canaille-globuzma/canaille/__init__.py

import datetime
import ldap
import os
import toml

import canaille.admin
import canaille.admin.authorizations
import canaille.admin.clients
import canaille.admin.mail
import canaille.admin.tokens
import canaille.consents
import canaille.configuration
import canaille.oauth
import canaille.account
import canaille.groups
import canaille.well_known

from flask import Flask, g, request, render_template, session
from flask_babel import Babel

from .flaskutils import current_user
from .ldaputils import LDAPObject
from .oauth2utils import config_oauth
from .models import User, Token, AuthorizationCode, Client, Consent, Group

try:  # pragma: no cover
    import sentry_sdk
    from sentry_sdk.integrations.flask import FlaskIntegration

    SENTRY = True
except Exception:
    SENTRY = False


def create_app(config=None):
    app = Flask(__name__)
    dir_path = os.path.dirname(os.path.realpath(__file__))

    app.config.from_mapping(
        {
            "SESSION_COOKIE_NAME": "canaille",
            "OAUTH2_REFRESH_TOKEN_GENERATOR": True,
        }
    )
    if config:
        app.config.from_mapping(config)
    elif "CONFIG" in os.environ:
        app.config.from_mapping(toml.load(os.environ.get("CONFIG")))
    elif os.path.exists(os.path.join(dir_path, "conf", "config.toml")):
        app.config.from_mapping(
            toml.load(os.path.join(dir_path, "conf", "config.toml"))
        )
    else:
        raise Exception(
            "No configuration file found. "
            "Either create conf/config.toml or set the 'CONFIG' variable environment."
        )

    if os.environ.get("FLASK_ENV") == "development":
        canaille.configuration.setup_dev_keypair(app.config)

    canaille.configuration.validate(app.config)
    setup_app(app)

    return app


def setup_ldap_tree(app):
    conn = ldap.initialize(app.config["LDAP"]["URI"])
    if app.config["LDAP"].get("TIMEOUT"):
        conn.set_option(ldap.OPT_NETWORK_TIMEOUT, app.config["LDAP"]["TIMEOUT"])
    conn.simple_bind_s(app.config["LDAP"]["BIND_DN"], app.config["LDAP"]["BIND_PW"])
    Token.initialize(conn)
    AuthorizationCode.initialize(conn)
    Client.initialize(conn)
    Consent.initialize(conn)
    conn.unbind_s()


def setup_ldap_connection(app):
    g.ldap = ldap.initialize(app.config["LDAP"]["URI"])
    if app.config["LDAP"].get("TIMEOUT"):
        g.ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, app.config["LDAP"]["TIMEOUT"])
    g.ldap.simple_bind_s(app.config["LDAP"]["BIND_DN"], app.config["LDAP"]["BIND_PW"])


def teardown_ldap_connection(app):
    if "ldap" in g:
        g.ldap.unbind_s()


def setup_app(app):
    if SENTRY and app.config.get("SENTRY_DSN"):
        sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])

    try:
        LDAPObject.root_dn = app.config["LDAP"]["ROOT_DN"]
        user_base = app.config["LDAP"]["USER_BASE"]
        if user_base.endswith(app.config["LDAP"]["ROOT_DN"]):
            user_base = user_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1]
        User.base = user_base
        group_base = app.config["LDAP"].get("GROUP_BASE")
        Group.base = group_base

        app.url_map.strict_slashes = False

        config_oauth(app)
        setup_ldap_tree(app)
        app.register_blueprint(canaille.account.bp)
        app.register_blueprint(canaille.groups.bp, url_prefix="/groups")
        app.register_blueprint(canaille.oauth.bp, url_prefix="/oauth")
        app.register_blueprint(canaille.consents.bp, url_prefix="/consent")
        app.register_blueprint(canaille.well_known.bp, url_prefix="/.well-known")
        app.register_blueprint(canaille.admin.tokens.bp, url_prefix="/admin/token")
        app.register_blueprint(
            canaille.admin.authorizations.bp, url_prefix="/admin/authorization"
        )
        app.register_blueprint(canaille.admin.clients.bp, url_prefix="/admin/client")
        app.register_blueprint(canaille.admin.mail.bp, url_prefix="/admin/mail")

        babel = Babel(app)

        @babel.localeselector
        def get_locale():
            user = getattr(g, "user", None)
            if user is not None:
                return user.locale

            if app.config.get("LANGUAGE"):
                return app.config.get("LANGUAGE")

            return request.accept_languages.best_match(["fr_FR", "en_US"])

        @babel.timezoneselector
        def get_timezone():
            user = getattr(g, "user", None)
            if user is not None:
                return user.timezone

        @app.before_request
        def before_request():
            setup_ldap_connection(app)

        @app.after_request
        def after_request(response):
            teardown_ldap_connection(app)
            return response

        @app.before_request
        def make_session_permanent():
            session.permanent = True
            app.permanent_session_lifetime = datetime.timedelta(days=365)

        @app.context_processor
        def global_processor():
            return {
                "logo_url": app.config.get("LOGO"),
                "favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),
                "website_name": app.config.get("NAME"),
                "user": current_user(),
                "menu": True,
            }

        @app.errorhandler(400)
        def bad_request(e):
            return render_template("error.html", error=400), 400

        @app.errorhandler(403)
        def unauthorized(e):
            return render_template("error.html", error=403), 403

        @app.errorhandler(404)
        def page_not_found(e):
            return render_template("error.html", error=404), 404

        @app.errorhandler(500)
        def server_error(e):
            return render_template("error.html", error=500), 500

    except Exception as exc:
        if SENTRY and app.config.get("SENTRY_DSN"):
            sentry_sdk.capture_exception(exc)
        raise
default session is one year long 2021-07-01 09:04:57 +00:00			`import datetime`
Client forms 2020-08-17 13:49:48 +00:00			`import ldap`
			`import os`
			`import toml`

Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`import canaille.admin`
			`import canaille.admin.authorizations`
			`import canaille.admin.clients`
HTML password recovery email. Fixes #14 2020-10-29 11:00:19 +00:00			`import canaille.admin.mail`
			`import canaille.admin.tokens`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`import canaille.consents`
flask app refactoring 2021-10-12 16:24:51 +00:00			`import canaille.configuration`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`import canaille.oauth`
			`import canaille.account`
Show groups and enable group creation 2021-07-01 16:21:20 +00:00			`import canaille.groups`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`import canaille.well_known`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00
default session is one year long 2021-07-01 09:04:57 +00:00			`from flask import Flask, g, request, render_template, session`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00			`from flask_babel import Babel`

Admin login 2020-08-19 14:20:57 +00:00			`from .flaskutils import current_user`
Renamed LDAPObjectHelper into LDAPObject 2020-09-24 13:16:25 +00:00			`from .ldaputils import LDAPObject`
Admin login 2020-08-19 14:20:57 +00:00			`from .oauth2utils import config_oauth`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`from .models import User, Token, AuthorizationCode, Client, Consent, Group`
Client forms 2020-08-17 13:49:48 +00:00
Sentry support 2020-09-01 15:27:56 +00:00			`try: # pragma: no cover`
			`import sentry_sdk`
			`from sentry_sdk.integrations.flask import FlaskIntegration`

			`SENTRY = True`
			`except Exception:`
			`SENTRY = False`

Client forms 2020-08-17 13:49:48 +00:00
			`def create_app(config=None):`
			`app = Flask(__name__)`
Packaging 2020-08-31 09:23:50 +00:00			`dir_path = os.path.dirname(os.path.realpath(__file__))`
Client forms 2020-08-17 13:49:48 +00:00
Use a custom session cookie name 2020-08-26 07:41:53 +00:00			`app.config.from_mapping(`
better error messages 2021-10-11 23:06:25 +00:00			`{`
			`"SESSION_COOKIE_NAME": "canaille",`
			`"OAUTH2_REFRESH_TOKEN_GENERATOR": True,`
			`}`
Use a custom session cookie name 2020-08-26 07:41:53 +00:00			`)`
tests workflow 2020-08-18 15:39:34 +00:00			`if config:`
			`app.config.from_mapping(config)`
			`elif "CONFIG" in os.environ:`
			`app.config.from_mapping(toml.load(os.environ.get("CONFIG")))`
Packaging 2020-08-31 09:23:50 +00:00			`elif os.path.exists(os.path.join(dir_path, "conf", "config.toml")):`
black 2020-08-31 11:55:45 +00:00			`app.config.from_mapping(`
			`toml.load(os.path.join(dir_path, "conf", "config.toml"))`
			`)`
Configuration in its own dir 2020-08-27 13:30:21 +00:00			`else:`
Serve server metadata files 2020-08-27 14:08:26 +00:00			`raise Exception(`
			`"No configuration file found. "`
			`"Either create conf/config.toml or set the 'CONFIG' variable environment."`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
keypair bugfix 2021-10-29 13:32:38 +00:00			`if os.environ.get("FLASK_ENV") == "development":`
flask app refactoring 2021-10-12 16:24:51 +00:00			`canaille.configuration.setup_dev_keypair(app.config)`
better error messages 2021-10-11 23:06:25 +00:00
flask app refactoring 2021-10-12 16:24:51 +00:00			`canaille.configuration.validate(app.config)`
Client forms 2020-08-17 13:49:48 +00:00			`setup_app(app)`
Automatic keypair creation 2020-08-28 14:08:29 +00:00
Client forms 2020-08-17 13:49:48 +00:00			`return app`


Automatic LDAP tree creation 2020-09-03 15:28:52 +00:00			`def setup_ldap_tree(app):`
			`conn = ldap.initialize(app.config["LDAP"]["URI"])`
demo: can force either native or docker slapd 2021-08-31 13:47:06 +00:00			`if app.config["LDAP"].get("TIMEOUT"):`
			`conn.set_option(ldap.OPT_NETWORK_TIMEOUT, app.config["LDAP"]["TIMEOUT"])`
Automatic LDAP tree creation 2020-09-03 15:28:52 +00:00			`conn.simple_bind_s(app.config["LDAP"]["BIND_DN"], app.config["LDAP"]["BIND_PW"])`
			`Token.initialize(conn)`
			`AuthorizationCode.initialize(conn)`
			`Client.initialize(conn)`
Remember consents 2020-09-17 08:00:39 +00:00			`Consent.initialize(conn)`
Automatic LDAP tree creation 2020-09-03 15:28:52 +00:00			`conn.unbind_s()`


flask app refactoring 2021-10-12 16:24:51 +00:00			`def setup_ldap_connection(app):`
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00			`g.ldap = ldap.initialize(app.config["LDAP"]["URI"])`
fixed forgotten ldap connection timeout options 2021-10-13 14:04:08 +00:00			`if app.config["LDAP"].get("TIMEOUT"):`
			`g.ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, app.config["LDAP"]["TIMEOUT"])`
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00			`g.ldap.simple_bind_s(app.config["LDAP"]["BIND_DN"], app.config["LDAP"]["BIND_PW"])`


flask app refactoring 2021-10-12 16:24:51 +00:00			`def teardown_ldap_connection(app):`
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00			`if "ldap" in g:`
			`g.ldap.unbind_s()`


Client forms 2020-08-17 13:49:48 +00:00			`def setup_app(app):`
Sentry support 2020-09-01 15:27:56 +00:00			`if SENTRY and app.config.get("SENTRY_DSN"):`
			`sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])`

Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00			`try:`
Renamed LDAPObjectHelper into LDAPObject 2020-09-24 13:16:25 +00:00			`LDAPObject.root_dn = app.config["LDAP"]["ROOT_DN"]`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`user_base = app.config["LDAP"]["USER_BASE"]`
			`if user_base.endswith(app.config["LDAP"]["ROOT_DN"]):`
			`user_base = user_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1]`
			`User.base = user_base`
Hide group entry if there is no group available 2021-07-01 09:36:35 +00:00			`group_base = app.config["LDAP"].get("GROUP_BASE")`
Issue 12 groups 2021-06-03 13:00:11 +00:00			`Group.base = group_base`
Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00
			`app.url_map.strict_slashes = False`

			`config_oauth(app)`
			`setup_ldap_tree(app)`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`app.register_blueprint(canaille.account.bp)`
Show groups and enable group creation 2021-07-01 16:21:20 +00:00			`app.register_blueprint(canaille.groups.bp, url_prefix="/groups")`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`app.register_blueprint(canaille.oauth.bp, url_prefix="/oauth")`
			`app.register_blueprint(canaille.consents.bp, url_prefix="/consent")`
User model utility 2020-10-21 15:15:33 +00:00			`app.register_blueprint(canaille.well_known.bp, url_prefix="/.well-known")`
			`app.register_blueprint(canaille.admin.tokens.bp, url_prefix="/admin/token")`
Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00			`app.register_blueprint(`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`canaille.admin.authorizations.bp, url_prefix="/admin/authorization"`
Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00			`)`
User model utility 2020-10-21 15:15:33 +00:00			`app.register_blueprint(canaille.admin.clients.bp, url_prefix="/admin/client")`
HTML password recovery email. Fixes #14 2020-10-29 11:00:19 +00:00			`app.register_blueprint(canaille.admin.mail.bp, url_prefix="/admin/mail")`
tests workflow 2020-08-18 15:39:34 +00:00
Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00			`babel = Babel(app)`
Initialization improvement 2020-09-27 15:32:23 +00:00
			`@babel.localeselector`
			`def get_locale():`
			`user = getattr(g, "user", None)`
			`if user is not None:`
			`return user.locale`

			`if app.config.get("LANGUAGE"):`
			`return app.config.get("LANGUAGE")`

Better default locales 2020-10-20 15:28:06 +00:00			`return request.accept_languages.best_match(["fr_FR", "en_US"])`
Initialization improvement 2020-09-27 15:32:23 +00:00
			`@babel.timezoneselector`
			`def get_timezone():`
			`user = getattr(g, "user", None)`
			`if user is not None:`
			`return user.timezone`

			`@app.before_request`
			`def before_request():`
flask app refactoring 2021-10-12 16:24:51 +00:00			`setup_ldap_connection(app)`
Initialization improvement 2020-09-27 15:32:23 +00:00
			`@app.after_request`
			`def after_request(response):`
flask app refactoring 2021-10-12 16:24:51 +00:00			`teardown_ldap_connection(app)`
Initialization improvement 2020-09-27 15:32:23 +00:00			`return response`

default session is one year long 2021-07-01 09:04:57 +00:00			`@app.before_request`
			`def make_session_permanent():`
			`session.permanent = True`
			`app.permanent_session_lifetime = datetime.timedelta(days=365)`

Initialization improvement 2020-09-27 15:32:23 +00:00			`@app.context_processor`
			`def global_processor():`
			`return {`
			`"logo_url": app.config.get("LOGO"),`
Canaille logo. Fixes #29 2020-11-05 11:18:17 +00:00			`"favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),`
Initialization improvement 2020-09-27 15:32:23 +00:00			`"website_name": app.config.get("NAME"),`
			`"user": current_user(),`
			`"menu": True,`
			`}`

400 page 2020-10-26 18:09:38 +00:00			`@app.errorhandler(400)`
			`def bad_request(e):`
			`return render_template("error.html", error=400), 400`

Initialization improvement 2020-09-27 15:32:23 +00:00			`@app.errorhandler(403)`
			`def unauthorized(e):`
			`return render_template("error.html", error=403), 403`

			`@app.errorhandler(404)`
			`def page_not_found(e):`
			`return render_template("error.html", error=404), 404`

			`@app.errorhandler(500)`
			`def server_error(e):`
			`return render_template("error.html", error=500), 500`

Sentry captures alose initialization errors 2020-09-03 15:55:02 +00:00			`except Exception as exc:`
			`if SENTRY and app.config.get("SENTRY_DSN"):`
Fixed sentry configuration 2020-09-29 16:21:41 +00:00			`sentry_sdk.capture_exception(exc)`
			`raise`