From d9e47f51c6d9a11702e381066c7102fa730ce718 Mon Sep 17 00:00:00 2001 From: dsc Date: Tue, 29 Aug 2023 21:45:04 +0300 Subject: [PATCH] upgrade OIDC client library --- requirements.txt | 3 ++- yellow/auth.py | 16 +++++----------- yellow/factory.py | 15 +++++++++------ yellow/routes.py | 4 ++-- 4 files changed, 18 insertions(+), 20 deletions(-) diff --git a/requirements.txt b/requirements.txt index 847cf0c..2948c7f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ peewee quart -quart_session_openid +Quart-Keycloak +uvicorn \ No newline at end of file diff --git a/yellow/auth.py b/yellow/auth.py index 40515d5..cac5628 100644 --- a/yellow/auth.py +++ b/yellow/auth.py @@ -3,19 +3,13 @@ import re import peewee from quart import session, redirect, url_for -from yellow.factory import openid +from yellow.factory import keycloak from yellow.models import User -@openid.after_token() -async def handle_user_login(resp: dict): - access_token = resp["access_token"] - openid.verify_token(access_token) - - user = await openid.user_info(access_token) - username = user['preferred_username'] - uid = user['sub'] - +@keycloak.after_login() +async def handle_user_login(auth_token: KeycloakAuthToken): + username = auth_token.username if not re.match(r"^[a-zA-Z0-9_\.-]+$", username): raise Exception("bad username") @@ -30,4 +24,4 @@ async def handle_user_login(resp: dict): # user is now logged in session['user'] = user.to_json() - return redirect(url_for('bp_routes.dashboard')) + return redirect(url_for('bp_routes.dashboard')) \ No newline at end of file diff --git a/yellow/factory.py b/yellow/factory.py index 3cf7b88..c19c6b5 100644 --- a/yellow/factory.py +++ b/yellow/factory.py @@ -4,15 +4,21 @@ from datetime import datetime import asyncio from quart import Quart, url_for, jsonify, render_template, session -from quart_session_openid import OpenID from quart_session import Session +from quart_keycloak import Keycloak, KeycloakAuthToken, KeycloakLogoutRequest +from quart_session import Session +from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware import settings app: Quart = None peewee = None cache = None -openid: OpenID = None + +if settings.X_FORWARDED: + app.asgi_app = ProxyHeadersMiddleware(app.asgi_app, trusted_hosts=["127.0.0.1", "10.1.0.1"]) + +keycloak = Keycloak(app, **settings.OPENID_CFG) async def _setup_database(app: Quart): @@ -24,8 +30,6 @@ async def _setup_database(app: Quart): async def _setup_openid(app: Quart): - global openid - openid = OpenID(app, **settings.OPENID_CFG) from yellow.auth import handle_user_login @@ -59,13 +63,12 @@ def create_app(): @app.context_processor def template_variables(): - global openid from yellow.models import User current_user = session.get('user') if current_user: current_user = User(**current_user) now = datetime.now() - return dict(user=current_user, url_login=openid.endpoint_name_login, year=now.year) + return dict(user=current_user, url_login=keycloak.endpoint_name_login, year=now.year) @app.before_serving async def startup(): diff --git a/yellow/routes.py b/yellow/routes.py index d8a601b..46001dd 100644 --- a/yellow/routes.py +++ b/yellow/routes.py @@ -2,7 +2,6 @@ from quart import render_template, request, redirect, url_for, jsonify, Blueprin import re from yellow import login_required -from yellow.factory import openid from yellow.models import User bp_routes = Blueprint('bp_routes', __name__) @@ -15,7 +14,8 @@ async def root(): @bp_routes.route("/login") async def login(): - return redirect(url_for(openid.endpoint_name_login)) + from yellow.factory import keycloak + return redirect(url_for(keycloak.endpoint_name_login)) @bp_routes.route("/logout")