remove totp, cleanup, bugfixes

lenticular_cloud/views/auth.py

@@ -51,9 +51,13 @@ async def consent() -> ResponseReturnValue:
 
     if form.validate_on_submit() or consent_request.skip:
 
+        if type(consent_request.subject) != str:
+            logger.error("not set subject `consent_request.subject`")
+            return 'internal error', 500
         uid = UUID(consent_request.subject)
         user = User.query.get(uid)
         if user is None:
+            logger.error("user not found, even if it should exist")
             return 'internal error', 500
         access_token = {
             'name': str(user.username),

lenticular_cloud/views/frontend.py

@@ -25,10 +25,9 @@ from webauthn.helpers.structs import (
     UserVerificationRequirement,
 )
 
-from ..model import db, User, Totp, AppToken, PasskeyCredential
-from ..form.frontend import ClientCertForm, TOTPForm, \
-    TOTPDeleteForm, PasswordChangeForm, WebauthnRegisterForm, \
-    AppTokenForm, AppTokenDeleteForm
+from ..model import db, User, AppToken, PasskeyCredential
+from ..form.frontend import ClientCertForm, PasswordChangeForm, \
+    AppTokenForm, AppTokenDeleteForm, PasskeyRegisterForm
 from ..form.base import  ButtonForm
 from ..auth_providers import PasswordAuthProvider
 from .oauth2 import redirect_login, oauth2
@@ -188,43 +187,6 @@ def app_token_delete(app_token_name: str) -> ResponseReturnValue:
 
     return redirect(url_for('frontend.app_token'))
 
-@frontend_views.route('/totp')
-def totp() -> ResponseReturnValue:
-    delete_form = TOTPDeleteForm()
-    return render_template('frontend/totp.html.j2', delete_form=delete_form)
-
-
-@frontend_views.route('/totp/new', methods=['GET', 'POST'])
-def totp_new() -> ResponseReturnValue:
-    form = TOTPForm()
-
-    if form.validate_on_submit():
-        totp = Totp(name=form.data['name'], secret=form.data['secret'], user=get_current_user())
-        if totp.verify(form.data['token']):
-            get_current_user().totps.append(totp)
-            db.session.commit()
-            return jsonify({
-                    'status': 'ok'})
-        else:
-            return jsonify({
-                'status': 'error',
-                'errors': [
-                    'TOTP Token invalid'
-                    ]})
-    return render_template('frontend/totp_new.html.j2', form=form)
-
-
-@frontend_views.route('/totp/<totp_name>/delete', methods=['GET', 'POST'])
-def totp_delete(totp_name) -> ResponseReturnValue:
-    totp = Totp.query.filter(Totp.name == totp_name).first() # type: Optional[Totp]
-    db.session.delete(totp)
-    db.session.commit()
-
-    return jsonify({
-            'status': 'ok'})
-
-
-
 ## Passkey
 
 @frontend_views.route('/passkey/list', methods=['GET'])
@@ -243,7 +205,7 @@ def passkey_new() -> ResponseReturnValue:
     
 
     user = get_current_user() # type: User 
-    form = WebauthnRegisterForm()
+    form = PasskeyRegisterForm()
 
     options = webauthn.generate_registration_options(
         rp_name="Lenticluar Cloud",

lenticular_cloud/views/oauth2.py

@@ -1,7 +1,7 @@
 from authlib.integrations.flask_client import OAuth
 from authlib.integrations.base_client.errors import MismatchingStateError, OAuthError
-from flask import Flask, Blueprint, Response, session, request, redirect, url_for
-from flask_login import login_user, logout_user, current_user
+from flask import Flask, Blueprint, current_app, session, request, redirect, url_for
+from flask_login import login_user, logout_user
 from flask.typing import ResponseReturnValue
 from flask_login import LoginManager
 from typing import Optional
@@ -29,7 +29,8 @@ login_manager = LoginManager()
 def redirect_login() -> ResponseReturnValue:
     logout_user()
     session['next_url'] = request.path
-    redirect_uri = url_for('oauth2.authorized', _external=True)
+    public_url = current_app.config['PUBLIC_URL']
+    redirect_uri = public_url + url_for('oauth2.authorized')
     response = oauth2.custom.authorize_redirect(redirect_uri)
     if not isinstance(response, WerkzeugResponse):
         raise RuntimeError("invalid redirect")