canaille-globuzma/website/routes.py

import datetime
from flask import Blueprint, request, session
from flask import render_template, redirect, jsonify
from werkzeug.security import gen_salt
from authlib.oauth2 import OAuth2Error
from .models import User, Client
from .oauth2 import authorization, require_oauth


bp = Blueprint(__name__, "home")


def current_user():
    if "user_dn" in session:
        return User.get(session["user_dn"])
    return None


@bp.route("/", methods=("GET", "POST"))
def home():
    if request.method == "POST":
        username = request.form.get("username")
        user = User.get(username)

        if not user:
            user = User(cn=username, sn=username)
            user.save()

        session["user_dn"] = user.dn
        return redirect("/")

    user = current_user()
    if user:
        clients = Client.filter()
    else:
        clients = []

    return render_template("home.html", user=user, clients=clients)


def split_by_crlf(s):
    return [v for v in s.splitlines() if v]


@bp.route("/create_client", methods=("GET", "POST"))
def create_client():
    user = current_user()
    if not user:
        return redirect("/")

    if request.method == "GET":
        return render_template("create_client.html")

    form = request.form
    client_id = gen_salt(24)
    client_id_issued_at = datetime.datetime.now().strftime("%Y%m%d%H%M%SZ")
    client = Client(
        oauthClientID=client_id,
        oauthIssueDate=client_id_issued_at,
        oauthClientName=form["client_name"],
        oauthClientURI=form["client_uri"],
        oauthGrantType=split_by_crlf(form["grant_type"]),
        oauthRedirectURI=split_by_crlf(form["redirect_uri"]),
        oauthResponseType=split_by_crlf(form["response_type"]),
        oauthScope=form["scope"],
        oauthTokenEndpointAuthMethod=form["token_endpoint_auth_method"],
        oauthClientSecret=""
        if form["token_endpoint_auth_method"] == "none"
        else gen_salt(48),
    )
    client.save()
    return redirect("/")


@bp.route("/oauth/authorize", methods=["GET", "POST"])
def authorize():
    user = current_user()
    if request.method == "GET":
        try:
            grant = authorization.validate_consent_request(end_user=user)
        except OAuth2Error as error:
            return jsonify(dict(error.get_body()))
        return render_template("authorize.html", user=user, grant=grant)

    if not user and "username" in request.form:
        username = request.form.get("username")
        user = User.get(username)

    if request.form["confirm"]:
        grant_user = user
    else:
        grant_user = None

    return authorization.create_authorization_response(grant_user=grant_user)


@bp.route("/logout")
def logout():
    del session["user_dn"]
    return redirect("/")


@bp.route("/oauth/token", methods=["POST"])
def issue_token():
    return authorization.create_token_response()


@bp.route("/api/me")
@require_oauth("profile")
def api_me():
    return jsonify(foo="bar")
draft 2020-08-14 11:18:08 +00:00			`import datetime`
wip 2020-08-14 13:26:14 +00:00			`from flask import Blueprint, request, session`
draft 2020-08-14 11:18:08 +00:00			`from flask import render_template, redirect, jsonify`
			`from werkzeug.security import gen_salt`
			`from authlib.oauth2 import OAuth2Error`
			`from .models import User, Client`
			`from .oauth2 import authorization, require_oauth`


Fixed password flow 2020-08-16 17:39:14 +00:00			`bp = Blueprint(__name__, "home")`
draft 2020-08-14 11:18:08 +00:00

			`def current_user():`
Fixed password flow 2020-08-16 17:39:14 +00:00			`if "user_dn" in session:`
wip 2020-08-14 13:26:14 +00:00			`return User.get(session["user_dn"])`
draft 2020-08-14 11:18:08 +00:00			`return None`


Fixed password flow 2020-08-16 17:39:14 +00:00			`@bp.route("/", methods=("GET", "POST"))`
draft 2020-08-14 11:18:08 +00:00			`def home():`
Fixed password flow 2020-08-16 17:39:14 +00:00			`if request.method == "POST":`
			`username = request.form.get("username")`
wip 2020-08-14 13:26:14 +00:00			`user = User.get(username)`

draft 2020-08-14 11:18:08 +00:00			`if not user:`
			`user = User(cn=username, sn=username)`
			`user.save()`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
draft 2020-08-14 11:18:08 +00:00			`session["user_dn"] = user.dn`
Fixed password flow 2020-08-16 17:39:14 +00:00			`return redirect("/")`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
draft 2020-08-14 11:18:08 +00:00			`user = current_user()`
wip 2020-08-14 13:26:14 +00:00			`if user:`
			`clients = Client.filter()`
			`else:`
			`clients = []`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
Fixed password flow 2020-08-16 17:39:14 +00:00			`return render_template("home.html", user=user, clients=clients)`
draft 2020-08-14 11:18:08 +00:00

wip 2020-08-14 13:26:14 +00:00			`def split_by_crlf(s):`
			`return [v for v in s.splitlines() if v]`
draft 2020-08-14 11:18:08 +00:00

Fixed password flow 2020-08-16 17:39:14 +00:00			`@bp.route("/create_client", methods=("GET", "POST"))`
draft 2020-08-14 11:18:08 +00:00			`def create_client():`
			`user = current_user()`
			`if not user:`
Fixed password flow 2020-08-16 17:39:14 +00:00			`return redirect("/")`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
Fixed password flow 2020-08-16 17:39:14 +00:00			`if request.method == "GET":`
			`return render_template("create_client.html")`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
draft 2020-08-14 11:18:08 +00:00			`form = request.form`
			`client_id = gen_salt(24)`
			`client_id_issued_at = datetime.datetime.now().strftime("%Y%m%d%H%M%SZ")`
			`client = Client(`
			`oauthClientID=client_id,`
wip 2020-08-14 13:26:14 +00:00			`oauthIssueDate=client_id_issued_at,`
draft 2020-08-14 11:18:08 +00:00			`oauthClientName=form["client_name"],`
			`oauthClientURI=form["client_uri"],`
			`oauthGrantType=split_by_crlf(form["grant_type"]),`
			`oauthRedirectURI=split_by_crlf(form["redirect_uri"]),`
			`oauthResponseType=split_by_crlf(form["response_type"]),`
wip 2020-08-14 13:26:14 +00:00			`oauthScope=form["scope"],`
			`oauthTokenEndpointAuthMethod=form["token_endpoint_auth_method"],`
Fixed password flow 2020-08-16 17:39:14 +00:00			`oauthClientSecret=""`
			`if form["token_endpoint_auth_method"] == "none"`
			`else gen_salt(48),`
draft 2020-08-14 11:18:08 +00:00			`)`
			`client.save()`
Fixed password flow 2020-08-16 17:39:14 +00:00			`return redirect("/")`
draft 2020-08-14 11:18:08 +00:00

Fixed password flow 2020-08-16 17:39:14 +00:00			`@bp.route("/oauth/authorize", methods=["GET", "POST"])`
draft 2020-08-14 11:18:08 +00:00			`def authorize():`
			`user = current_user()`
Fixed password flow 2020-08-16 17:39:14 +00:00			`if request.method == "GET":`
draft 2020-08-14 11:18:08 +00:00			`try:`
			`grant = authorization.validate_consent_request(end_user=user)`
			`except OAuth2Error as error:`
wip 2020-08-14 13:26:14 +00:00			`return jsonify(dict(error.get_body()))`
Fixed password flow 2020-08-16 17:39:14 +00:00			`return render_template("authorize.html", user=user, grant=grant)`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
Fixed password flow 2020-08-16 17:39:14 +00:00			`if not user and "username" in request.form:`
			`username = request.form.get("username")`
wip 2020-08-14 13:26:14 +00:00			`user = User.get(username)`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
Fixed password flow 2020-08-16 17:39:14 +00:00			`if request.form["confirm"]:`
draft 2020-08-14 11:18:08 +00:00			`grant_user = user`
			`else:`
			`grant_user = None`
LDAPHelper shortcut 2020-08-17 07:45:35 +00:00
draft 2020-08-14 11:18:08 +00:00			`return authorization.create_authorization_response(grant_user=grant_user)`

Fixed password flow 2020-08-16 17:39:14 +00:00
			`@bp.route("/logout")`
wip 2020-08-14 13:26:14 +00:00			`def logout():`
Fixed password flow 2020-08-16 17:39:14 +00:00			`del session["user_dn"]`
			`return redirect("/")`

draft 2020-08-14 11:18:08 +00:00
Fixed password flow 2020-08-16 17:39:14 +00:00			`@bp.route("/oauth/token", methods=["POST"])`
draft 2020-08-14 11:18:08 +00:00			`def issue_token():`
			`return authorization.create_token_response()`


Fixed password flow 2020-08-16 17:39:14 +00:00			`@bp.route("/api/me")`
			`@require_oauth("profile")`
draft 2020-08-14 11:18:08 +00:00			`def api_me():`
wip 2020-08-14 13:26:14 +00:00			`return jsonify(foo="bar")`