lenticular_cloud2/lenticular_cloud/views/auth.py


from urllib.parse import urlencode, parse_qs

import flask
from flask import Blueprint, redirect
from flask import current_app, session
from flask.templating import render_template
from flask_babel import gettext

from flask import request, url_for, jsonify
from flask_login import login_required, login_user, logout_user, current_user
import logging
from urllib.parse import urlparse
from base64 import b64decode, b64encode
import http
import crypt
import ory_hydra_client
from datetime import datetime

from ..model import db, User, SecurityUser, UserSignUp
from ..form.auth import ConsentForm, LoginForm, RegistrationForm
from ..auth_providers import AUTH_PROVIDER_LIST


auth_views = Blueprint('auth', __name__, url_prefix='/auth')


@auth_views.route('/consent', methods=['GET', 'POST'])
def consent():
    """Always grant consent."""
    # DUMMPY ONLY

    form = ConsentForm()
    remember_for = 60*60*24*30  # remember for 7 days

    try:
        consent_request = current_app.hydra_api.get_consent_request(
                                    request.args['consent_challenge'])
    except ory_hydra_client.exceptions.ApiException:
        return redirect(url_for('frontend.index'))

    requested_scope = consent_request.requested_scope
    requested_audiences = consent_request.requested_access_token_audience

    if form.validate_on_submit() or consent_request.skip:
        user = User.query.get(consent_request.subject)
        token_data = {
            'name': str(user.username),
            'preferred_username': str(user.username),
            'email': str(user.email),
            'email_verified': True,
            'groups': [group.name for group in user.groups]
        }
        id_token_data = {}
        if 'openid' in requested_scope:
            id_token_data = token_data
        resp = current_app.hydra_api.accept_consent_request(
            consent_request.challenge, body={
                'grant_scope': requested_scope,
                'grant_access_token_audience': requested_audiences,
                'remember': form.data['remember'],
                'remember_for': remember_for,
                'session': {
                    'access_token': token_data,
                    'id_token': id_token_data
                }
            })
        return redirect(resp.redirect_to)
    return render_template(
            'auth/consent.html.j2',
            form=form,
            client=consent_request.client,
            requested_scope=requested_scope,
            requested_audiences=requested_audiences)


@auth_views.route('/login', methods=['GET', 'POST'])
def login():
    login_challenge = request.args.get('login_challenge')
    try:
        login_request = current_app.hydra_api.get_login_request(login_challenge)
    except ory_hydra_client.exceptions.ApiValueError:
        return redirect(url_for('frontend.index'))

    if login_request.skip:
        resp = current_app.hydra_api.accept_login_request(
            login_challenge,
            body={'subject': login_request.subject})
        return redirect(resp.redirect_to)
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query_().by_username(form.data['name'])
        if user:
            session['username'] = str(user.username)
        else:
            session['user'] = None
        session['auth_providers'] = []
        return redirect(
                url_for('auth.login_auth', login_challenge=login_challenge))
    return render_template('auth/login.html.j2', form=form)


@auth_views.route('/login/auth', methods=['GET', 'POST'])
def login_auth():
    login_challenge = request.args.get('login_challenge')
    try:
        login_request = current_app.hydra_api.get_login_request(login_challenge)
    except ory_hydra_client.exceptions.ApiValueError:
        return redirect(url_for('frontend.index'))

    if 'username' not in session:
        return redirect(url_for('auth.login'))
    auth_forms = {}
    user = User.query_().by_username(session['username'])
    for auth_provider in AUTH_PROVIDER_LIST:
        form = auth_provider.get_form()
        if auth_provider.get_name() not in session['auth_providers'] and\
           auth_provider.check_auth(user, form):
            session['auth_providers'].append(auth_provider.get_name())

        if auth_provider.get_name() not in session['auth_providers']:
            auth_forms[auth_provider.get_name()]=form

    if len(session['auth_providers']) >= 2:
        remember_me = True
#       if db_user is None:
#           db_user = User(username=session['username'])
#           db.session.add(db_user)
#           db.session.commit()

        subject = user.id
        user.last_login = datetime.now()
        db.session.commit()
        resp = current_app.hydra_api.accept_login_request(
            login_challenge, body={
                'subject': subject,
                'remember': remember_me,
            })
        return redirect(resp.redirect_to)
    return render_template('auth/login_auth.html.j2', forms=auth_forms)


@auth_views.route("/logout")
def logout():
    logout_challenge = request.args.get('logout_challenge')
    logout_request = current_app.hydra_api.get_logout_request(logout_challenge)
    resp = current_app.hydra_api.accept_logout_request(logout_challenge)
    # TODO confirm
    return redirect(resp.redirect_to)


@auth_views.route("/sign_up", methods=["GET"])
def sign_up():
    form = RegistrationForm()
    return render_template('auth/sign_up.html.j2', form=form)

@auth_views.route("/sign_up", methods=["POST"])
def sign_up_submit():
    form = RegistrationForm()
    if form.validate_on_submit():
        user = UserSignUp()
        user.username = form.data['username']
        user.password = crypt.crypt(form.data['password'])
        user.alternative_email = form.data['alternative_email']
        db.session.add(user)
        db.session.commit()
        return jsonify({})
    return jsonify({
            'status': 'error',
            'errors': form.errors
        })
init commit 2020-05-09 18:00:07 +00:00
			`from urllib.parse import urlencode, parse_qs`

			`import flask`
			`from flask import Blueprint, redirect`
			`from flask import current_app, session`
			`from flask.templating import render_template`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`from flask_babel import gettext`
init commit 2020-05-09 18:00:07 +00:00
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`from flask import request, url_for, jsonify`
use hydra userinfo and id_token info 2020-05-30 21:33:59 +00:00			`from flask_login import login_required, login_user, logout_user, current_user`
init commit 2020-05-09 18:00:07 +00:00			`import logging`
refactor, implement next attribute, for forward, service need user approve berfore redirect 2020-05-13 15:04:22 +00:00			`from urllib.parse import urlparse`
			`from base64 import b64decode, b64encode`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`import http`
add registration form 2020-05-27 19:16:14 +00:00			`import crypt`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`import ory_hydra_client`
			`from datetime import datetime`
init commit 2020-05-09 18:00:07 +00:00
add registration form 2020-05-27 19:16:14 +00:00			`from ..model import db, User, SecurityUser, UserSignUp`
			`from ..form.auth import ConsentForm, LoginForm, RegistrationForm`
init commit 2020-05-09 18:00:07 +00:00			`from ..auth_providers import AUTH_PROVIDER_LIST`


change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`auth_views = Blueprint('auth', __name__, url_prefix='/auth')`
init commit 2020-05-09 18:00:07 +00:00
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`@auth_views.route('/consent', methods=['GET', 'POST'])`
			`def consent():`
			`"""Always grant consent."""`
			`# DUMMPY ONLY`
init commit 2020-05-09 18:00:07 +00:00
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`form = ConsentForm()`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`remember_for = 606024*30 # remember for 7 days`
refactor, implement next attribute, for forward, service need user approve berfore redirect 2020-05-13 15:04:22 +00:00
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`try:`
			`consent_request = current_app.hydra_api.get_consent_request(`
			`request.args['consent_challenge'])`
			`except ory_hydra_client.exceptions.ApiException:`
			`return redirect(url_for('frontend.index'))`
improve oidc compatibility 2020-05-30 17:00:08 +00:00
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`requested_scope = consent_request.requested_scope`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`requested_audiences = consent_request.requested_access_token_audience`

			`if form.validate_on_submit() or consent_request.skip:`
bugfixes 2020-05-30 21:43:55 +00:00			`user = User.query.get(consent_request.subject)`
use hydra userinfo and id_token info 2020-05-30 21:33:59 +00:00			`token_data = {`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`'name': str(user.username),`
bugfixes 2020-05-30 21:43:55 +00:00			`'preferred_username': str(user.username),`
			`'email': str(user.email),`
use hydra userinfo and id_token info 2020-05-30 21:33:59 +00:00			`'email_verified': True,`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`'groups': [group.name for group in user.groups]`
use hydra userinfo and id_token info 2020-05-30 21:33:59 +00:00			`}`
			`id_token_data = {}`
			`if 'openid' in requested_scope:`
			`id_token_data = token_data`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`resp = current_app.hydra_api.accept_consent_request(`
			`consent_request.challenge, body={`
			`'grant_scope': requested_scope,`
			`'grant_access_token_audience': requested_audiences,`
			`'remember': form.data['remember'],`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`'remember_for': remember_for,`
improve oidc compatibility 2020-05-30 17:00:08 +00:00			`'session': {`
use hydra userinfo and id_token info 2020-05-30 21:33:59 +00:00			`'access_token': token_data,`
			`'id_token': id_token_data`
			`}`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`})`
			`return redirect(resp.redirect_to)`
			`return render_template(`
			`'auth/consent.html.j2',`
			`form=form,`
			`client=consent_request.client,`
			`requested_scope=requested_scope,`
			`requested_audiences=requested_audiences)`

refactor, implement next attribute, for forward, service need user approve berfore redirect 2020-05-13 15:04:22 +00:00
init commit 2020-05-09 18:00:07 +00:00			`@auth_views.route('/login', methods=['GET', 'POST'])`
			`def login():`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`login_challenge = request.args.get('login_challenge')`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`try:`
			`login_request = current_app.hydra_api.get_login_request(login_challenge)`
			`except ory_hydra_client.exceptions.ApiValueError:`
			`return redirect(url_for('frontend.index'))`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00
			`if login_request.skip:`
			`resp = current_app.hydra_api.accept_login_request(`
			`login_challenge,`
			`body={'subject': login_request.subject})`
			`return redirect(resp.redirect_to)`
init commit 2020-05-09 18:00:07 +00:00			`form = LoginForm()`
			`if form.validate_on_submit():`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`user = User.query_().by_username(form.data['name'])`
fix not exist user 2020-05-13 18:08:28 +00:00			`if user:`
			`session['username'] = str(user.username)`
			`else:`
			`session['user'] = None`
init commit 2020-05-09 18:00:07 +00:00			`session['auth_providers'] = []`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`return redirect(`
			`url_for('auth.login_auth', login_challenge=login_challenge))`
			`return render_template('auth/login.html.j2', form=form)`
init commit 2020-05-09 18:00:07 +00:00

			`@auth_views.route('/login/auth', methods=['GET', 'POST'])`
			`def login_auth():`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`login_challenge = request.args.get('login_challenge')`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`try:`
			`login_request = current_app.hydra_api.get_login_request(login_challenge)`
			`except ory_hydra_client.exceptions.ApiValueError:`
			`return redirect(url_for('frontend.index'))`

init commit 2020-05-09 18:00:07 +00:00			`if 'username' not in session:`
			`return redirect(url_for('auth.login'))`
refactor, implement next attribute, for forward, service need user approve berfore redirect 2020-05-13 15:04:22 +00:00			`auth_forms = {}`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`user = User.query_().by_username(session['username'])`
init commit 2020-05-09 18:00:07 +00:00			`for auth_provider in AUTH_PROVIDER_LIST:`
			`form = auth_provider.get_form()`
			`if auth_provider.get_name() not in session['auth_providers'] and\`
			`auth_provider.check_auth(user, form):`
			`session['auth_providers'].append(auth_provider.get_name())`

			`if auth_provider.get_name() not in session['auth_providers']:`
refactor, implement next attribute, for forward, service need user approve berfore redirect 2020-05-13 15:04:22 +00:00			`auth_forms[auth_provider.get_name()]=form`
init commit 2020-05-09 18:00:07 +00:00
			`if len(session['auth_providers']) >= 2:`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`remember_me = True`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`# if db_user is None:`
			`# db_user = User(username=session['username'])`
			`# db.session.add(db_user)`
			`# db.session.commit()`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`subject = user.id`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`user.last_login = datetime.now()`
			`db.session.commit()`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`resp = current_app.hydra_api.accept_login_request(`
			`login_challenge, body={`
			`'subject': subject,`
improve oidc compatibility 2020-05-30 17:00:08 +00:00			`'remember': remember_me,`
			`})`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`return redirect(resp.redirect_to)`
add oauth2 token managment, partial password change, bugfixes 2020-05-26 20:55:37 +00:00			`return render_template('auth/login_auth.html.j2', forms=auth_forms)`
init commit 2020-05-09 18:00:07 +00:00

			`@auth_views.route("/logout")`
			`def logout():`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`logout_challenge = request.args.get('logout_challenge')`
			`logout_request = current_app.hydra_api.get_logout_request(logout_challenge)`
			`resp = current_app.hydra_api.accept_logout_request(logout_challenge)`
merge ldap user and db user, cleanup, add password change 2020-05-27 15:56:10 +00:00			`# TODO confirm`
change to hydra as oauth backend 2020-05-21 11:20:27 +00:00			`return redirect(resp.redirect_to)`

init commit 2020-05-09 18:00:07 +00:00
add registration form 2020-05-27 19:16:14 +00:00
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`@auth_views.route("/sign_up", methods=["GET"])`
add registration form 2020-05-27 19:16:14 +00:00			`def sign_up():`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`form = RegistrationForm()`
			`return render_template('auth/sign_up.html.j2', form=form)`

			`@auth_views.route("/sign_up", methods=["POST"])`
			`def sign_up_submit():`
add registration form 2020-05-27 19:16:14 +00:00			`form = RegistrationForm()`
			`if form.validate_on_submit():`
			`user = UserSignUp()`
			`user.username = form.data['username']`
			`user.password = crypt.crypt(form.data['password'])`
			`user.alternative_email = form.data['alternative_email']`
			`db.session.add(user)`
			`db.session.commit()`
add more registration stuff, admin interface 2020-06-01 21:43:10 +00:00			`return jsonify({})`
			`return jsonify({`
			`'status': 'error',`
			`'errors': form.errors`
			`})`