Oauth working somehow (?)
This commit is contained in:
parent
a0be02e687
commit
3d5d95904a
2
cps.py
2
cps.py
|
@ -36,6 +36,7 @@ from cps.shelf import shelf
|
|||
from cps.admin import admi
|
||||
from cps.gdrive import gdrive
|
||||
from cps.editbooks import editbook
|
||||
from cps.oauth_bb import oauth
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
@ -48,6 +49,7 @@ if __name__ == '__main__':
|
|||
app.register_blueprint(admi)
|
||||
app.register_blueprint(gdrive)
|
||||
app.register_blueprint(editbook)
|
||||
app.register_blueprint(oauth)
|
||||
Server.startServer()
|
||||
|
||||
|
||||
|
|
|
@ -432,8 +432,7 @@ def configuration_helper(origin):
|
|||
content.config_updatechannel = int(to_save["config_updater"])
|
||||
|
||||
# GitHub OAuth configuration
|
||||
content.config_use_github_oauth = ("config_use_github_oauth" in to_save and
|
||||
to_save["config_use_github_oauth"] == "on")
|
||||
if "config_login_type" in to_save and to_save["config_login_type"] == "2":
|
||||
if "config_github_oauth_client_id" in to_save:
|
||||
content.config_github_oauth_client_id = to_save["config_github_oauth_client_id"]
|
||||
if "config_github_oauth_client_secret" in to_save:
|
||||
|
@ -442,10 +441,10 @@ def configuration_helper(origin):
|
|||
if content.config_github_oauth_client_id != config.config_github_oauth_client_id or \
|
||||
content.config_github_oauth_client_secret != config.config_github_oauth_client_secret:
|
||||
reboot_required = True
|
||||
content.config_login_type = ub.LOGIN_OAUTH_GITHUB
|
||||
|
||||
# Google OAuth configuration
|
||||
content.config_use_google_oauth = ("config_use_google_oauth" in to_save and
|
||||
to_save["config_use_google_oauth"] == "on")
|
||||
if "config_login_type" in to_save and to_save["config_login_type"] == "3":
|
||||
if "config_google_oauth_client_id" in to_save:
|
||||
content.config_google_oauth_client_id = to_save["config_google_oauth_client_id"]
|
||||
if "config_google_oauth_client_secret" in to_save:
|
||||
|
@ -454,6 +453,7 @@ def configuration_helper(origin):
|
|||
if content.config_google_oauth_client_id != config.config_google_oauth_client_id or \
|
||||
content.config_google_oauth_client_secret != config.config_google_oauth_client_secret:
|
||||
reboot_required = True
|
||||
content.config_login_type = ub.LOGIN_OAUTH_GOOGLE
|
||||
|
||||
if "config_log_level" in to_save:
|
||||
content.config_log_level = int(to_save["config_log_level"])
|
||||
|
|
|
@ -26,22 +26,40 @@ from flask_dance.contrib.google import make_google_blueprint, google
|
|||
from flask_dance.consumer import oauth_authorized, oauth_error
|
||||
from oauth import OAuthBackend
|
||||
from sqlalchemy.orm.exc import NoResultFound
|
||||
from flask import flash, session, redirect, url_for, request, make_response, abort
|
||||
from flask import session, request, make_response, abort
|
||||
import json
|
||||
from cps import config, app
|
||||
import ub
|
||||
from flask_login import login_user, login_required, current_user
|
||||
from flask_login import login_user, current_user
|
||||
from flask import Blueprint, flash, redirect, url_for
|
||||
from flask_babel import gettext as _
|
||||
# from web import github_oauth_required
|
||||
from functools import wraps
|
||||
|
||||
from web import login_required
|
||||
|
||||
oauth_check = {}
|
||||
oauth = Blueprint('oauth', __name__)
|
||||
|
||||
|
||||
def github_oauth_required(f):
|
||||
@wraps(f)
|
||||
def inner(*args, **kwargs):
|
||||
if config.config_use_github_oauth:
|
||||
if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
|
||||
return f(*args, **kwargs)
|
||||
if request.is_xhr:
|
||||
data = {'status': 'error', 'message': 'Not Found'}
|
||||
response = make_response(json.dumps(data, ensure_ascii=False))
|
||||
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
||||
return response, 404
|
||||
abort(404)
|
||||
|
||||
return inner
|
||||
|
||||
|
||||
def google_oauth_required(f):
|
||||
@wraps(f)
|
||||
def inner(*args, **kwargs):
|
||||
if config.config_use_google_oauth == ub.LOGIN_OAUTH_GOOGLE:
|
||||
return f(*args, **kwargs)
|
||||
if request.is_xhr:
|
||||
data = {'status': 'error', 'message': 'Not Found'}
|
||||
|
@ -96,12 +114,12 @@ if ub.oauth_support:
|
|||
github_blueprint = make_github_blueprint(
|
||||
client_id=config.config_github_oauth_client_id,
|
||||
client_secret=config.config_github_oauth_client_secret,
|
||||
redirect_to="github_login",)
|
||||
redirect_to="oauth.github_login",)
|
||||
|
||||
google_blueprint = make_google_blueprint(
|
||||
client_id=config.config_google_oauth_client_id,
|
||||
client_secret=config.config_google_oauth_client_secret,
|
||||
redirect_to="google_login",
|
||||
redirect_to="oauth.google_login",
|
||||
scope=[
|
||||
"https://www.googleapis.com/auth/plus.me",
|
||||
"https://www.googleapis.com/auth/userinfo.email",
|
||||
|
@ -115,9 +133,9 @@ if ub.oauth_support:
|
|||
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
|
||||
|
||||
|
||||
if config.config_use_github_oauth:
|
||||
if config.config_login_type == ub.LOGIN_OAUTH_GITHUB:
|
||||
register_oauth_blueprint(github_blueprint, 'GitHub')
|
||||
if config.config_use_google_oauth:
|
||||
if config.config_login_type == ub.LOGIN_OAUTH_GOOGLE:
|
||||
register_oauth_blueprint(google_blueprint, 'Google')
|
||||
|
||||
|
||||
|
@ -264,7 +282,7 @@ if ub.oauth_support:
|
|||
)
|
||||
flash(msg, category="error")
|
||||
|
||||
'''
|
||||
|
||||
@oauth.route('/github')
|
||||
@github_oauth_required
|
||||
def github_login():
|
||||
|
@ -295,7 +313,7 @@ if ub.oauth_support:
|
|||
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login')
|
||||
flash(_(u"Google Oauth error, please retry later."), category="error")
|
||||
return redirect(url_for('web.login'))
|
||||
'''
|
||||
|
||||
|
||||
@oauth_error.connect_via(google_blueprint)
|
||||
def google_error(blueprint, error, error_description=None, error_uri=None):
|
||||
|
@ -310,8 +328,8 @@ if ub.oauth_support:
|
|||
)
|
||||
flash(msg, category="error")
|
||||
|
||||
'''
|
||||
|
||||
@oauth.route('/unlink/google', methods=["GET"])
|
||||
@login_required
|
||||
def google_login_unlink():
|
||||
return unlink_oauth(google_blueprint.name)'''
|
||||
return unlink_oauth(google_blueprint.name)
|
||||
|
|
|
@ -182,11 +182,11 @@
|
|||
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
|
||||
<option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
|
||||
{% if feature_support['ldap'] %}
|
||||
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use')}} LDAP Authentication</option>
|
||||
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
|
||||
{% endif %}
|
||||
{% if feature_support['oauth'] %}
|
||||
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
||||
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
||||
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option>
|
||||
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
|
||||
{% endif %}
|
||||
</select>
|
||||
</div>
|
||||
|
@ -194,16 +194,19 @@
|
|||
<div data-related="login-settings-1">
|
||||
<div class="form-group">
|
||||
<label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
|
||||
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{{ content.config_ldap_provider_url }}" autocomplete="off">
|
||||
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_ldap_provider_url != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
|
||||
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{{ content.config_ldap_dn }}" autocomplete="off">
|
||||
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_ldap_dn != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off">
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if feature_support['oauth'] %}
|
||||
<div data-related="login-settings-2">
|
||||
<div class="form-group">
|
||||
<a href="https://github.com/settings/developers" target="_blank">{{_('Obtain GitHub OAuth Credential')}}</a>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
|
||||
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||
|
@ -214,6 +217,9 @@
|
|||
</div>
|
||||
</div>
|
||||
<div data-related="login-settings-3">
|
||||
<div class="form-group">
|
||||
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label>
|
||||
<input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||
|
|
|
@ -21,14 +21,14 @@
|
|||
{% if config.config_remote_login %}
|
||||
<a href="{{url_for('web.remote_login')}}" class="pull-right">{{_('Log in with magic link')}}</a>
|
||||
{% endif %}
|
||||
{% if config.config_use_github_oauth %}
|
||||
{% if config.config_login_type == 2 %}
|
||||
<a href="{{url_for('oauth.github_login')}}" class="pull-right">
|
||||
<svg height="32" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true">
|
||||
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path>
|
||||
</svg>
|
||||
</a>
|
||||
{% endif %}
|
||||
{% if config.config_use_google_oauth %}
|
||||
{% if config.config_login_type == 3 %}
|
||||
<a href="{{url_for('oauth.google_login')}}" class="pull-right">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
|
||||
width="40" height="40"
|
||||
|
|
19
cps/web.py
19
cps/web.py
|
@ -177,21 +177,6 @@ def remote_login_required(f):
|
|||
return inner
|
||||
|
||||
|
||||
def google_oauth_required(f):
|
||||
@wraps(f)
|
||||
def inner(*args, **kwargs):
|
||||
if config.config_use_google_oauth:
|
||||
return f(*args, **kwargs)
|
||||
if request.is_xhr:
|
||||
data = {'status': 'error', 'message': 'Not Found'}
|
||||
response = make_response(json.dumps(data, ensure_ascii=False))
|
||||
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
||||
return response, 404
|
||||
abort(404)
|
||||
|
||||
return inner
|
||||
|
||||
|
||||
def admin_required(f):
|
||||
"""
|
||||
Checks if current_user.role == 1
|
||||
|
@ -1330,7 +1315,7 @@ def login():
|
|||
ub.User.try_login(form['username'], form['password'], config.config_ldap_dn,
|
||||
config.config_ldap_provider_url)
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("web.index"))
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||
|
@ -1342,7 +1327,7 @@ def login():
|
|||
else:
|
||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("web.index"))
|
||||
else:
|
||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||
|
|
Loading…
Reference in New Issue
Block a user