lenticular_cloud2/lenticular_cloud/views/oauth2.py

from authlib.integrations.flask_client import OAuth
from authlib.integrations.base_client.errors import MismatchingStateError
from flask import Flask, Blueprint, Response, session, request, redirect, url_for
from flask_login import login_user, logout_user, current_user
from flask.typing import ResponseReturnValue
from flask_login import LoginManager
from typing import Optional
from werkzeug.wrappers.response import Response as WerkzeugResponse
import logging

from ..model import User, SecurityUser

logger = logging.getLogger(__name__)

def fetch_token(name: str) -> Optional[dict]:
    token = session.get('token', None)
    if isinstance(token, dict):
        return token
    return None

oauth2 = OAuth(fetch_token=fetch_token)

oauth2_views = Blueprint('oauth2', __name__, url_prefix='/oauth')

login_manager = LoginManager()

def redirect_login() -> ResponseReturnValue:
    logout_user()
    session['next_url'] = request.path
    redirect_uri = url_for('oauth2.authorized', _external=True)
    response = oauth2.custom.authorize_redirect(redirect_uri)
    if not isinstance(response, WerkzeugResponse):
        raise RuntimeError("invalid redirect")
    return response


@oauth2_views.route('/authorized')
def authorized() -> ResponseReturnValue:
    try:
        token = oauth2.custom.authorize_access_token()
    except MismatchingStateError:
        logger.warning("MismatchingStateError redirect user")
        return redirect(url_for('oauth2.login'))
    if token is None:
        return 'bad request', 400
    session['token'] = token
    userinfo = oauth2.custom.get('/userinfo').json()
    user = User.query.get(str(userinfo["sub"])) # type: Optional[User]
    if user is None:
        return "user not found", 404
    logger.info(f"user `{user.username}` successfully logged in")
    login_user(SecurityUser(user.username))

    next_url = request.args.get('next_url')
    if next_url is None:
        next_url = '/'
    return redirect(next_url)


@oauth2_views.route('login')
def login() -> ResponseReturnValue:
    redirect_uri = url_for('.authorized', _external=True)
    response = oauth2.custom.authorize_redirect(redirect_uri)
    if not isinstance(response, WerkzeugResponse):
        raise RuntimeError("invalid redirect")
    return response


@login_manager.user_loader
def user_loader(username) -> Optional[User]:
    user =  User.query.filter_by(username=username).first() # type: Optional[User]
    if isinstance(user, User):
        return user
    else:
        return None

@login_manager.request_loader
def request_loader(_request):
    pass

@login_manager.unauthorized_handler
def unauthorized() -> Optional[User]:
    pass

def init_login_manager(app: Flask) -> None:

    base_url = app.config['HYDRA_PUBLIC_URL']
    if not isinstance(base_url, str):
        raise RuntimeError("HYDRA_PUBLIC_URL not set")

    oauth2.register(
        name="custom",
        client_id=app.config['OAUTH_ID'],
        client_secret=app.config['OAUTH_SECRET'],
        access_token_url=f"{base_url}/oauth2/token",
        authorize_url=f"{base_url}/oauth2/auth",
        api_base_url=base_url,

        client_kwargs={'scope': ' '.join(['openid', 'profile', 'manage'])}
    )
    oauth2.init_app(app)
    login_manager.init_app(app)
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`from authlib.integrations.flask_client import OAuth`
			`from authlib.integrations.base_client.errors import MismatchingStateError`
remove ldap 2022-06-17 11:38:49 +00:00			`from flask import Flask, Blueprint, Response, session, request, redirect, url_for`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`from flask_login import login_user, logout_user, current_user`
			`from flask.typing import ResponseReturnValue`
			`from flask_login import LoginManager`
			`from typing import Optional`
update fixes, ... 2022-07-15 08:53:06 +00:00			`from werkzeug.wrappers.response import Response as WerkzeugResponse`
remove ldap 2022-06-17 11:38:49 +00:00			`import logging`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00
			`from ..model import User, SecurityUser`

remove ldap 2022-06-17 11:38:49 +00:00			`logger = logging.getLogger(__name__)`

fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`def fetch_token(name: str) -> Optional[dict]:`
move migration, bugfixes, .... 2022-04-08 19:29:23 +00:00			`token = session.get('token', None)`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`if isinstance(token, dict):`
			`return token`
			`return None`

			`oauth2 = OAuth(fetch_token=fetch_token)`

			`oauth2_views = Blueprint('oauth2', __name__, url_prefix='/oauth')`

			`login_manager = LoginManager()`

			`def redirect_login() -> ResponseReturnValue:`
			`logout_user()`
			`session['next_url'] = request.path`
			`redirect_uri = url_for('oauth2.authorized', _external=True)`
remove ldap 2022-06-17 11:38:49 +00:00			`response = oauth2.custom.authorize_redirect(redirect_uri)`
update fixes, ... 2022-07-15 08:53:06 +00:00			`if not isinstance(response, WerkzeugResponse):`
more ldap migration 2022-06-18 17:35:05 +00:00			`raise RuntimeError("invalid redirect")`
remove ldap 2022-06-17 11:38:49 +00:00			`return response`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00

			`@oauth2_views.route('/authorized')`
			`def authorized() -> ResponseReturnValue:`
			`try:`
			`token = oauth2.custom.authorize_access_token()`
			`except MismatchingStateError:`
remove ldap 2022-06-17 11:38:49 +00:00			`logger.warning("MismatchingStateError redirect user")`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`return redirect(url_for('oauth2.login'))`
			`if token is None:`
			`return 'bad request', 400`
			`session['token'] = token`
			`userinfo = oauth2.custom.get('/userinfo').json()`
update fixes, ... 2022-07-15 08:53:06 +00:00			`user = User.query.get(str(userinfo["sub"])) # type: Optional[User]`
remove ldap 2022-06-17 11:38:49 +00:00			`if user is None:`
			`return "user not found", 404`
code cleanup, mypy 2022-06-18 11:05:18 +00:00			logger.info(f"user `{user.username}` successfully logged in")
remove ldap 2022-06-17 11:38:49 +00:00			`login_user(SecurityUser(user.username))`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00
			`next_url = request.args.get('next_url')`
			`if next_url is None:`
			`next_url = '/'`
			`return redirect(next_url)`

remove ldap 2022-06-17 11:38:49 +00:00
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`@oauth2_views.route('login')`
			`def login() -> ResponseReturnValue:`
			`redirect_uri = url_for('.authorized', _external=True)`
remove ldap 2022-06-17 11:38:49 +00:00			`response = oauth2.custom.authorize_redirect(redirect_uri)`
update fixes, ... 2022-07-15 08:53:06 +00:00			`if not isinstance(response, WerkzeugResponse):`
			`raise RuntimeError("invalid redirect")`
remove ldap 2022-06-17 11:38:49 +00:00			`return response`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00

			`@login_manager.user_loader`
			`def user_loader(username) -> Optional[User]:`
update fixes, ... 2022-07-15 08:53:06 +00:00			`user = User.query.filter_by(username=username).first() # type: Optional[User]`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`if isinstance(user, User):`
			`return user`
			`else:`
			`return None`

			`@login_manager.request_loader`
			`def request_loader(_request):`
			`pass`

			`@login_manager.unauthorized_handler`
remove ldap 2022-06-17 11:38:49 +00:00			`def unauthorized() -> Optional[User]:`
			`pass`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00
remove ldap 2022-06-17 11:38:49 +00:00			`def init_login_manager(app: Flask) -> None:`
fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00
			`base_url = app.config['HYDRA_PUBLIC_URL']`
remove ldap 2022-06-17 11:38:49 +00:00			`if not isinstance(base_url, str):`
			`raise RuntimeError("HYDRA_PUBLIC_URL not set")`

fix lots of stuff, migrate to new client api 2022-02-19 22:16:13 +00:00			`oauth2.register(`
			`name="custom",`
			`client_id=app.config['OAUTH_ID'],`
			`client_secret=app.config['OAUTH_SECRET'],`
			`access_token_url=f"{base_url}/oauth2/token",`
			`authorize_url=f"{base_url}/oauth2/auth",`
			`api_base_url=base_url,`

			`client_kwargs={'scope': ' '.join(['openid', 'profile', 'manage'])}`
			`)`
			`oauth2.init_app(app)`
			`login_manager.init_app(app)`