canaille-globuzma/canaille/oidc/endpoints/tokens.py

import datetime

from flask import Blueprint
from flask import abort
from flask import current_app
from flask import flash
from flask import request

from canaille.app import generate_security_log
from canaille.app import models
from canaille.app.flask import permissions_needed
from canaille.app.flask import render_htmx_template
from canaille.app.forms import TableForm
from canaille.app.i18n import gettext as _
from canaille.app.themes import render_template
from canaille.backends import Backend

from .forms import TokenRevokationForm

bp = Blueprint("tokens", __name__, url_prefix="/admin/token")


@bp.route("/", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def index(user):
    table_form = TableForm(models.Token, formdata=request.form)
    if request.form and request.form.get("page") and not table_form.validate():
        abort(404)

    return render_htmx_template(
        "token_list.html", menuitem="admin", table_form=table_form
    )


@bp.route("/<token:token>", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def view(user, token):
    form = TokenRevokationForm(request.form or None)

    if request.form and form.validate():
        if request.form.get("action") == "confirm-revoke":
            return render_template("modals/revoke-token.html", token=token)

        elif request.form.get("action") == "revoke":
            token.revokation_date = datetime.datetime.now(datetime.timezone.utc)
            Backend.instance.save(token)
            request_ip = request.remote_addr or "unknown IP"
            current_app.logger.info(
                generate_security_log(
                    f"Revoked token for {token.subject.user_name} in client {token.client.client_name} by {user.user_name} from {request_ip}"
                )
            )
            flash(_("The token has successfully been revoked."), "success")

        else:
            abort(400, f"bad form action: {request.form.get('action')}")

    return render_template(
        "token_view.html",
        token=token,
        menuitem="admin",
        form=form,
    )
Implements admin token deletion 2023-02-04 17:41:49 +00:00			`import datetime`

chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from flask import Blueprint`
			`from flask import abort`
feat: Added security logs for email update, forgotten password mail, token emission/refresh/revokation, new consent, consent revokation #177 2024-10-14 12:04:39 +00:00			`from flask import current_app`
chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from flask import flash`
			`from flask import request`

feat: Added security logs for email update, forgotten password mail, token emission/refresh/revokation, new consent, consent revokation #177 2024-10-14 12:04:39 +00:00			`from canaille.app import generate_security_log`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`from canaille.app import models`
'app' submodule 2023-04-09 13:52:55 +00:00			`from canaille.app.flask import permissions_needed`
			`from canaille.app.flask import render_htmx_template`
			`from canaille.app.forms import TableForm`
feat: flask-babel and pytz are now part of the front extras 2023-09-01 08:46:56 +00:00			`from canaille.app.i18n import gettext as _`
feat: split installation in different extras packages 2023-08-16 15:14:11 +00:00			`from canaille.app.themes import render_template`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`from canaille.backends import Backend`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00
refactor: gather endpoints in a 'endpoints' directory 2023-12-25 23:23:47 +00:00			`from .forms import TokenRevokationForm`

split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("tokens", __name__, url_prefix="/admin/token")`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`@bp.route("/", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`table_form = TableForm(models.Token, formdata=request.form)`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`if request.form and request.form.get("page") and not table_form.validate():`
			`abort(404)`

Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`return render_htmx_template(`
refactor: template overhaul 2023-08-14 13:28:20 +00:00			`"token_list.html", menuitem="admin", table_form=table_form`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`)`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`@bp.route("/<token:token>", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`def view(user, token):`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00			`form = TokenRevokationForm(request.form or None)`

			`if request.form and form.validate():`
			`if request.form.get("action") == "confirm-revoke":`
			`return render_template("modals/revoke-token.html", token=token)`

			`elif request.form.get("action") == "revoke":`
			`token.revokation_date = datetime.datetime.now(datetime.timezone.utc)`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.save(token)`
feat: Added security logs for email update, forgotten password mail, token emission/refresh/revokation, new consent, consent revokation #177 2024-10-14 12:04:39 +00:00			`request_ip = request.remote_addr or "unknown IP"`
			`current_app.logger.info(`
			`generate_security_log(`
			`f"Revoked token for {token.subject.user_name} in client {token.client.client_name} by {user.user_name} from {request_ip}"`
			`)`
			`)`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00			`flash(_("The token has successfully been revoked."), "success")`

			`else:`
			`abort(400, f"bad form action: {request.form.get('action')}")`

improved token admin page template 2022-02-03 08:51:04 +00:00			`return render_template(`
refactor: template overhaul 2023-08-14 13:28:20 +00:00			`"token_view.html",`
improved token admin page template 2022-02-03 08:51:04 +00:00			`token=token,`
			`menuitem="admin",`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00			`form=form,`
improved token admin page template 2022-02-03 08:51:04 +00:00			`)`