canaille-globuzma/canaille/oidc/tokens.py

import datetime

from canaille.flaskutils import permissions_needed
from canaille.models import User
from canaille.oidc.models import Client
from canaille.oidc.models import Token
from flask import abort
from flask import Blueprint
from flask import flash
from flask import redirect
from flask import url_for
from flask_babel import gettext as _
from flask_themer import render_template


bp = Blueprint("tokens", __name__, url_prefix="/admin/token")


@bp.route("/")
@permissions_needed("manage_oidc")
def index(user):
    tokens = Token.all()
    items = (
        (token, Client.get(token.client), User.get(dn=token.subject))
        for token in tokens
    )
    return render_template("oidc/admin/token_list.html", items=items, menuitem="admin")


@bp.route("/<token_id>", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def view(user, token_id):
    token = Token.get(token_id=token_id)

    if not token:
        abort(404)

    token_client = Client.get(token.client)
    token_user = User.get(dn=token.subject)
    token_audience = [Client.get(aud) for aud in token.audience]
    return render_template(
        "oidc/admin/token_view.html",
        token=token,
        token_client=token_client,
        token_user=token_user,
        token_audience=token_audience,
        menuitem="admin",
    )


@bp.route("/<token_id>/revoke", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def revoke(user, token_id):
    token = Token.get(token_id=token_id)

    if not token:
        abort(404)

    token.revokation_date = datetime.datetime.now()
    token.save()
    flash(_("The token has successfully been revoked."), "success")

    return redirect(url_for("oidc.tokens.view", token_id=token_id))
Implements admin token deletion 2023-02-04 17:41:49 +00:00			`import datetime`

pre-commit tox test 2021-12-20 22:57:27 +00:00			`from canaille.flaskutils import permissions_needed`
improved token admin page template 2022-02-03 08:51:04 +00:00			`from canaille.models import User`
			`from canaille.oidc.models import Client`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import Token`
fix: handle token not found in token view 2022-03-03 09:05:14 +00:00			`from flask import abort`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00			`from flask import Blueprint`
Implements admin token deletion 2023-02-04 17:41:49 +00:00			`from flask import flash`
			`from flask import redirect`
			`from flask import url_for`
			`from flask_babel import gettext as _`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00			`from flask_themer import render_template`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00

split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("tokens", __name__, url_prefix="/admin/token")`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00

			`@bp.route("/")`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
add a 'all' utility class method to LDAPObject to retrieve all class instances 2022-03-10 17:09:59 +00:00			`tokens = Token.all()`
improved token admin page template, again 2022-02-03 09:04:14 +00:00			`items = (`
			`(token, Client.get(token.client), User.get(dn=token.subject))`
			`for token in tokens`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`)`
improved token admin page template, again 2022-02-03 09:04:14 +00:00			`return render_template("oidc/admin/token_list.html", items=items, menuitem="admin")`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00

			`@bp.route("/<token_id>", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def view(user, token_id):`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00			`token = Token.get(token_id=token_id)`

			`if not token:`
			`abort(404)`

improved token admin page template 2022-02-03 08:51:04 +00:00			`token_client = Client.get(token.client)`
			`token_user = User.get(dn=token.subject)`
			`token_audience = [Client.get(aud) for aud in token.audience]`
			`return render_template(`
			`"oidc/admin/token_view.html",`
			`token=token,`
			`token_client=token_client,`
			`token_user=token_user,`
			`token_audience=token_audience,`
			`menuitem="admin",`
			`)`
Implements admin token deletion 2023-02-04 17:41:49 +00:00

			`@bp.route("/<token_id>/revoke", methods=["GET", "POST"])`
			`@permissions_needed("manage_oidc")`
			`def revoke(user, token_id):`
			`token = Token.get(token_id=token_id)`

			`if not token:`
			`abort(404)`

			`token.revokation_date = datetime.datetime.now()`
			`token.save()`
			`flash(_("The token has successfully been revoked."), "success")`

			`return redirect(url_for("oidc.tokens.view", token_id=token_id))`