Oauth working somehow (?)

This commit is contained in:
Ozzieisaacs 2019-02-17 19:10:16 +01:00
parent a0be02e687
commit 3d5d95904a
6 changed files with 69 additions and 58 deletions

2
cps.py
View File

@ -36,6 +36,7 @@ from cps.shelf import shelf
from cps.admin import admi from cps.admin import admi
from cps.gdrive import gdrive from cps.gdrive import gdrive
from cps.editbooks import editbook from cps.editbooks import editbook
from cps.oauth_bb import oauth
if __name__ == '__main__': if __name__ == '__main__':
@ -48,6 +49,7 @@ if __name__ == '__main__':
app.register_blueprint(admi) app.register_blueprint(admi)
app.register_blueprint(gdrive) app.register_blueprint(gdrive)
app.register_blueprint(editbook) app.register_blueprint(editbook)
app.register_blueprint(oauth)
Server.startServer() Server.startServer()

View File

@ -432,28 +432,28 @@ def configuration_helper(origin):
content.config_updatechannel = int(to_save["config_updater"]) content.config_updatechannel = int(to_save["config_updater"])
# GitHub OAuth configuration # GitHub OAuth configuration
content.config_use_github_oauth = ("config_use_github_oauth" in to_save and if "config_login_type" in to_save and to_save["config_login_type"] == "2":
to_save["config_use_github_oauth"] == "on") if "config_github_oauth_client_id" in to_save:
if "config_github_oauth_client_id" in to_save: content.config_github_oauth_client_id = to_save["config_github_oauth_client_id"]
content.config_github_oauth_client_id = to_save["config_github_oauth_client_id"] if "config_github_oauth_client_secret" in to_save:
if "config_github_oauth_client_secret" in to_save: content.config_github_oauth_client_secret = to_save["config_github_oauth_client_secret"]
content.config_github_oauth_client_secret = to_save["config_github_oauth_client_secret"]
if content.config_github_oauth_client_id != config.config_github_oauth_client_id or \ if content.config_github_oauth_client_id != config.config_github_oauth_client_id or \
content.config_github_oauth_client_secret != config.config_github_oauth_client_secret: content.config_github_oauth_client_secret != config.config_github_oauth_client_secret:
reboot_required = True reboot_required = True
content.config_login_type = ub.LOGIN_OAUTH_GITHUB
# Google OAuth configuration # Google OAuth configuration
content.config_use_google_oauth = ("config_use_google_oauth" in to_save and if "config_login_type" in to_save and to_save["config_login_type"] == "3":
to_save["config_use_google_oauth"] == "on") if "config_google_oauth_client_id" in to_save:
if "config_google_oauth_client_id" in to_save: content.config_google_oauth_client_id = to_save["config_google_oauth_client_id"]
content.config_google_oauth_client_id = to_save["config_google_oauth_client_id"] if "config_google_oauth_client_secret" in to_save:
if "config_google_oauth_client_secret" in to_save: content.config_google_oauth_client_secret = to_save["config_google_oauth_client_secret"]
content.config_google_oauth_client_secret = to_save["config_google_oauth_client_secret"]
if content.config_google_oauth_client_id != config.config_google_oauth_client_id or \ if content.config_google_oauth_client_id != config.config_google_oauth_client_id or \
content.config_google_oauth_client_secret != config.config_google_oauth_client_secret: content.config_google_oauth_client_secret != config.config_google_oauth_client_secret:
reboot_required = True reboot_required = True
content.config_login_type = ub.LOGIN_OAUTH_GOOGLE
if "config_log_level" in to_save: if "config_log_level" in to_save:
content.config_log_level = int(to_save["config_log_level"]) content.config_log_level = int(to_save["config_log_level"])

View File

@ -26,22 +26,40 @@ from flask_dance.contrib.google import make_google_blueprint, google
from flask_dance.consumer import oauth_authorized, oauth_error from flask_dance.consumer import oauth_authorized, oauth_error
from oauth import OAuthBackend from oauth import OAuthBackend
from sqlalchemy.orm.exc import NoResultFound from sqlalchemy.orm.exc import NoResultFound
from flask import flash, session, redirect, url_for, request, make_response, abort from flask import session, request, make_response, abort
import json import json
from cps import config, app from cps import config, app
import ub import ub
from flask_login import login_user, login_required, current_user from flask_login import login_user, current_user
from flask import Blueprint, flash, redirect, url_for
from flask_babel import gettext as _ from flask_babel import gettext as _
# from web import github_oauth_required # from web import github_oauth_required
from functools import wraps from functools import wraps
from web import login_required
oauth_check = {} oauth_check = {}
oauth = Blueprint('oauth', __name__)
def github_oauth_required(f): def github_oauth_required(f):
@wraps(f) @wraps(f)
def inner(*args, **kwargs): def inner(*args, **kwargs):
if config.config_use_github_oauth: if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
return f(*args, **kwargs)
if request.is_xhr:
data = {'status': 'error', 'message': 'Not Found'}
response = make_response(json.dumps(data, ensure_ascii=False))
response.headers["Content-Type"] = "application/json; charset=utf-8"
return response, 404
abort(404)
return inner
def google_oauth_required(f):
@wraps(f)
def inner(*args, **kwargs):
if config.config_use_google_oauth == ub.LOGIN_OAUTH_GOOGLE:
return f(*args, **kwargs) return f(*args, **kwargs)
if request.is_xhr: if request.is_xhr:
data = {'status': 'error', 'message': 'Not Found'} data = {'status': 'error', 'message': 'Not Found'}
@ -96,12 +114,12 @@ if ub.oauth_support:
github_blueprint = make_github_blueprint( github_blueprint = make_github_blueprint(
client_id=config.config_github_oauth_client_id, client_id=config.config_github_oauth_client_id,
client_secret=config.config_github_oauth_client_secret, client_secret=config.config_github_oauth_client_secret,
redirect_to="github_login",) redirect_to="oauth.github_login",)
google_blueprint = make_google_blueprint( google_blueprint = make_google_blueprint(
client_id=config.config_google_oauth_client_id, client_id=config.config_google_oauth_client_id,
client_secret=config.config_google_oauth_client_secret, client_secret=config.config_google_oauth_client_secret,
redirect_to="google_login", redirect_to="oauth.google_login",
scope=[ scope=[
"https://www.googleapis.com/auth/plus.me", "https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.email",
@ -115,9 +133,9 @@ if ub.oauth_support:
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True) google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
if config.config_use_github_oauth: if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
register_oauth_blueprint(github_blueprint, 'GitHub') register_oauth_blueprint(github_blueprint, 'GitHub')
if config.config_use_google_oauth: if config.config_login_type == ub.LOGIN_OAUTH_GOOGLE:
register_oauth_blueprint(google_blueprint, 'Google') register_oauth_blueprint(google_blueprint, 'Google')
@ -264,7 +282,7 @@ if ub.oauth_support:
) )
flash(msg, category="error") flash(msg, category="error")
'''
@oauth.route('/github') @oauth.route('/github')
@github_oauth_required @github_oauth_required
def github_login(): def github_login():
@ -276,14 +294,14 @@ if ub.oauth_support:
return bind_oauth_or_register(github_blueprint.name, account_info_json['id'], 'github.login') return bind_oauth_or_register(github_blueprint.name, account_info_json['id'], 'github.login')
flash(_(u"GitHub Oauth error, please retry later."), category="error") flash(_(u"GitHub Oauth error, please retry later."), category="error")
return redirect(url_for('web.login')) return redirect(url_for('web.login'))
@oauth.route('/unlink/github', methods=["GET"]) @oauth.route('/unlink/github', methods=["GET"])
@login_required @login_required
def github_login_unlink(): def github_login_unlink():
return unlink_oauth(github_blueprint.name) return unlink_oauth(github_blueprint.name)
@oauth.route('/google') @oauth.route('/google')
@google_oauth_required @google_oauth_required
def google_login(): def google_login():
@ -295,7 +313,7 @@ if ub.oauth_support:
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login') return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login')
flash(_(u"Google Oauth error, please retry later."), category="error") flash(_(u"Google Oauth error, please retry later."), category="error")
return redirect(url_for('web.login')) return redirect(url_for('web.login'))
'''
@oauth_error.connect_via(google_blueprint) @oauth_error.connect_via(google_blueprint)
def google_error(blueprint, error, error_description=None, error_uri=None): def google_error(blueprint, error, error_description=None, error_uri=None):
@ -310,8 +328,8 @@ if ub.oauth_support:
) )
flash(msg, category="error") flash(msg, category="error")
'''
@oauth.route('/unlink/google', methods=["GET"]) @oauth.route('/unlink/google', methods=["GET"])
@login_required @login_required
def google_login_unlink(): def google_login_unlink():
return unlink_oauth(google_blueprint.name)''' return unlink_oauth(google_blueprint.name)

View File

@ -182,11 +182,11 @@
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings"> <select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
<option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option> <option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
{% if feature_support['ldap'] %} {% if feature_support['ldap'] %}
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use')}} LDAP Authentication</option> <option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option> <option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option>
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option> <option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
{% endif %} {% endif %}
</select> </select>
</div> </div>
@ -194,16 +194,19 @@
<div data-related="login-settings-1"> <div data-related="login-settings-1">
<div class="form-group"> <div class="form-group">
<label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label> <label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{{ content.config_ldap_provider_url }}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_ldap_provider_url != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label> <label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{{ content.config_ldap_dn }}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_ldap_dn != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off">
</div> </div>
</div> </div>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
<div data-related="login-settings-2"> <div data-related="login-settings-2">
<div class="form-group">
<a href="https://github.com/settings/developers" target="_blank">{{_('Obtain GitHub OAuth Credential')}}</a>
</div>
<div class="form-group"> <div class="form-group">
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label> <label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
@ -214,6 +217,9 @@
</div> </div>
</div> </div>
<div data-related="login-settings-3"> <div data-related="login-settings-3">
<div class="form-group">
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
</div>
<div class="form-group"> <div class="form-group">
<label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label> <label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label>
<input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off">

View File

@ -21,14 +21,14 @@
{% if config.config_remote_login %} {% if config.config_remote_login %}
<a href="{{url_for('web.remote_login')}}" class="pull-right">{{_('Log in with magic link')}}</a> <a href="{{url_for('web.remote_login')}}" class="pull-right">{{_('Log in with magic link')}}</a>
{% endif %} {% endif %}
{% if config.config_use_github_oauth %} {% if config.config_login_type == 2 %}
<a href="{{url_for('oauth.github_login')}}" class="pull-right"> <a href="{{url_for('oauth.github_login')}}" class="pull-right">
<svg height="32" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true"> <svg height="32" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true">
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path> <path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path>
</svg> </svg>
</a> </a>
{% endif %} {% endif %}
{% if config.config_use_google_oauth %} {% if config.config_login_type == 3 %}
<a href="{{url_for('oauth.google_login')}}" class="pull-right"> <a href="{{url_for('oauth.google_login')}}" class="pull-right">
<svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" <svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
width="40" height="40" width="40" height="40"

View File

@ -177,21 +177,6 @@ def remote_login_required(f):
return inner return inner
def google_oauth_required(f):
@wraps(f)
def inner(*args, **kwargs):
if config.config_use_google_oauth:
return f(*args, **kwargs)
if request.is_xhr:
data = {'status': 'error', 'message': 'Not Found'}
response = make_response(json.dumps(data, ensure_ascii=False))
response.headers["Content-Type"] = "application/json; charset=utf-8"
return response, 404
abort(404)
return inner
def admin_required(f): def admin_required(f):
""" """
Checks if current_user.role == 1 Checks if current_user.role == 1
@ -1330,7 +1315,7 @@ def login():
ub.User.try_login(form['username'], form['password'], config.config_ldap_dn, ub.User.try_login(form['username'], form['password'], config.config_ldap_dn,
config.config_ldap_provider_url) config.config_ldap_provider_url)
login_user(user, remember=True) login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
return redirect_back(url_for("web.index")) return redirect_back(url_for("web.index"))
except ldap.INVALID_CREDENTIALS: except ldap.INVALID_CREDENTIALS:
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
@ -1342,7 +1327,7 @@ def login():
else: else:
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest": if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
login_user(user, remember=True) login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
return redirect_back(url_for("web.index")) return redirect_back(url_for("web.index"))
else: else:
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)