k-space/inventory-app
13
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Activity

login: quick refactor

Browse Source
This commit is contained in:
rasmus
2025-06-02 17:38:54 +03:00
parent f523a56500
commit cb35fa4526
4 changed files with 3 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
inventory-app/oidc.py
View File

@@ -16,7 +16,6 @@ def login_required(_f=None, *, groups=[]):
def login_required_inner(f): def login_required_inner(f):
@wraps(f) @wraps(f)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
print(groups)
user = read_user() user = read_user()
if not user: if not user:
return do_login() return do_login()
@@ -31,9 +30,7 @@ def login_required(_f=None, *, groups=[]):
return login_required_inner(_f) return login_required_inner(_f)
def do_login(): def do_login():
print("doing login redirect")
if request and request.full_path: if request and request.full_path:
print("storing url: " + request.full_path)
session["original_url"] = request.full_path session["original_url"] = request.full_path
url = add_url_params(metadata["authorization_endpoint"], { url = add_url_params(metadata["authorization_endpoint"], {
"client_id": os.getenv("OIDC_CLIENT_ID"), "client_id": os.getenv("OIDC_CLIENT_ID"),
@@ -50,9 +47,8 @@ def add_url_params(url, params):
@page_oidc.route('/login-callback') @page_oidc.route('/login-callback')
def login_callback(): def login_callback():
code = request.args.get('code')
r = requests.post(metadata["token_endpoint"], { r = requests.post(metadata["token_endpoint"], {
"code": code, "code": request.args.get('code'),
"grant_type": "authorization_code", "grant_type": "authorization_code",
"redirect_uri": url_for("oidc.login_callback", _external=True, _scheme='https'), "redirect_uri": url_for("oidc.login_callback", _external=True, _scheme='https'),
"client_id": os.getenv("OIDC_CLIENT_ID"), "client_id": os.getenv("OIDC_CLIENT_ID"),
@@ -62,10 +58,10 @@ def login_callback():
return "failed to fetch tokens", 500 return "failed to fetch tokens", 500
if not validate_id_token(r["id_token"]) or not read_user(r["access_token"]): if not validate_id_token(r["id_token"]) or not read_user(r["access_token"]):
return "tokens validation failed", 500 return "tokens validation failed", 500
print("authenticated")
session["id_token"] = r["id_token"] session["id_token"] = r["id_token"]
session["access_token"] = r["access_token"] session["access_token"] = r["access_token"]
print("stored url was: " + session.get("original_url")) print("authenticated, stored url was: " + session.get("original_url"))
return redirect(session.pop("original_url", "/")) return redirect(session.pop("original_url", "/"))
@page_oidc.route("/logout") @page_oidc.route("/logout")

30
inventory-app/templates/login.html
View File

@@ -1,30 +0,0 @@
{% extends 'base.html' %}
{% block content %}
<div class="container">
<div class="row">
<div class="col s6">
{% if not devenv %}
<p>If you have active AD account click <a href="/login/authelia">here</a> to login</p>
{% else %}
<p>Click <a href="/dev_login">here</a> to login as dev user</p>
{% endif %}
</div>
<div class="col s6">
<p>Request a login link to your email address</p>
<form action="/login/address" method="post">
{{ form.csrf_token }}
<p>{{ form.email.label }}</p>
<p>{{ form.email }}</p>
<p>{{ form.recaptcha }}</p>
<button class="waves-effect waves-light btn" type="submit">Request login link</button>
</form>
</div>
</div>
</div>
{% endblock %}

12
inventory-app/templates/login_error.html
View File

@@ -1,12 +0,0 @@
{% extends 'base.html' %}
{% block content %}
<div class="container">
<p>
Your membership is not active or is suspended, please reach out to <a href="mailto:info@k-space.ee">info@k-space.ee</a> for more info
</p>
</div>
{% endblock %}

10
inventory-app/templates/login_link_request.html
View File

@@ -1,10 +0,0 @@
{% extends 'base.html' %}
{% block content %}
<div class="container">
<p>If the address is known a login link should have been sent.</p>
</div>
{% endblock %}