improve oidc compatibility
This commit is contained in:
parent
5826517111
commit
5e61029259
|
@ -1,35 +0,0 @@
|
||||||
from flask_sqlalchemy import SQLAlchemy, orm
|
|
||||||
from datetime import datetime
|
|
||||||
import uuid
|
|
||||||
import pyotp
|
|
||||||
|
|
||||||
db = SQLAlchemy() # type: SQLAlchemy
|
|
||||||
|
|
||||||
|
|
||||||
def generate_uuid():
|
|
||||||
return str(uuid.uuid4())
|
|
||||||
|
|
||||||
|
|
||||||
class User(db.Model):
|
|
||||||
id = db.Column(
|
|
||||||
db.String(length=36), primary_key=True, default=generate_uuid)
|
|
||||||
username = db.Column(
|
|
||||||
db.String, unique=True)
|
|
||||||
|
|
||||||
totps = db.relationship('Totp', back_populates='user')
|
|
||||||
|
|
||||||
|
|
||||||
class Totp(object):
|
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
|
||||||
secret = db.Column(db.String, nullable=False)
|
|
||||||
name = db.Column(db.String, nullable=False)
|
|
||||||
created_at = db.Column(db.DateTime, default=datetime.now, nullable=False)
|
|
||||||
|
|
||||||
user_id = db.Column(
|
|
||||||
db.Integer,
|
|
||||||
db.ForeignKey(User.id), nullable=False)
|
|
||||||
user = db.relationship(User)
|
|
||||||
|
|
||||||
def verify(self, token: str):
|
|
||||||
totp = pyotp.TOTP(self._secret)
|
|
||||||
return totp.verify(token)
|
|
|
@ -33,8 +33,10 @@ def consent():
|
||||||
|
|
||||||
consent_request = current_app.hydra_api.get_consent_request(
|
consent_request = current_app.hydra_api.get_consent_request(
|
||||||
request.args['consent_challenge'])
|
request.args['consent_challenge'])
|
||||||
|
|
||||||
requested_scope = consent_request.requested_scope
|
requested_scope = consent_request.requested_scope
|
||||||
requested_audiences = consent_request.requested_access_token_audience
|
requested_audiences = consent_request.requested_access_token_audience
|
||||||
|
user = User.query.get(consent_request.subject)
|
||||||
|
|
||||||
if form.validate_on_submit() or consent_request.skip:
|
if form.validate_on_submit() or consent_request.skip:
|
||||||
resp = current_app.hydra_api.accept_consent_request(
|
resp = current_app.hydra_api.accept_consent_request(
|
||||||
|
@ -43,6 +45,12 @@ def consent():
|
||||||
'grant_access_token_audience': requested_audiences,
|
'grant_access_token_audience': requested_audiences,
|
||||||
'remember': form.data['remember'],
|
'remember': form.data['remember'],
|
||||||
'remember_for': remember_for,
|
'remember_for': remember_for,
|
||||||
|
'session': {
|
||||||
|
'access_token': {},
|
||||||
|
'id_token': {
|
||||||
|
'preferd_username': user.username
|
||||||
|
}
|
||||||
|
}
|
||||||
})
|
})
|
||||||
return redirect(resp.redirect_to)
|
return redirect(resp.redirect_to)
|
||||||
return render_template(
|
return render_template(
|
||||||
|
@ -105,7 +113,8 @@ def login_auth():
|
||||||
resp = current_app.hydra_api.accept_login_request(
|
resp = current_app.hydra_api.accept_login_request(
|
||||||
login_challenge, body={
|
login_challenge, body={
|
||||||
'subject': subject,
|
'subject': subject,
|
||||||
'remember': remember_me})
|
'remember': remember_me,
|
||||||
|
})
|
||||||
return redirect(resp.redirect_to)
|
return redirect(resp.redirect_to)
|
||||||
return render_template('auth/login_auth.html.j2', forms=auth_forms)
|
return render_template('auth/login_auth.html.j2', forms=auth_forms)
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ logger = logging.getLogger(__name__)
|
||||||
def before_request():
|
def before_request():
|
||||||
try:
|
try:
|
||||||
resp = current_app.oauth.session.get('/userinfo')
|
resp = current_app.oauth.session.get('/userinfo')
|
||||||
if not current_user.is_authenticated:
|
if not current_user.is_authenticated or resp.status_code is not 200:
|
||||||
return redirect(url_for('oauth.login'))
|
return redirect(url_for('oauth.login'))
|
||||||
except TokenExpiredError:
|
except TokenExpiredError:
|
||||||
return redirect(url_for('oauth.login'))
|
return redirect(url_for('oauth.login'))
|
||||||
|
|
Loading…
Reference in a new issue