Migrate to Flask-SpaceAuth
parent
c4d6f5c039
commit
09fd19fff7
|
|
@ -2,25 +2,36 @@ import flask
|
|||
|
||||
from bitvend.processor import PaymentProcessor
|
||||
from bitvend.mdb import BitvendCashlessMDBDevice
|
||||
from spaceauth import SpaceAuth
|
||||
|
||||
dev = BitvendCashlessMDBDevice()
|
||||
proc = PaymentProcessor(dev)
|
||||
spaceauth = SpaceAuth()
|
||||
|
||||
from bitvend.utils import to_local_currency, from_local_currency, format_btc, \
|
||||
sat_to_btc
|
||||
from bitvend.models import db, Transaction
|
||||
from bitvend.auth import login_manager
|
||||
from bitvend.models import db, Transaction, User
|
||||
|
||||
import bitvend.views
|
||||
import bitvend.admin
|
||||
|
||||
@spaceauth.user_loader
|
||||
def bitvend_user_loader(username, profile=None):
|
||||
u = User.find(username)
|
||||
|
||||
if not u:
|
||||
u = User(uid=username)
|
||||
db.session.add(u)
|
||||
db.session.commit()
|
||||
|
||||
return u
|
||||
|
||||
def create_app():
|
||||
app = flask.Flask(__name__)
|
||||
app.config.from_object('bitvend.default_settings')
|
||||
|
||||
db.init_app(app)
|
||||
login_manager.init_app(app)
|
||||
spaceauth.init_app(app)
|
||||
dev.init_app(app)
|
||||
proc.init_app(app)
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ from flask_login import current_user, fresh_login_required
|
|||
|
||||
from bitvend.models import db, Transaction
|
||||
from bitvend.forms import ManualForm
|
||||
from bitvend.auth import cap_required
|
||||
from spaceauth import cap_required
|
||||
|
||||
|
||||
admin_required = cap_required('staff')
|
||||
|
|
|
|||
|
|
@ -1,87 +0,0 @@
|
|||
import requests
|
||||
import functools
|
||||
import time
|
||||
from flask import session, flash, redirect, request, current_app, abort
|
||||
from flask_login import login_user, LoginManager, logout_user, current_user
|
||||
from flask_login.signals import user_logged_out
|
||||
from bitvend.models import User, db
|
||||
from sqlalchemy import func
|
||||
|
||||
|
||||
login_manager = LoginManager()
|
||||
login_manager.refresh_view = "bitvend.login"
|
||||
login_manager.needs_refresh_message = (
|
||||
u"To protect your account, please reauthenticate to access this page."
|
||||
)
|
||||
login_manager.needs_refresh_message_category = "info"
|
||||
|
||||
@login_manager.user_loader
|
||||
def load_user(user_id):
|
||||
return User.find(user_id)
|
||||
|
||||
def try_login(username, password):
|
||||
resp = requests.post('https://auth.hackerspace.pl/', data={
|
||||
'login': username,
|
||||
'password': password
|
||||
})
|
||||
|
||||
if resp.status_code == 200:
|
||||
u = User.find(username)
|
||||
|
||||
if not u:
|
||||
u = User(uid=username)
|
||||
db.session.add(u)
|
||||
db.session.commit()
|
||||
|
||||
login_user(u, remember=True)
|
||||
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
|
||||
def cap_check(capability, user=None):
|
||||
if not current_user.is_authenticated:
|
||||
return False
|
||||
|
||||
user = user or current_user.get_id()
|
||||
|
||||
cache_key = '{}-{}'.format(user, capability)
|
||||
cached_cap = session.get('_caps', {}).get(cache_key, (False, 0))
|
||||
|
||||
if cached_cap[1] > time.time():
|
||||
return cached_cap[0]
|
||||
|
||||
allowed = requests.get(
|
||||
'https://capacifier.hackerspace.pl/%s/%s' % (capability, user)
|
||||
).status_code == 200
|
||||
|
||||
if '_caps' not in session:
|
||||
session['_caps'] = {}
|
||||
|
||||
session['_caps'][cache_key] = \
|
||||
(allowed, time.time() + current_app.config.get('CAP_TTL', 3600))
|
||||
|
||||
return allowed
|
||||
|
||||
|
||||
@user_logged_out.connect
|
||||
def caps_cleanup(app, user):
|
||||
# Cleanup caps cache
|
||||
if '_caps' in session:
|
||||
session.pop('_caps')
|
||||
|
||||
|
||||
def cap_required(capability):
|
||||
'''Checks if user has desired capacifier capability'''
|
||||
|
||||
def inner(func):
|
||||
@functools.wraps(func)
|
||||
def wrapped(*args, **kwargs):
|
||||
if not cap_check(capability):
|
||||
abort(403)
|
||||
|
||||
return func(*args, **kwargs)
|
||||
|
||||
return wrapped
|
||||
return inner
|
||||
|
|
@ -52,9 +52,9 @@
|
|||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
{% if current_user.is_authenticated %}
|
||||
<a href="{{ url_for('bitvend.logout') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Logout</small></a>
|
||||
<a href="{{ url_for('spaceauth.logout') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Logout</small></a>
|
||||
{% else %}
|
||||
<a href="{{ url_for('bitvend.login') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Login</small></a>
|
||||
<a href="{{ url_for('spaceauth.login') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Login</small></a>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="navbar-collapse collapse" id="navbar-main">
|
||||
|
|
@ -65,14 +65,14 @@
|
|||
|
||||
{% if current_user.is_authenticated %}
|
||||
<ul class="nav navbar-right navbar-nav">
|
||||
<li><a href="{{ url_for('bitvend.logout') }}">Logout</a>
|
||||
<li><a href="{{ url_for('spaceauth.logout') }}">Logout</a>
|
||||
</ul>
|
||||
<p class="navbar-text navbar-right">
|
||||
<small>Logged in as:</small> <b>{{ current_user }}</b>
|
||||
</p>
|
||||
{% else %}
|
||||
<ul class="nav navbar-right navbar-nav">
|
||||
<li><a href="{{ url_for('bitvend.login') }}">Login</a></li>
|
||||
<li><a href="{{ url_for('spaceauth.login') }}">Login</a></li>
|
||||
</ul>
|
||||
{% endif %}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
from flask import Blueprint, render_template, redirect, request, flash, \
|
||||
url_for, jsonify
|
||||
from flask import current_app as app
|
||||
from flask_login import login_required, current_user, logout_user
|
||||
import six
|
||||
|
||||
import qrcode
|
||||
|
|
@ -9,10 +8,10 @@ import qrcode.image.svg
|
|||
|
||||
from bitvend import dev, proc
|
||||
from bitvend.models import db, User, Transaction, NoFunds
|
||||
from bitvend.auth import try_login, cap_required
|
||||
from bitvend.forms import TransferForm
|
||||
from bitvend.graphs import gen_main_graph
|
||||
|
||||
from spaceauth import login_required, current_user, cap_required
|
||||
|
||||
bp = Blueprint('bitvend', __name__, template_folder='templates')
|
||||
|
||||
|
|
@ -72,29 +71,6 @@ def transfer():
|
|||
|
||||
return redirect(url_for('.index'))
|
||||
|
||||
@bp.route('/login')
|
||||
def login():
|
||||
return render_template('login.html', next=request.args.get('next'))
|
||||
|
||||
@bp.route('/login', methods=['POST'])
|
||||
def login_submit():
|
||||
if try_login(request.form.get('username'), request.form.get('password')):
|
||||
flash('Login successful', 'success')
|
||||
|
||||
if request.form.get('next'):
|
||||
return redirect(request.form.get('next'))
|
||||
|
||||
return redirect('/')
|
||||
|
||||
flash('Login failed', 'danger')
|
||||
return redirect(url_for('.login'))
|
||||
|
||||
@bp.route('/logout')
|
||||
@login_required
|
||||
def logout():
|
||||
logout_user()
|
||||
return redirect(url_for('.index'))
|
||||
|
||||
@bp.route('/log')
|
||||
@login_required
|
||||
@cap_required('staff')
|
||||
|
|
|
|||
|
|
@ -18,3 +18,4 @@ websocket-client==0.40.0
|
|||
Werkzeug==0.11.15
|
||||
WTForms==2.1
|
||||
blinker>=1.3
|
||||
-e git+https://code.hackerspace.pl/informatic/flask-spaceauth#egg=Flask-SpaceAuth
|
||||
|
|
|
|||
Loading…
Reference in New Issue