improve oidc compatibility

2020-05-30 19:00:08 +02:00 · 2020-05-30 19:00:08 +02:00 · 5e61029259
parent 5826517111
commit 5e61029259
3 changed files with 11 additions and 37 deletions
--- a/lenticular_cloud/model_db.py
+++ b/lenticular_cloud/model_db.py
@ -1,35 +0,0 @@
-from flask_sqlalchemy import SQLAlchemy, orm
-from datetime import datetime
-import uuid
-import pyotp
-
-db = SQLAlchemy()  # type: SQLAlchemy
-
-
-def generate_uuid():
-    return str(uuid.uuid4())
-
-
-class User(db.Model):
-    id = db.Column(
-            db.String(length=36), primary_key=True, default=generate_uuid)
-    username = db.Column(
-            db.String, unique=True)
-
-    totps = db.relationship('Totp', back_populates='user')
-
-
-class Totp(object):
-    id = db.Column(db.Integer, primary_key=True)
-    secret = db.Column(db.String, nullable=False)
-    name = db.Column(db.String, nullable=False)
-    created_at = db.Column(db.DateTime, default=datetime.now, nullable=False)
-
-    user_id = db.Column(
-            db.Integer,
-            db.ForeignKey(User.id), nullable=False)
-    user = db.relationship(User)
-
-    def verify(self, token: str):
-        totp = pyotp.TOTP(self._secret)
-        return totp.verify(token)
--- a/lenticular_cloud/views/auth.py
+++ b/lenticular_cloud/views/auth.py
@ -33,8 +33,10 @@ def consent():

    consent_request = current_app.hydra_api.get_consent_request(
                                request.args['consent_challenge'])
+
    requested_scope = consent_request.requested_scope
    requested_audiences = consent_request.requested_access_token_audience
+    user = User.query.get(consent_request.subject)

    if form.validate_on_submit() or consent_request.skip:
        resp = current_app.hydra_api.accept_consent_request(
@ -43,6 +45,12 @@ def consent():
                'grant_access_token_audience': requested_audiences,
                'remember': form.data['remember'],
                'remember_for': remember_for,
+                'session': {
+                    'access_token': {},
+                    'id_token': {
+                        'preferd_username': user.username
+                        }
+                    }
            })
        return redirect(resp.redirect_to)
    return render_template(
@ -105,7 +113,8 @@ def login_auth():
        resp = current_app.hydra_api.accept_login_request(
            login_challenge, body={
                'subject': subject,
-                'remember': remember_me})
+                'remember': remember_me,
+            })
        return redirect(resp.redirect_to)
    return render_template('auth/login_auth.html.j2', forms=auth_forms)

--- a/lenticular_cloud/views/frontend.py
+++ b/lenticular_cloud/views/frontend.py
@ -26,7 +26,7 @@ logger = logging.getLogger(__name__)
 def before_request():
    try:
        resp = current_app.oauth.session.get('/userinfo')
-        if not current_user.is_authenticated:
+        if not current_user.is_authenticated or resp.status_code is not 200:
            return redirect(url_for('oauth.login'))
    except TokenExpiredError:
        return redirect(url_for('oauth.login'))