2023-02-04 17:41:49 +00:00
|
|
|
import datetime
|
|
|
|
|
2024-03-15 18:58:06 +00:00
|
|
|
from flask import Blueprint
|
|
|
|
from flask import abort
|
2024-10-14 12:04:39 +00:00
|
|
|
from flask import current_app
|
2024-03-15 18:58:06 +00:00
|
|
|
from flask import flash
|
|
|
|
from flask import request
|
|
|
|
|
2024-10-14 12:04:39 +00:00
|
|
|
from canaille.app import generate_security_log
|
2023-04-09 09:37:04 +00:00
|
|
|
from canaille.app import models
|
2023-04-09 13:52:55 +00:00
|
|
|
from canaille.app.flask import permissions_needed
|
|
|
|
from canaille.app.flask import render_htmx_template
|
|
|
|
from canaille.app.forms import TableForm
|
2023-09-01 08:46:56 +00:00
|
|
|
from canaille.app.i18n import gettext as _
|
2023-08-16 15:14:11 +00:00
|
|
|
from canaille.app.themes import render_template
|
2024-04-16 20:42:29 +00:00
|
|
|
from canaille.backends import Backend
|
2020-08-26 15:23:53 +00:00
|
|
|
|
2023-12-25 23:23:47 +00:00
|
|
|
from .forms import TokenRevokationForm
|
|
|
|
|
2022-01-11 18:49:06 +00:00
|
|
|
bp = Blueprint("tokens", __name__, url_prefix="/admin/token")
|
2020-08-26 15:23:53 +00:00
|
|
|
|
|
|
|
|
2023-02-25 17:11:19 +00:00
|
|
|
@bp.route("/", methods=["GET", "POST"])
|
2021-12-02 17:23:14 +00:00
|
|
|
@permissions_needed("manage_oidc")
|
2020-10-29 10:09:31 +00:00
|
|
|
def index(user):
|
2023-04-09 09:37:04 +00:00
|
|
|
table_form = TableForm(models.Token, formdata=request.form)
|
2023-02-25 17:11:19 +00:00
|
|
|
if request.form and request.form.get("page") and not table_form.validate():
|
|
|
|
abort(404)
|
|
|
|
|
2023-03-09 16:41:26 +00:00
|
|
|
return render_htmx_template(
|
2023-08-14 13:28:20 +00:00
|
|
|
"token_list.html", menuitem="admin", table_form=table_form
|
2022-01-11 18:49:06 +00:00
|
|
|
)
|
2020-08-26 15:23:53 +00:00
|
|
|
|
|
|
|
|
2023-06-29 10:15:12 +00:00
|
|
|
@bp.route("/<token:token>", methods=["GET", "POST"])
|
2021-12-02 17:23:14 +00:00
|
|
|
@permissions_needed("manage_oidc")
|
2023-06-29 10:15:12 +00:00
|
|
|
def view(user, token):
|
2023-07-06 16:43:37 +00:00
|
|
|
form = TokenRevokationForm(request.form or None)
|
|
|
|
|
|
|
|
if request.form and form.validate():
|
|
|
|
if request.form.get("action") == "confirm-revoke":
|
|
|
|
return render_template("modals/revoke-token.html", token=token)
|
|
|
|
|
|
|
|
elif request.form.get("action") == "revoke":
|
|
|
|
token.revokation_date = datetime.datetime.now(datetime.timezone.utc)
|
2024-04-16 20:42:29 +00:00
|
|
|
Backend.instance.save(token)
|
2024-10-14 12:04:39 +00:00
|
|
|
request_ip = request.remote_addr or "unknown IP"
|
|
|
|
current_app.logger.info(
|
|
|
|
generate_security_log(
|
|
|
|
f"Revoked token for {token.subject.user_name} in client {token.client.client_name} by {user.user_name} from {request_ip}"
|
|
|
|
)
|
|
|
|
)
|
2023-07-06 16:43:37 +00:00
|
|
|
flash(_("The token has successfully been revoked."), "success")
|
|
|
|
|
|
|
|
else:
|
|
|
|
abort(400, f"bad form action: {request.form.get('action')}")
|
|
|
|
|
2022-02-03 08:51:04 +00:00
|
|
|
return render_template(
|
2023-08-14 13:28:20 +00:00
|
|
|
"token_view.html",
|
2022-02-03 08:51:04 +00:00
|
|
|
token=token,
|
|
|
|
menuitem="admin",
|
2023-07-06 16:43:37 +00:00
|
|
|
form=form,
|
2022-02-03 08:51:04 +00:00
|
|
|
)
|