improve oidc compatibility
This commit is contained in:
parent
5826517111
commit
5e61029259
|
@ -1,35 +0,0 @@
|
|||
from flask_sqlalchemy import SQLAlchemy, orm
|
||||
from datetime import datetime
|
||||
import uuid
|
||||
import pyotp
|
||||
|
||||
db = SQLAlchemy() # type: SQLAlchemy
|
||||
|
||||
|
||||
def generate_uuid():
|
||||
return str(uuid.uuid4())
|
||||
|
||||
|
||||
class User(db.Model):
|
||||
id = db.Column(
|
||||
db.String(length=36), primary_key=True, default=generate_uuid)
|
||||
username = db.Column(
|
||||
db.String, unique=True)
|
||||
|
||||
totps = db.relationship('Totp', back_populates='user')
|
||||
|
||||
|
||||
class Totp(object):
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
secret = db.Column(db.String, nullable=False)
|
||||
name = db.Column(db.String, nullable=False)
|
||||
created_at = db.Column(db.DateTime, default=datetime.now, nullable=False)
|
||||
|
||||
user_id = db.Column(
|
||||
db.Integer,
|
||||
db.ForeignKey(User.id), nullable=False)
|
||||
user = db.relationship(User)
|
||||
|
||||
def verify(self, token: str):
|
||||
totp = pyotp.TOTP(self._secret)
|
||||
return totp.verify(token)
|
|
@ -33,8 +33,10 @@ def consent():
|
|||
|
||||
consent_request = current_app.hydra_api.get_consent_request(
|
||||
request.args['consent_challenge'])
|
||||
|
||||
requested_scope = consent_request.requested_scope
|
||||
requested_audiences = consent_request.requested_access_token_audience
|
||||
user = User.query.get(consent_request.subject)
|
||||
|
||||
if form.validate_on_submit() or consent_request.skip:
|
||||
resp = current_app.hydra_api.accept_consent_request(
|
||||
|
@ -43,6 +45,12 @@ def consent():
|
|||
'grant_access_token_audience': requested_audiences,
|
||||
'remember': form.data['remember'],
|
||||
'remember_for': remember_for,
|
||||
'session': {
|
||||
'access_token': {},
|
||||
'id_token': {
|
||||
'preferd_username': user.username
|
||||
}
|
||||
}
|
||||
})
|
||||
return redirect(resp.redirect_to)
|
||||
return render_template(
|
||||
|
@ -105,7 +113,8 @@ def login_auth():
|
|||
resp = current_app.hydra_api.accept_login_request(
|
||||
login_challenge, body={
|
||||
'subject': subject,
|
||||
'remember': remember_me})
|
||||
'remember': remember_me,
|
||||
})
|
||||
return redirect(resp.redirect_to)
|
||||
return render_template('auth/login_auth.html.j2', forms=auth_forms)
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ logger = logging.getLogger(__name__)
|
|||
def before_request():
|
||||
try:
|
||||
resp = current_app.oauth.session.get('/userinfo')
|
||||
if not current_user.is_authenticated:
|
||||
if not current_user.is_authenticated or resp.status_code is not 200:
|
||||
return redirect(url_for('oauth.login'))
|
||||
except TokenExpiredError:
|
||||
return redirect(url_for('oauth.login'))
|
||||
|
|
Loading…
Reference in a new issue