canaille-globuzma/canaille/oidc/endpoints/clients.py

import datetime

from flask import Blueprint
from flask import abort
from flask import current_app
from flask import flash
from flask import redirect
from flask import request
from flask import url_for
from werkzeug.security import gen_salt

from canaille.app import models
from canaille.app.flask import render_htmx_template
from canaille.app.flask import user_needed
from canaille.app.forms import TableForm
from canaille.app.i18n import gettext as _
from canaille.app.templating import render_template
from canaille.backends import Backend

from .forms import ClientAddForm

bp = Blueprint("clients", __name__, url_prefix="/admin/client")


@bp.route("/", methods=["GET", "POST"])
@user_needed("manage_oidc")
def index(user):
    table_form = TableForm(models.Client, formdata=request.form)
    if request.form and request.form.get("page") and not table_form.validate():
        abort(404)

    return render_htmx_template(
        "oidc/client_list.html", menuitem="admin", table_form=table_form
    )


@bp.route("/add", methods=["GET", "POST"])
@user_needed("manage_oidc")
def add(user):
    form = ClientAddForm(request.form or None)

    if not request.form or form.form_control():
        return render_template("oidc/client_add.html", form=form, menuitem="admin")

    if not form.validate():
        flash(
            _("The client has not been added. Please check your information."),
            "error",
        )
        return render_template("oidc/client_add.html", form=form, menuitem="admin")

    client_id = gen_salt(24)
    client_id_issued_at = datetime.datetime.now(datetime.timezone.utc)
    client = models.Client(
        client_id=client_id,
        client_id_issued_at=client_id_issued_at,
        client_name=form["client_name"].data,
        contacts=form["contacts"].data,
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=form["redirect_uris"].data,
        post_logout_redirect_uris=form["post_logout_redirect_uris"].data,
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        preconsent=form["preconsent"].data,
        client_secret=""
        if form["token_endpoint_auth_method"].data == "none"
        else gen_salt(48),
    )
    Backend.instance.save(client)
    client.audience = [client]
    Backend.instance.save(client)
    flash(
        _("The client has been created."),
        "success",
    )

    return redirect(url_for("oidc.clients.edit", client=client))


@bp.route("/edit/<client:client>", methods=["GET", "POST"])
@user_needed("manage_oidc")
def edit(user, client):
    if request.form.get("action") == "confirm-delete":
        return render_template("oidc/modals/delete-client.html", client=client)

    if request.form and request.form.get("action") == "delete":
        return client_delete(client)

    if request.form and request.form.get("action") == "new-token":
        return client_new_token(client)

    return client_edit(client)


def client_edit(client):
    data = {attribute: getattr(client, attribute) for attribute in client.attributes}
    if data["scope"]:
        data["scope"] = " ".join(data["scope"])
    data["preconsent"] = client.preconsent
    form = ClientAddForm(request.form or None, data=data, client=client)

    if not request.form or form.form_control():
        return render_template(
            "oidc/client_edit.html", form=form, client=client, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been edited. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/client_edit.html", form=form, client=client, menuitem="admin"
        )

    Backend.instance.update(
        client,
        client_name=form["client_name"].data,
        contacts=form["contacts"].data,
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=form["redirect_uris"].data,
        post_logout_redirect_uris=form["post_logout_redirect_uris"].data,
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        audience=form["audience"].data,
        preconsent=form["preconsent"].data,
    )
    Backend.instance.save(client)
    flash(
        _("The client has been edited."),
        "success",
    )
    return redirect(url_for("oidc.clients.edit", client=client))


def client_delete(client):
    flash(
        _("The client has been deleted."),
        "success",
    )
    Backend.instance.delete(client)
    return redirect(url_for("oidc.clients.index"))


def client_new_token(client):
    flash(
        _(f"A token have been created for the client {client.client_name}"),
        "success",
    )
    now = datetime.datetime.now(datetime.timezone.utc)
    token = models.Token(
        token_id=gen_salt(48),
        type="access_token",
        access_token=gen_salt(48),
        issue_date=now,
        lifetime=current_app.config["CANAILLE_OIDC"]["JWT"]["EXP"],
        scope=client.scope,
        client=client,
        audience=client.audience,
    )
    Backend.instance.save(token)
    return redirect(url_for("oidc.tokens.view", token=token))
Client forms 2020-08-17 13:49:48 +00:00			`import datetime`
pre-commit tox test 2021-12-20 22:57:27 +00:00
			`from flask import Blueprint`
chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from flask import abort`
feat: button to create a new client token 2024-12-06 19:21:14 +00:00			`from flask import current_app`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import flash`
			`from flask import redirect`
			`from flask import request`
			`from flask import url_for`
Client forms 2020-08-17 13:49:48 +00:00			`from werkzeug.security import gen_salt`

chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from canaille.app import models`
			`from canaille.app.flask import render_htmx_template`
adds password expiry policy with a new method on User class 2024-12-17 13:45:10 +00:00			`from canaille.app.flask import user_needed`
chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from canaille.app.forms import TableForm`
			`from canaille.app.i18n import gettext as _`
refactor: rename 'themes' module in 'templating' 2024-12-22 14:58:45 +00:00			`from canaille.app.templating import render_template`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`from canaille.backends import Backend`
refactor: gather endpoints in a 'endpoints' directory 2023-12-25 23:23:47 +00:00
chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from .forms import ClientAddForm`
Client forms 2020-08-17 13:49:48 +00:00
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("clients", __name__, url_prefix="/admin/client")`
Client forms 2020-08-17 13:49:48 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`@bp.route("/", methods=["GET", "POST"])`
adds password expiry policy with a new method on User class 2024-12-17 13:45:10 +00:00			`@user_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`table_form = TableForm(models.Client, formdata=request.form)`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`if request.form and request.form.get("page") and not table_form.validate():`
			`abort(404)`

Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`return render_htmx_template(`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`"oidc/client_list.html", menuitem="admin", table_form=table_form`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/add", methods=["GET", "POST"])`
adds password expiry policy with a new method on User class 2024-12-17 13:45:10 +00:00			`@user_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def add(user):`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`form = ClientAddForm(request.form or None)`
Client forms 2020-08-17 13:49:48 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if not request.form or form.form_control():`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`return render_template("oidc/client_add.html", form=form, menuitem="admin")`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has not been added. Please check your information."),`
			`"error",`
Client forms 2020-08-17 13:49:48 +00:00			`)`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`return render_template("oidc/client_add.html", form=form, menuitem="admin")`
Client forms 2020-08-17 13:49:48 +00:00
			`client_id = gen_salt(24)`
Properly handle LDAP date timezones 2023-03-17 23:38:56 +00:00			`client_id_issued_at = datetime.datetime.now(datetime.timezone.utc)`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=client_id,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=client_id_issued_at,`
			`client_name=form["client_name"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`contacts=form["contacts"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`redirect_uris=form["redirect_uris"].data,`
			`post_logout_redirect_uris=form["post_logout_redirect_uris"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=form["response_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri=form["jwks_uri"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`preconsent=form["preconsent"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_secret=""`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if form["token_endpoint_auth_method"].data == "none"`
Client forms 2020-08-17 13:49:48 +00:00			`else gen_salt(48),`
			`)`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.save(client)`
LDAPObject dn attributes are automatically initialized 2023-03-08 22:53:53 +00:00			`client.audience = [client]`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.save(client)`
Client forms 2020-08-17 13:49:48 +00:00			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been created."),`
			`"success",`
Client forms 2020-08-17 13:49:48 +00:00			`)`

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`return redirect(url_for("oidc.clients.edit", client=client))`
Client forms 2020-08-17 13:49:48 +00:00

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`@bp.route("/edit/<client:client>", methods=["GET", "POST"])`
adds password expiry policy with a new method on User class 2024-12-17 13:45:10 +00:00			`@user_needed("manage_oidc")`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`def edit(user, client):`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00			`if request.form.get("action") == "confirm-delete":`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`return render_template("oidc/modals/delete-client.html", client=client)`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if request.form and request.form.get("action") == "delete":`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`return client_delete(client)`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00
feat: button to create a new client token 2024-12-06 19:21:14 +00:00			`if request.form and request.form.get("action") == "new-token":`
			`return client_new_token(client)`

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`return client_edit(client)`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`def client_edit(client):`
Removed LDAPObject __getitem__ and __setitem__ methods 2023-05-11 21:08:39 +00:00			`data = {attribute: getattr(client, attribute) for attribute in client.attributes}`
refactor: remove an useless OIDC guard 2023-11-24 11:45:41 +00:00			`if data["scope"]:`
			`data["scope"] = " ".join(data["scope"])`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["preconsent"] = client.preconsent`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`form = ClientAddForm(request.form or None, data=data, client=client)`
Client forms 2020-08-17 13:49:48 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`if not request.form or form.form_control():`
Menu items activity 2020-10-21 10:14:35 +00:00			`return render_template(`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`"oidc/client_edit.html", form=form, client=client, menuitem="admin"`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("The client has not been edited. Please check your information."),`
Client forms 2020-08-17 13:49:48 +00:00			`"error",`
			`)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`return render_template(`
refactor: move templates in a common directory without this, theming was broken because it needs one single directory for templates. 2024-12-18 23:16:58 +00:00			`"oidc/client_edit.html", form=form, client=client, menuitem="admin"`
Client forms 2020-08-17 13:49:48 +00:00			`)`

refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.update(`
refactor: move BackendModel.update to Backend.update 2024-04-16 19:57:06 +00:00			`client,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client_name=form["client_name"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`contacts=form["contacts"].data,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`redirect_uris=form["redirect_uris"].data,`
			`post_logout_redirect_uris=form["post_logout_redirect_uris"].data,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`response_types=form["response_types"].data,`
			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
			`jwks_uri=form["jwks_uri"].data,`
refactor: form model attributes coercion 2023-11-22 10:30:30 +00:00			`audience=form["audience"].data,`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`preconsent=form["preconsent"].data,`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.save(client)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`flash(`
			`_("The client has been edited."),`
			`"success",`
			`)`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`return redirect(url_for("oidc.clients.edit", client=client))`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`def client_delete(client):`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been deleted."),`
			`"success",`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`)`
refactor: Rename BaseBackend in Backend 2024-04-16 20:42:29 +00:00			`Backend.instance.delete(client)`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.index"))`
feat: button to create a new client token 2024-12-06 19:21:14 +00:00

			`def client_new_token(client):`
			`flash(`
			`_(f"A token have been created for the client {client.client_name}"),`
			`"success",`
			`)`
			`now = datetime.datetime.now(datetime.timezone.utc)`
			`token = models.Token(`
			`token_id=gen_salt(48),`
			`type="access_token",`
			`access_token=gen_salt(48),`
			`issue_date=now,`
			`lifetime=current_app.config["CANAILLE_OIDC"]["JWT"]["EXP"],`
			`scope=client.scope,`
			`client=client,`
			`audience=client.audience,`
			`)`
			`Backend.instance.save(token)`
			`return redirect(url_for("oidc.tokens.view", token=token))`