SSO support, add requirements.txt

2017-10-11 10:58:33 +02:00 · 2017-10-11 10:58:33 +02:00 · 145d13c2a7
parent 007b880dc5
commit 145d13c2a7
4 changed files with 30 additions and 46 deletions
--- a/at.py
+++ b/at.py
@ -9,12 +9,13 @@ import os
 import logging

 from flask import Flask, render_template, abort, g, \
-    redirect, session, request, flash, url_for, make_response
+    redirect, request, flash, url_for, make_response
 from datetime import datetime
 from time import sleep, time, mktime
 from collections import namedtuple
 from urllib import urlencode

+from spaceauth import SpaceAuth, login_required, current_user

 app = Flask('at')
 app.config.from_pyfile('at.cfg')
@ -22,6 +23,8 @@ app.jinja_env.add_extension('jinja2.ext.i18n')
 app.jinja_env.install_null_translations()
 app.updater = None

+auth = SpaceAuth(app)
+

 from functools import wraps

@ -281,43 +284,6 @@ restrict_to_hs = restrict_ip(prefix=app.config['CLAIMABLE_PREFIX'],
                             exclude=app.config['CLAIMABLE_EXCLUDE'])


-@app.route('/login', methods=['GET'])
-def login_form():
-    return render_template('login.html', **req_to_ctx())
-
-
-@app.route('/login', methods=['POST'])
-def login():
-    login = request.form.get('login', '').lower()
-    pwd = request.form.get('password', '')
-    goto = request.values.get('goto') or '/'
-    data = dict(login=login, password=pwd)
-    if requests.post('https://auth.hackerspace.pl', verify=False,
-                     data=data).status_code == 200:
-        session['login'] = login
-        return redirect(goto)
-    else:
-        flash('Username or password invalid', category='error')
-        return login_form()
-
-
-@app.route('/logout')
-def logout():
-    session.clear()
-    return redirect('/')
-
-
-def login_required(f):
-    @wraps(f)
-    def func(*a, **kw):
-        if 'login' not in session:
-            flash('You must log in to continue', category='error')
-            return redirect('/login?' +
-                            urlencode({'goto': request.path}))
-        return f(*a, **kw)
-    return func
-
-
@app.route('/claim', methods=['GET'])
@restrict_to_hs
@login_required
@ -335,7 +301,7 @@ def claim():
    if not hwaddr:
        ctx = dict(error='Invalid device.')
    else:
-        login = session['login']
+        login = current_user.id
        try:
            g.db.execute('''
 insert into devices (hwaddr, name, owner, ignored) values (?, ?, ?, ?)''',
@ -360,7 +326,7 @@ def get_user_devices(conn, user):
@app.route('/account', methods=['GET'])
@login_required
 def account():
-    devices = get_user_devices(g.db, session['login'])
+    devices = get_user_devices(g.db, current_user.id)
    return render_template('account.html', devices=devices)


@ -379,7 +345,7 @@ delete from devices where hwaddr = ? and owner = ?''',
@app.route('/devices/<id>/<action>/')
@login_required
 def device(id, action):
-    user = session['login']
+    user = current_user.id
    if action == 'hide':
        set_ignored(g.db, id, user, True)
    if action == 'show':
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,18 @@
+blinker==1.4
+certifi==2017.7.27.1
+chardet==3.0.4
+click==6.7
+Flask==0.12.2
+Flask-Login==0.4.0
+Flask-OAuthlib==0.9.4
+-e git+https://code.hackerspace.pl/informatic/flask-spaceauth@4dd1c63912297d499dcd5631879e45dc6aa1819d#egg=Flask_SpaceAuth
+idna==2.6
+itsdangerous==0.24
+Jinja2==2.9.6
+MarkupSafe==1.0
+oauthlib==2.0.4
+pkg-resources==0.0.0
+requests==2.18.4
+requests-oauthlib==0.8.0
+urllib3==1.22
+Werkzeug==0.12.2
--- a/templates/basic.html
+++ b/templates/basic.html
@ -9,12 +9,12 @@
  <body>
    {% block body %}
      <div class="login">
-      {% if session.login %}
-        logged in as {{ session.login }} | 
+      {% if current_user.is_authenticated %}
+        logged in as {{ current_user.id }} |
        <a href="account">account</a> | 
-        <a href="logout">log out</a>
+        <a href="{{ url_for('spaceauth.logout') }}">log out</a>
      {% else %}
-      <a href="login">login</a>
+        <a href="{{ url_for('spaceauth.login') }}">login</a>
      {% endif %}
      </div>
      {% block content %}
--- a/templates/claim.html
+++ b/templates/claim.html
@ -4,7 +4,7 @@
  {% if not hwaddr %}
    <p class="error">Unknown MAC. Are you sure you're in the hackerspace?</p>
  {% else %}
-  You are about to claim <strong>{{ hwaddr }}</strong> as <strong>{{ session.login }}</strong>. Do you wish to continue?
+  You are about to claim <strong>{{ hwaddr }}</strong> as <strong>{{ current_user.id }}</strong>. Do you wish to continue?
  <table>
    <form action="" method="post">
    <label><tr>