CAS: copy configuration from ScoDoc database at login/logout

This commit is contained in:
Emmanuel Viennet 2023-02-28 21:40:50 +01:00
parent 7fc3108886
commit 015867d726
5 changed files with 40 additions and 28 deletions

View File

@ -228,7 +228,9 @@ class ReverseProxied(object):
def create_app(config_class=DevConfig): def create_app(config_class=DevConfig):
app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static") app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static")
CAS(app, url_prefix="/cas") from app.auth import cas
CAS(app, url_prefix="/cas", configuration_function=cas.set_cas_configuration)
app.wsgi_app = ReverseProxied(app.wsgi_app) app.wsgi_app = ReverseProxied(app.wsgi_app)
app.json_encoder = ScoDocJSONEncoder app.json_encoder = ScoDocJSONEncoder

View File

@ -42,7 +42,9 @@ def after_cas_login():
) )
else: else:
current_app.logger.info( current_app.logger.info(
f"""CAS login denied for {user.user_name if user else ""} cas_id={cas_id} (unknown or inactive)""" f"""CAS login denied for {
user.user_name if user else ""
} cas_id={cas_id} (unknown or inactive)"""
) )
else: else:
current_app.logger.info( current_app.logger.info(
@ -75,6 +77,7 @@ def set_cas_configuration(app: flask.app.Flask = None):
""" """
app = app or current_app app = app or current_app
if ScoDocSiteConfig.is_cas_enabled(): if ScoDocSiteConfig.is_cas_enabled():
current_app.logger.info("CAS: set_cas_configuration")
app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server") app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server")
app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login" app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login"
app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout" app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout"

View File

@ -17,6 +17,7 @@ from . import routing
from functools import wraps from functools import wraps
class CAS(object): class CAS(object):
""" """
Required Configs: Required Configs:
@ -39,27 +40,28 @@ class CAS(object):
|CAS_AFTER_LOGOUT | None | |CAS_AFTER_LOGOUT | None |
""" """
def __init__(self, app=None, url_prefix=None): def __init__(self, app=None, url_prefix=None, configuration_function=None):
self._app = app self._app = app
if app is not None: if app is not None:
self.init_app(app, url_prefix) self.init_app(app, url_prefix, configuration_function)
def init_app(self, app, url_prefix=None): def init_app(self, app, url_prefix=None, configuration_function=None):
# Configuration defaults # Configuration defaults
app.config.setdefault('CAS_TOKEN_SESSION_KEY', '_CAS_TOKEN') app.config.setdefault("CAS_TOKEN_SESSION_KEY", "_CAS_TOKEN")
app.config.setdefault('CAS_USERNAME_SESSION_KEY', 'CAS_USERNAME') app.config.setdefault("CAS_USERNAME_SESSION_KEY", "CAS_USERNAME")
app.config.setdefault('CAS_ATTRIBUTES_SESSION_KEY', 'CAS_ATTRIBUTES') app.config.setdefault("CAS_ATTRIBUTES_SESSION_KEY", "CAS_ATTRIBUTES")
app.config.setdefault('CAS_LOGIN_ROUTE', '/cas') app.config.setdefault("CAS_LOGIN_ROUTE", "/cas")
app.config.setdefault('CAS_LOGOUT_ROUTE', '/cas/logout') app.config.setdefault("CAS_LOGOUT_ROUTE", "/cas/logout")
app.config.setdefault('CAS_VALIDATE_ROUTE', '/cas/serviceValidate') app.config.setdefault("CAS_VALIDATE_ROUTE", "/cas/serviceValidate")
app.config.setdefault("CAS_CONFIGURATION_FUNCTION", configuration_function)
# Requires CAS 2.0 # Requires CAS 2.0
app.config.setdefault('CAS_AFTER_LOGOUT', None) app.config.setdefault("CAS_AFTER_LOGOUT", None)
# Register Blueprint # Register Blueprint
app.register_blueprint(routing.blueprint, url_prefix=url_prefix) app.register_blueprint(routing.blueprint, url_prefix=url_prefix)
# Use the newstyle teardown_appcontext if it's available, # Use the newstyle teardown_appcontext if it's available,
# otherwise fall back to the request context # otherwise fall back to the request context
if hasattr(app, 'teardown_appcontext'): if hasattr(app, "teardown_appcontext"):
app.teardown_appcontext(self.teardown) app.teardown_appcontext(self.teardown)
else: else:
app.teardown_request(self.teardown) app.teardown_request(self.teardown)
@ -73,34 +75,34 @@ class CAS(object):
@property @property
def username(self): def username(self):
return flask.session.get( return flask.session.get(self.app.config["CAS_USERNAME_SESSION_KEY"], None)
self.app.config['CAS_USERNAME_SESSION_KEY'], None)
@property @property
def attributes(self): def attributes(self):
return flask.session.get( return flask.session.get(self.app.config["CAS_ATTRIBUTES_SESSION_KEY"], None)
self.app.config['CAS_ATTRIBUTES_SESSION_KEY'], None)
@property @property
def token(self): def token(self):
return flask.session.get( return flask.session.get(self.app.config["CAS_TOKEN_SESSION_KEY"], None)
self.app.config['CAS_TOKEN_SESSION_KEY'], None)
def login(): def login():
return flask.redirect(flask.url_for('cas.login', _external=True)) return flask.redirect(flask.url_for("cas.login", _external=True))
def logout(): def logout():
return flask.redirect(flask.url_for('cas.logout', _external=True)) return flask.redirect(flask.url_for("cas.logout", _external=True))
def login_required(function): def login_required(function):
@wraps(function) @wraps(function)
def wrap(*args, **kwargs): def wrap(*args, **kwargs):
if 'CAS_USERNAME' not in flask.session: if "CAS_USERNAME" not in flask.session:
flask.session['CAS_AFTER_LOGIN_SESSION_URL'] = ( flask.session["CAS_AFTER_LOGIN_SESSION_URL"] = (
flask.request.script_root + flask.request.script_root + flask.request.full_path
flask.request.full_path
) )
return login() return login()
else: else:
return function(*args, **kwargs) return function(*args, **kwargs)
return wrap return wrap

View File

@ -32,6 +32,9 @@ def login():
the user's attributes are saved under the key the user's attributes are saved under the key
'CAS_USERNAME_ATTRIBUTE_KEY' 'CAS_USERNAME_ATTRIBUTE_KEY'
""" """
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
if conf_func: # call function setting app configuration
conf_func(current_app)
if not "CAS_SERVER" in current_app.config: if not "CAS_SERVER" in current_app.config:
current_app.logger.info("cas_login: no configuration") current_app.logger.info("cas_login: no configuration")
return "CAS configuration missing" return "CAS configuration missing"
@ -72,7 +75,9 @@ def logout():
""" """
When the user accesses this route they are logged out. When the user accesses this route they are logged out.
""" """
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
if conf_func: # call function setting app configuration
conf_func(current_app)
cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"] cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"]
cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"] cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"]
cas_token_session_key = current_app.config["CAS_TOKEN_SESSION_KEY"] cas_token_session_key = current_app.config["CAS_TOKEN_SESSION_KEY"]

View File

@ -1,7 +1,7 @@
# -*- mode: python -*- # -*- mode: python -*-
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
SCOVERSION = "9.4.55" SCOVERSION = "9.4.56"
SCONAME = "ScoDoc" SCONAME = "ScoDoc"