canaille-globuzma/canaille/oidc/clients.py

import datetime

from canaille.app import models
from canaille.app.flask import permissions_needed
from canaille.app.flask import render_htmx_template
from canaille.app.forms import TableForm
from canaille.oidc.forms import ClientAddForm
from flask import abort
from flask import Blueprint
from flask import flash
from flask import redirect
from flask import request
from flask import url_for
from flask_babel import gettext as _
from flask_themer import render_template
from werkzeug.security import gen_salt


bp = Blueprint("clients", __name__, url_prefix="/admin/client")


@bp.route("/", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def index(user):
    table_form = TableForm(models.Client, formdata=request.form)
    if request.form and request.form.get("page") and not table_form.validate():
        abort(404)

    return render_htmx_template(
        "oidc/admin/client_list.html", menuitem="admin", table_form=table_form
    )


@bp.route("/add", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def add(user):
    form = ClientAddForm(request.form or None)

    if not request.form or form.form_control():
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been added. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    client_id = gen_salt(24)
    client_id_issued_at = datetime.datetime.now(datetime.timezone.utc)
    client = models.Client(
        client_id=client_id,
        client_id_issued_at=client_id_issued_at,
        client_name=form["client_name"].data,
        contacts=form["contacts"].data,
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=form["redirect_uris"].data,
        post_logout_redirect_uris=form["post_logout_redirect_uris"].data,
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        preconsent=form["preconsent"].data,
        client_secret=""
        if form["token_endpoint_auth_method"].data == "none"
        else gen_salt(48),
    )
    client.audience = [client]
    client.save()
    flash(
        _("The client has been created."),
        "success",
    )

    return redirect(url_for("oidc.clients.edit", client_id=client_id))


@bp.route("/edit/<client_id>", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def edit(user, client_id):
    if request.form and request.form.get("action") == "delete":
        return client_delete(client_id)
    return client_edit(client_id)


def client_edit(client_id):
    client = models.Client.get(client_id=client_id)

    if not client:
        abort(404)

    data = {attribute: getattr(client, attribute) for attribute in client.attributes}
    data["scope"] = " ".join(data["scope"])
    data["preconsent"] = client.preconsent
    form = ClientAddForm(request.form or None, data=data, client=client)

    if not request.form or form.form_control():
        return render_template(
            "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been edited. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
        )

    client.update(
        client_name=form["client_name"].data,
        contacts=form["contacts"].data,
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=form["redirect_uris"].data,
        post_logout_redirect_uris=form["post_logout_redirect_uris"].data,
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        audience=[models.Client.get(id=id) for id in form["audience"].data],
        preconsent=form["preconsent"].data,
    )
    client.save()
    flash(
        _("The client has been edited."),
        "success",
    )
    return redirect(url_for("oidc.clients.edit", client_id=client_id))


def client_delete(client_id):
    client = models.Client.get(client_id=client_id)

    if not client:
        abort(404)

    flash(
        _("The client has been deleted."),
        "success",
    )
    client.delete()
    return redirect(url_for("oidc.clients.index"))
Client forms 2020-08-17 13:49:48 +00:00			`import datetime`
pre-commit tox test 2021-12-20 22:57:27 +00:00
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`from canaille.app import models`
'app' submodule 2023-04-09 13:52:55 +00:00			`from canaille.app.flask import permissions_needed`
			`from canaille.app.flask import render_htmx_template`
			`from canaille.app.forms import TableForm`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`from canaille.oidc.forms import ClientAddForm`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import abort`
			`from flask import Blueprint`
			`from flask import flash`
			`from flask import redirect`
			`from flask import request`
			`from flask import url_for`
fix post requests in oidc clients views flash and lazygettext were causing an unexpected bug on post (not get) requests 2022-12-15 17:00:45 +00:00			`from flask_babel import gettext as _`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00			`from flask_themer import render_template`
Client forms 2020-08-17 13:49:48 +00:00			`from werkzeug.security import gen_salt`


split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("clients", __name__, url_prefix="/admin/client")`
Client forms 2020-08-17 13:49:48 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`@bp.route("/", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`table_form = TableForm(models.Client, formdata=request.form)`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`if request.form and request.form.get("page") and not table_form.validate():`
			`abort(404)`

Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`return render_htmx_template(`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`"oidc/admin/client_list.html", menuitem="admin", table_form=table_form`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/add", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def add(user):`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`form = ClientAddForm(request.form or None)`
Client forms 2020-08-17 13:49:48 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if not request.form or form.form_control():`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has not been added. Please check your information."),`
			`"error",`
Client forms 2020-08-17 13:49:48 +00:00			`)`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`client_id = gen_salt(24)`
Properly handle LDAP date timezones 2023-03-17 23:38:56 +00:00			`client_id_issued_at = datetime.datetime.now(datetime.timezone.utc)`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=client_id,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=client_id_issued_at,`
			`client_name=form["client_name"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`contacts=form["contacts"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`redirect_uris=form["redirect_uris"].data,`
			`post_logout_redirect_uris=form["post_logout_redirect_uris"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=form["response_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri=form["jwks_uri"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`preconsent=form["preconsent"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_secret=""`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if form["token_endpoint_auth_method"].data == "none"`
Client forms 2020-08-17 13:49:48 +00:00			`else gen_salt(48),`
			`)`
LDAPObject dn attributes are automatically initialized 2023-03-08 22:53:53 +00:00			`client.audience = [client]`
Client forms 2020-08-17 13:49:48 +00:00			`client.save()`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been created."),`
			`"success",`
Client forms 2020-08-17 13:49:48 +00:00			`)`

split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.edit", client_id=client_id))`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/edit/<client_id>", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def edit(user, client_id):`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if request.form and request.form.get("action") == "delete":`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`return client_delete(client_id)`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`return client_edit(client_id)`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

			`def client_edit(client_id):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client.get(client_id=client_id)`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00
			`if not client:`
			`abort(404)`

Removed LDAPObject __getitem__ and __setitem__ methods 2023-05-11 21:08:39 +00:00			`data = {attribute: getattr(client, attribute) for attribute in client.attributes}`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["scope"] = " ".join(data["scope"])`
			`data["preconsent"] = client.preconsent`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`form = ClientAddForm(request.form or None, data=data, client=client)`
Client forms 2020-08-17 13:49:48 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if not request.form or form.form_control():`
Menu items activity 2020-10-21 10:14:35 +00:00			`return render_template(`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("The client has not been edited. Please check your information."),`
Client forms 2020-08-17 13:49:48 +00:00			`"error",`
			`)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`return render_template(`
			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Client forms 2020-08-17 13:49:48 +00:00			`)`

client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client.update(`
			`client_name=form["client_name"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`contacts=form["contacts"].data,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`redirect_uris=form["redirect_uris"].data,`
			`post_logout_redirect_uris=form["post_logout_redirect_uris"].data,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`response_types=form["response_types"].data,`
			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
			`jwks_uri=form["jwks_uri"].data,`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`audience=[models.Client.get(id=id) for id in form["audience"].data],`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`preconsent=form["preconsent"].data,`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client.save()`
			`flash(`
			`_("The client has been edited."),`
			`"success",`
			`)`
			`return redirect(url_for("oidc.clients.edit", client_id=client_id))`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

			`def client_delete(client_id):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client.get(client_id=client_id)`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00
			`if not client:`
			`abort(404)`

Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been deleted."),`
			`"success",`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`)`
			`client.delete()`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.index"))`