canaille-globuzma/canaille/oidc/clients.py

import datetime

from canaille.flaskutils import permissions_needed
from canaille.flaskutils import render_htmx_template
from canaille.forms import TableForm
from canaille.oidc.forms import ClientAdd
from canaille.oidc.models import Client
from flask import abort
from flask import Blueprint
from flask import flash
from flask import redirect
from flask import request
from flask import url_for
from flask_babel import gettext as _
from flask_themer import render_template
from werkzeug.security import gen_salt


bp = Blueprint("clients", __name__, url_prefix="/admin/client")


@bp.route("/", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def index(user):
    table_form = TableForm(Client, formdata=request.form)
    if request.form and request.form.get("page") and not table_form.validate():
        abort(404)

    return render_htmx_template(
        "oidc/admin/client_list.html", menuitem="admin", table_form=table_form
    )


@bp.route("/add", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def add(user):
    form = ClientAdd(request.form or None)

    if not request.form:
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been added. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    client_id = gen_salt(24)
    client_id_issued_at = datetime.datetime.now()
    client = Client(
        client_id=client_id,
        client_id_issued_at=client_id_issued_at,
        client_name=form["client_name"].data,
        contacts=[form["contacts"].data],
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=[form["redirect_uris"].data],
        post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        preconsent=form["preconsent"].data,
        client_secret=""
        if form["token_endpoint_auth_method"].data == "none"
        else gen_salt(48),
    )
    client.audience = [client]
    client.save()
    flash(
        _("The client has been created."),
        "success",
    )

    return redirect(url_for("oidc.clients.edit", client_id=client_id))


@bp.route("/edit/<client_id>", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def edit(user, client_id):
    if request.method == "GET" or request.form.get("action") == "edit":
        return client_edit(client_id)

    if request.form.get("action") == "delete":
        return client_delete(client_id)

    abort(400)


def client_edit(client_id):
    client = Client.get(client_id)

    if not client:
        abort(404)

    data = dict(client)
    data["scope"] = " ".join(data["scope"])
    data["redirect_uris"] = data["redirect_uris"][0] if data["redirect_uris"] else ""
    data["contacts"] = data["contacts"][0] if data["contacts"] else ""
    data["post_logout_redirect_uris"] = (
        data["post_logout_redirect_uris"][0]
        if data["post_logout_redirect_uris"]
        else ""
    )
    data["preconsent"] = client.preconsent
    form = ClientAdd(request.form or None, data=data, client=client)

    if not request.form:
        return render_template(
            "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been edited. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
        )

    client.update(
        client_name=form["client_name"].data,
        contacts=[form["contacts"].data],
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=[form["redirect_uris"].data],
        post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        audience=[Client.get(dn=dn) for dn in form["audience"].data],
        preconsent=form["preconsent"].data,
    )
    client.save()
    flash(
        _("The client has been edited."),
        "success",
    )
    return redirect(url_for("oidc.clients.edit", client_id=client_id))


def client_delete(client_id):
    client = Client.get(client_id)

    if not client:
        abort(404)

    flash(
        _("The client has been deleted."),
        "success",
    )
    client.delete()
    return redirect(url_for("oidc.clients.index"))
Client forms 2020-08-17 13:49:48 +00:00			`import datetime`
pre-commit tox test 2021-12-20 22:57:27 +00:00
			`from canaille.flaskutils import permissions_needed`
Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`from canaille.flaskutils import render_htmx_template`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`from canaille.forms import TableForm`
fix post requests in oidc clients views flash and lazygettext were causing an unexpected bug on post (not get) requests 2022-12-15 17:00:45 +00:00			`from canaille.oidc.forms import ClientAdd`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import Client`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import abort`
			`from flask import Blueprint`
			`from flask import flash`
			`from flask import redirect`
			`from flask import request`
			`from flask import url_for`
fix post requests in oidc clients views flash and lazygettext were causing an unexpected bug on post (not get) requests 2022-12-15 17:00:45 +00:00			`from flask_babel import gettext as _`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00			`from flask_themer import render_template`
Client forms 2020-08-17 13:49:48 +00:00			`from werkzeug.security import gen_salt`


split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("clients", __name__, url_prefix="/admin/client")`
Client forms 2020-08-17 13:49:48 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`@bp.route("/", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`table_form = TableForm(Client, formdata=request.form)`
			`if request.form and request.form.get("page") and not table_form.validate():`
			`abort(404)`

Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`return render_htmx_template(`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`"oidc/admin/client_list.html", menuitem="admin", table_form=table_form`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/add", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def add(user):`
Client forms 2020-08-17 13:49:48 +00:00			`form = ClientAdd(request.form or None)`

			`if not request.form:`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has not been added. Please check your information."),`
			`"error",`
Client forms 2020-08-17 13:49:48 +00:00			`)`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`client_id = gen_salt(24)`
python to ldap two-ways serialization 2021-12-08 14:53:20 +00:00			`client_id_issued_at = datetime.datetime.now()`
Client forms 2020-08-17 13:49:48 +00:00			`client = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=client_id,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=client_id_issued_at,`
			`client_name=form["client_name"].data,`
			`contacts=[form["contacts"].data],`
			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris=[form["redirect_uris"].data],`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=form["response_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri=form["jwks_uri"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`preconsent=form["preconsent"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_secret=""`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if form["token_endpoint_auth_method"].data == "none"`
Client forms 2020-08-17 13:49:48 +00:00			`else gen_salt(48),`
			`)`
LDAPObject dn attributes are automatically initialized 2023-03-08 22:53:53 +00:00			`client.audience = [client]`
Client forms 2020-08-17 13:49:48 +00:00			`client.save()`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been created."),`
			`"success",`
Client forms 2020-08-17 13:49:48 +00:00			`)`

split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.edit", client_id=client_id))`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/edit/<client_id>", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def edit(user, client_id):`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`if request.method == "GET" or request.form.get("action") == "edit":`
			`return client_edit(client_id)`

			`if request.form.get("action") == "delete":`
			`return client_delete(client_id)`

			`abort(400)`


			`def client_edit(client_id):`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00			`client = Client.get(client_id)`

			`if not client:`
			`abort(404)`

Client forms 2020-08-17 13:49:48 +00:00			`data = dict(client)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["scope"] = " ".join(data["scope"])`
unit tests: client admin deletion 2022-12-13 18:14:25 +00:00			`data["redirect_uris"] = data["redirect_uris"][0] if data["redirect_uris"] else ""`
			`data["contacts"] = data["contacts"][0] if data["contacts"] else ""`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`data["post_logout_redirect_uris"] = (`
			`data["post_logout_redirect_uris"][0]`
			`if data["post_logout_redirect_uris"]`
			`else ""`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["preconsent"] = client.preconsent`
Client forms 2020-08-17 13:49:48 +00:00			`form = ClientAdd(request.form or None, data=data, client=client)`

			`if not request.form:`
Menu items activity 2020-10-21 10:14:35 +00:00			`return render_template(`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("The client has not been edited. Please check your information."),`
Client forms 2020-08-17 13:49:48 +00:00			`"error",`
			`)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`return render_template(`
			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Client forms 2020-08-17 13:49:48 +00:00			`)`

client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client.update(`
			`client_name=form["client_name"].data,`
			`contacts=[form["contacts"].data],`
			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
			`redirect_uris=[form["redirect_uris"].data],`
			`post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],`
			`response_types=form["response_types"].data,`
			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
			`jwks_uri=form["jwks_uri"].data,`
LDAPObject dn attributes are automatically initialized 2023-03-08 22:53:53 +00:00			`audience=[Client.get(dn=dn) for dn in form["audience"].data],`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`preconsent=form["preconsent"].data,`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
client admin: redirect after form submission to avoid double submissions 2022-11-16 16:50:38 +00:00			`client.save()`
			`flash(`
			`_("The client has been edited."),`
			`"success",`
			`)`
			`return redirect(url_for("oidc.clients.edit", client_id=client_id))`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

			`def client_delete(client_id):`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00			`client = Client.get(client_id)`

			`if not client:`
			`abort(404)`

Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been deleted."),`
			`"success",`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`)`
			`client.delete()`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.index"))`