2020-08-17 13:49:48 +00:00
|
|
|
import datetime
|
|
|
|
|
import wtforms
|
2020-11-23 16:32:40 +00:00
|
|
|
from flask import Blueprint, render_template, request, flash, redirect, url_for, abort
|
2020-08-17 13:49:48 +00:00
|
|
|
from flask_wtf import FlaskForm
|
2020-10-28 14:49:14 +00:00
|
|
|
from flask_babel import lazy_gettext as _
|
2020-08-17 13:49:48 +00:00
|
|
|
from werkzeug.security import gen_salt
|
2020-10-21 12:04:40 +00:00
|
|
|
from canaille.models import Client
|
|
|
|
|
from canaille.flaskutils import admin_needed
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
|
2021-05-24 15:43:15 +00:00
|
|
|
bp = Blueprint("admin_clients", __name__)
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/")
|
2020-08-19 14:20:57 +00:00
|
|
|
@admin_needed()
|
2020-10-29 10:09:31 +00:00
|
|
|
def index(user):
|
2020-08-17 13:49:48 +00:00
|
|
|
clients = Client.filter()
|
2020-10-21 10:14:35 +00:00
|
|
|
return render_template("admin/client_list.html", clients=clients, menuitem="admin")
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
|
2021-10-13 09:52:02 +00:00
|
|
|
def client_audiences():
|
|
|
|
|
return [
|
|
|
|
|
(client.dn, client.oauthClientName) for client in Client.filter()
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
2020-08-17 13:49:48 +00:00
|
|
|
class ClientAdd(FlaskForm):
|
2020-08-26 13:37:15 +00:00
|
|
|
oauthClientName = wtforms.StringField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Name"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
|
|
|
|
render_kw={"placeholder": "Client Name"},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthClientContact = wtforms.EmailField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Contact"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "admin@mydomain.tld"},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthClientURI = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("URI"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
|
|
|
|
render_kw={"placeholder": "https://mydomain.tld"},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthRedirectURIs = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Redirect URIs"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
|
|
|
|
render_kw={"placeholder": "https://mydomain.tld/callback"},
|
|
|
|
|
)
|
|
|
|
|
oauthGrantType = wtforms.SelectMultipleField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Grant types"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
|
|
|
|
choices=[
|
|
|
|
|
("password", "password"),
|
|
|
|
|
("authorization_code", "authorization_code"),
|
2020-08-20 12:30:42 +00:00
|
|
|
("implicit", "implicit"),
|
|
|
|
|
("hybrid", "hybrid"),
|
2020-08-24 08:52:21 +00:00
|
|
|
("refresh_token", "refresh_token"),
|
2020-08-17 13:49:48 +00:00
|
|
|
],
|
2020-08-24 08:52:21 +00:00
|
|
|
default=["authorization_code", "refresh_token"],
|
2020-08-17 13:49:48 +00:00
|
|
|
)
|
2020-08-26 13:37:15 +00:00
|
|
|
oauthScope = wtforms.StringField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Scope"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
2020-09-23 15:15:25 +00:00
|
|
|
default="openid profile email",
|
2020-08-17 13:49:48 +00:00
|
|
|
render_kw={"placeholder": "openid profile"},
|
|
|
|
|
)
|
|
|
|
|
oauthResponseType = wtforms.SelectMultipleField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Response types"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
2020-08-20 12:30:42 +00:00
|
|
|
choices=[("code", "code"), ("token", "token"), ("id_token", "id_token")],
|
2020-08-17 13:49:48 +00:00
|
|
|
default=["code"],
|
|
|
|
|
)
|
|
|
|
|
oauthTokenEndpointAuthMethod = wtforms.SelectField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Token Endpoint Auth Method"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.DataRequired()],
|
|
|
|
|
choices=[
|
|
|
|
|
("client_secret_basic", "client_secret_basic"),
|
|
|
|
|
("client_secret_post", "client_secret_post"),
|
|
|
|
|
("none", "none"),
|
|
|
|
|
],
|
|
|
|
|
default="client_secret_basic",
|
|
|
|
|
)
|
2021-10-13 09:52:02 +00:00
|
|
|
oauthAudience = wtforms.SelectMultipleField(
|
|
|
|
|
_("Token audiences"),
|
|
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
choices=client_audiences,
|
|
|
|
|
validate_choice=False,
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthLogoURI = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Logo URI"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "https://mydomain.tld/logo.png"},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthTermsOfServiceURI = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Terms of service URI"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "https://mydomain.tld/tos.html"},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthPolicyURI = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Policy URI"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "https://mydomain.tld/policy.html"},
|
|
|
|
|
)
|
2020-08-26 13:37:15 +00:00
|
|
|
oauthSoftwareID = wtforms.StringField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Software ID"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "xyz"},
|
|
|
|
|
)
|
2020-08-26 13:37:15 +00:00
|
|
|
oauthSoftwareVersion = wtforms.StringField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("Software Version"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": "1.0"},
|
|
|
|
|
)
|
2020-08-26 13:37:15 +00:00
|
|
|
oauthJWK = wtforms.StringField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("JWK"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": ""},
|
|
|
|
|
)
|
2020-11-23 15:42:31 +00:00
|
|
|
oauthJWKURI = wtforms.URLField(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("JKW URI"),
|
2020-08-17 13:49:48 +00:00
|
|
|
validators=[wtforms.validators.Optional()],
|
|
|
|
|
render_kw={"placeholder": ""},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/add", methods=["GET", "POST"])
|
2020-08-19 14:20:57 +00:00
|
|
|
@admin_needed()
|
2020-10-29 10:09:31 +00:00
|
|
|
def add(user):
|
2020-08-17 13:49:48 +00:00
|
|
|
form = ClientAdd(request.form or None)
|
|
|
|
|
|
|
|
|
|
if not request.form:
|
2020-10-21 10:14:35 +00:00
|
|
|
return render_template("admin/client_add.html", form=form, menuitem="admin")
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
if not form.validate():
|
|
|
|
|
flash(
|
2021-10-13 09:52:02 +00:00
|
|
|
_("The client has not been added. Please check your information."),
|
|
|
|
|
"error",
|
2020-08-17 13:49:48 +00:00
|
|
|
)
|
2020-10-21 10:14:35 +00:00
|
|
|
return render_template("admin/client_add.html", form=form, menuitem="admin")
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
client_id = gen_salt(24)
|
|
|
|
|
client_id_issued_at = datetime.datetime.now().strftime("%Y%m%d%H%M%SZ")
|
|
|
|
|
client = Client(
|
|
|
|
|
oauthClientID=client_id,
|
|
|
|
|
oauthIssueDate=client_id_issued_at,
|
|
|
|
|
oauthClientName=form["oauthClientName"].data,
|
|
|
|
|
oauthClientContact=form["oauthClientContact"].data,
|
|
|
|
|
oauthClientURI=form["oauthClientURI"].data,
|
|
|
|
|
oauthGrantType=form["oauthGrantType"].data,
|
2020-08-17 15:49:49 +00:00
|
|
|
oauthRedirectURIs=[form["oauthRedirectURIs"].data],
|
2020-08-17 13:49:48 +00:00
|
|
|
oauthResponseType=form["oauthResponseType"].data,
|
|
|
|
|
oauthScope=form["oauthScope"].data.split(" "),
|
|
|
|
|
oauthTokenEndpointAuthMethod=form["oauthTokenEndpointAuthMethod"].data,
|
|
|
|
|
oauthLogoURI=form["oauthLogoURI"].data,
|
|
|
|
|
oauthTermsOfServiceURI=form["oauthTermsOfServiceURI"].data,
|
|
|
|
|
oauthPolicyURI=form["oauthPolicyURI"].data,
|
|
|
|
|
oauthSoftwareID=form["oauthSoftwareID"].data,
|
|
|
|
|
oauthSoftwareVersion=form["oauthSoftwareVersion"].data,
|
|
|
|
|
oauthJWK=form["oauthJWK"].data,
|
|
|
|
|
oauthJWKURI=form["oauthJWKURI"].data,
|
|
|
|
|
oauthClientSecret=""
|
|
|
|
|
if form["oauthTokenEndpointAuthMethod"].data == "none"
|
|
|
|
|
else gen_salt(48),
|
|
|
|
|
)
|
2021-10-13 09:52:02 +00:00
|
|
|
client.oauthAudience = [client.dn]
|
2020-08-17 13:49:48 +00:00
|
|
|
client.save()
|
|
|
|
|
flash(
|
2021-10-13 09:52:02 +00:00
|
|
|
_("The client has been created."),
|
|
|
|
|
"success",
|
2020-08-17 13:49:48 +00:00
|
|
|
)
|
|
|
|
|
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("admin_clients.edit", client_id=client_id))
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/edit/<client_id>", methods=["GET", "POST"])
|
2020-08-19 14:20:57 +00:00
|
|
|
@admin_needed()
|
2020-10-29 10:09:31 +00:00
|
|
|
def edit(user, client_id):
|
2020-11-23 16:32:40 +00:00
|
|
|
if request.method == "GET" or request.form.get("action") == "edit":
|
|
|
|
|
return client_edit(client_id)
|
|
|
|
|
|
|
|
|
|
if request.form.get("action") == "delete":
|
|
|
|
|
return client_delete(client_id)
|
|
|
|
|
|
|
|
|
|
abort(400)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def client_edit(client_id):
|
2020-08-17 13:49:48 +00:00
|
|
|
client = Client.get(client_id)
|
|
|
|
|
data = dict(client)
|
|
|
|
|
data["oauthScope"] = " ".join(data["oauthScope"])
|
2020-08-17 15:49:49 +00:00
|
|
|
data["oauthRedirectURIs"] = data["oauthRedirectURIs"][0]
|
2020-08-17 13:49:48 +00:00
|
|
|
form = ClientAdd(request.form or None, data=data, client=client)
|
|
|
|
|
|
|
|
|
|
if not request.form:
|
2020-10-21 10:14:35 +00:00
|
|
|
return render_template(
|
|
|
|
|
"admin/client_edit.html", form=form, client=client, menuitem="admin"
|
|
|
|
|
)
|
2020-08-17 13:49:48 +00:00
|
|
|
|
|
|
|
|
if not form.validate():
|
|
|
|
|
flash(
|
2020-10-28 14:49:14 +00:00
|
|
|
_("The client has not been edited. Please check your information."),
|
2020-08-17 13:49:48 +00:00
|
|
|
"error",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
client.update(
|
|
|
|
|
oauthClientName=form["oauthClientName"].data,
|
|
|
|
|
oauthClientContact=form["oauthClientContact"].data,
|
|
|
|
|
oauthClientURI=form["oauthClientURI"].data,
|
|
|
|
|
oauthGrantType=form["oauthGrantType"].data,
|
2020-08-17 15:49:49 +00:00
|
|
|
oauthRedirectURIs=[form["oauthRedirectURIs"].data],
|
2020-08-17 13:49:48 +00:00
|
|
|
oauthResponseType=form["oauthResponseType"].data,
|
|
|
|
|
oauthScope=form["oauthScope"].data.split(" "),
|
|
|
|
|
oauthTokenEndpointAuthMethod=form["oauthTokenEndpointAuthMethod"].data,
|
|
|
|
|
oauthLogoURI=form["oauthLogoURI"].data,
|
|
|
|
|
oauthTermsOfServiceURI=form["oauthTermsOfServiceURI"].data,
|
|
|
|
|
oauthPolicyURI=form["oauthPolicyURI"].data,
|
|
|
|
|
oauthSoftwareID=form["oauthSoftwareID"].data,
|
|
|
|
|
oauthSoftwareVersion=form["oauthSoftwareVersion"].data,
|
|
|
|
|
oauthJWK=form["oauthJWK"].data,
|
|
|
|
|
oauthJWKURI=form["oauthJWKURI"].data,
|
2021-10-13 09:52:02 +00:00
|
|
|
oauthAudience=form["oauthAudience"].data,
|
2020-08-17 13:49:48 +00:00
|
|
|
)
|
|
|
|
|
client.save()
|
|
|
|
|
flash(
|
2021-10-13 09:52:02 +00:00
|
|
|
_("The client has been edited."),
|
|
|
|
|
"success",
|
2020-08-17 13:49:48 +00:00
|
|
|
)
|
|
|
|
|
|
2020-10-21 10:14:35 +00:00
|
|
|
return render_template(
|
|
|
|
|
"admin/client_edit.html", form=form, client=client, menuitem="admin"
|
|
|
|
|
)
|
2020-11-23 16:32:40 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def client_delete(client_id):
|
|
|
|
|
client = Client.get(client_id) or abort(404)
|
|
|
|
|
flash(
|
2021-10-13 09:52:02 +00:00
|
|
|
_("The client has been deleted."),
|
|
|
|
|
"success",
|
2020-11-23 16:32:40 +00:00
|
|
|
)
|
|
|
|
|
client.delete()
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("admin_clients.index"))
|
