|
def google_error(blueprint, error, error_description=None, error_uri=None):
|
||||||
|
@ -310,8 +328,8 @@ if ub.oauth_support:
|
||||||
)
|
)
|
||||||
flash(msg, category="error")
|
flash(msg, category="error")
|
||||||
|
|
||||||
'''
|
|
||||||
@oauth.route('/unlink/google', methods=["GET"])
|
@oauth.route('/unlink/google', methods=["GET"])
|
||||||
@login_required
|
@login_required
|
||||||
def google_login_unlink():
|
def google_login_unlink():
|
||||||
return unlink_oauth(google_blueprint.name)'''
|
return unlink_oauth(google_blueprint.name)
|
||||||
|
|
|
@ -182,11 +182,11 @@
|
||||||
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
|
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
|
||||||
<option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
|
<option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
|
||||||
{% if feature_support['ldap'] %}
|
{% if feature_support['ldap'] %}
|
||||||
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use')}} LDAP Authentication</option>
|
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if feature_support['oauth'] %}
|
{% if feature_support['oauth'] %}
|
||||||
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option>
|
||||||
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
|
@ -194,16 +194,19 @@
|
||||||
<div data-related="login-settings-1">
|
<div data-related="login-settings-1">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
|
<label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
|
||||||
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{{ content.config_ldap_provider_url }}" autocomplete="off">
|
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_ldap_provider_url != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
|
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
|
||||||
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{{ content.config_ldap_dn }}" autocomplete="off">
|
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_ldap_dn != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if feature_support['oauth'] %}
|
{% if feature_support['oauth'] %}
|
||||||
<div data-related="login-settings-2">
|
<div data-related="login-settings-2">
|
||||||
|
<div class="form-group">
|
||||||
|
<a href="https://github.com/settings/developers" target="_blank">{{_('Obtain GitHub OAuth Credential')}}</a>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
|
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
|
||||||
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||||
|
@ -214,6 +217,9 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div data-related="login-settings-3">
|
<div data-related="login-settings-3">
|
||||||
|
<div class="form-group">
|
||||||
|
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label>
|
<label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label>
|
||||||
<input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||||
|
|
|
@ -21,14 +21,14 @@
|
||||||
{% if config.config_remote_login %}
|
{% if config.config_remote_login %}
|
||||||
<a href="{{url_for('web.remote_login')}}" class="pull-right">{{_('Log in with magic link')}}</a>
|
<a href="{{url_for('web.remote_login')}}" class="pull-right">{{_('Log in with magic link')}}</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if config.config_use_github_oauth %}
|
{% if config.config_login_type == 2 %}
|
||||||
<a href="{{url_for('oauth.github_login')}}" class="pull-right">
|
<a href="{{url_for('oauth.github_login')}}" class="pull-right">
|
||||||
<svg height="32" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true">
|
<svg height="32" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true">
|
||||||
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path>
|
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path>
|
||||||
</svg>
|
</svg>
|
||||||
</a>
|
</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if config.config_use_google_oauth %}
|
{% if config.config_login_type == 3 %}
|
||||||
<a href="{{url_for('oauth.google_login')}}" class="pull-right">
|
<a href="{{url_for('oauth.google_login')}}" class="pull-right">
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
|
<svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
|
||||||
width="40" height="40"
|
width="40" height="40"
|
||||||
|
|
19
cps/web.py
19
cps/web.py
|
@ -177,21 +177,6 @@ def remote_login_required(f):
|
||||||
return inner
|
return inner
|
||||||
|
|
||||||
|
|
||||||
def google_oauth_required(f):
|
|
||||||
@wraps(f)
|
|
||||||
def inner(*args, **kwargs):
|
|
||||||
if config.config_use_google_oauth:
|
|
||||||
return f(*args, **kwargs)
|
|
||||||
if request.is_xhr:
|
|
||||||
data = {'status': 'error', 'message': 'Not Found'}
|
|
||||||
response = make_response(json.dumps(data, ensure_ascii=False))
|
|
||||||
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
|
||||||
return response, 404
|
|
||||||
abort(404)
|
|
||||||
|
|
||||||
return inner
|
|
||||||
|
|
||||||
|
|
||||||
def admin_required(f):
|
def admin_required(f):
|
||||||
"""
|
"""
|
||||||
Checks if current_user.role == 1
|
Checks if current_user.role == 1
|
||||||
|
@ -1330,7 +1315,7 @@ def login():
|
||||||
ub.User.try_login(form['username'], form['password'], config.config_ldap_dn,
|
ub.User.try_login(form['username'], form['password'], config.config_ldap_dn,
|
||||||
config.config_ldap_provider_url)
|
config.config_ldap_provider_url)
|
||||||
login_user(user, remember=True)
|
login_user(user, remember=True)
|
||||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||||
return redirect_back(url_for("web.index"))
|
return redirect_back(url_for("web.index"))
|
||||||
except ldap.INVALID_CREDENTIALS:
|
except ldap.INVALID_CREDENTIALS:
|
||||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||||
|
@ -1342,7 +1327,7 @@ def login():
|
||||||
else:
|
else:
|
||||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
||||||
login_user(user, remember=True)
|
login_user(user, remember=True)
|
||||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||||
return redirect_back(url_for("web.index"))
|
return redirect_back(url_for("web.index"))
|
||||||
else:
|
else:
|
||||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user