CAS: copy configuration from ScoDoc database at login/logout
This commit is contained in:
parent
7fc3108886
commit
015867d726
@ -228,7 +228,9 @@ class ReverseProxied(object):
|
|||||||
|
|
||||||
def create_app(config_class=DevConfig):
|
def create_app(config_class=DevConfig):
|
||||||
app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static")
|
app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static")
|
||||||
CAS(app, url_prefix="/cas")
|
from app.auth import cas
|
||||||
|
|
||||||
|
CAS(app, url_prefix="/cas", configuration_function=cas.set_cas_configuration)
|
||||||
app.wsgi_app = ReverseProxied(app.wsgi_app)
|
app.wsgi_app = ReverseProxied(app.wsgi_app)
|
||||||
app.json_encoder = ScoDocJSONEncoder
|
app.json_encoder = ScoDocJSONEncoder
|
||||||
|
|
||||||
|
@ -42,7 +42,9 @@ def after_cas_login():
|
|||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
current_app.logger.info(
|
current_app.logger.info(
|
||||||
f"""CAS login denied for {user.user_name if user else ""} cas_id={cas_id} (unknown or inactive)"""
|
f"""CAS login denied for {
|
||||||
|
user.user_name if user else ""
|
||||||
|
} cas_id={cas_id} (unknown or inactive)"""
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
current_app.logger.info(
|
current_app.logger.info(
|
||||||
@ -75,6 +77,7 @@ def set_cas_configuration(app: flask.app.Flask = None):
|
|||||||
"""
|
"""
|
||||||
app = app or current_app
|
app = app or current_app
|
||||||
if ScoDocSiteConfig.is_cas_enabled():
|
if ScoDocSiteConfig.is_cas_enabled():
|
||||||
|
current_app.logger.info("CAS: set_cas_configuration")
|
||||||
app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server")
|
app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server")
|
||||||
app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login"
|
app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login"
|
||||||
app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout"
|
app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout"
|
||||||
|
@ -17,6 +17,7 @@ from . import routing
|
|||||||
|
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
|
||||||
|
|
||||||
class CAS(object):
|
class CAS(object):
|
||||||
"""
|
"""
|
||||||
Required Configs:
|
Required Configs:
|
||||||
@ -39,27 +40,28 @@ class CAS(object):
|
|||||||
|CAS_AFTER_LOGOUT | None |
|
|CAS_AFTER_LOGOUT | None |
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, app=None, url_prefix=None):
|
def __init__(self, app=None, url_prefix=None, configuration_function=None):
|
||||||
self._app = app
|
self._app = app
|
||||||
if app is not None:
|
if app is not None:
|
||||||
self.init_app(app, url_prefix)
|
self.init_app(app, url_prefix, configuration_function)
|
||||||
|
|
||||||
def init_app(self, app, url_prefix=None):
|
def init_app(self, app, url_prefix=None, configuration_function=None):
|
||||||
# Configuration defaults
|
# Configuration defaults
|
||||||
app.config.setdefault('CAS_TOKEN_SESSION_KEY', '_CAS_TOKEN')
|
app.config.setdefault("CAS_TOKEN_SESSION_KEY", "_CAS_TOKEN")
|
||||||
app.config.setdefault('CAS_USERNAME_SESSION_KEY', 'CAS_USERNAME')
|
app.config.setdefault("CAS_USERNAME_SESSION_KEY", "CAS_USERNAME")
|
||||||
app.config.setdefault('CAS_ATTRIBUTES_SESSION_KEY', 'CAS_ATTRIBUTES')
|
app.config.setdefault("CAS_ATTRIBUTES_SESSION_KEY", "CAS_ATTRIBUTES")
|
||||||
app.config.setdefault('CAS_LOGIN_ROUTE', '/cas')
|
app.config.setdefault("CAS_LOGIN_ROUTE", "/cas")
|
||||||
app.config.setdefault('CAS_LOGOUT_ROUTE', '/cas/logout')
|
app.config.setdefault("CAS_LOGOUT_ROUTE", "/cas/logout")
|
||||||
app.config.setdefault('CAS_VALIDATE_ROUTE', '/cas/serviceValidate')
|
app.config.setdefault("CAS_VALIDATE_ROUTE", "/cas/serviceValidate")
|
||||||
|
app.config.setdefault("CAS_CONFIGURATION_FUNCTION", configuration_function)
|
||||||
# Requires CAS 2.0
|
# Requires CAS 2.0
|
||||||
app.config.setdefault('CAS_AFTER_LOGOUT', None)
|
app.config.setdefault("CAS_AFTER_LOGOUT", None)
|
||||||
# Register Blueprint
|
# Register Blueprint
|
||||||
app.register_blueprint(routing.blueprint, url_prefix=url_prefix)
|
app.register_blueprint(routing.blueprint, url_prefix=url_prefix)
|
||||||
|
|
||||||
# Use the newstyle teardown_appcontext if it's available,
|
# Use the newstyle teardown_appcontext if it's available,
|
||||||
# otherwise fall back to the request context
|
# otherwise fall back to the request context
|
||||||
if hasattr(app, 'teardown_appcontext'):
|
if hasattr(app, "teardown_appcontext"):
|
||||||
app.teardown_appcontext(self.teardown)
|
app.teardown_appcontext(self.teardown)
|
||||||
else:
|
else:
|
||||||
app.teardown_request(self.teardown)
|
app.teardown_request(self.teardown)
|
||||||
@ -73,34 +75,34 @@ class CAS(object):
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def username(self):
|
def username(self):
|
||||||
return flask.session.get(
|
return flask.session.get(self.app.config["CAS_USERNAME_SESSION_KEY"], None)
|
||||||
self.app.config['CAS_USERNAME_SESSION_KEY'], None)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def attributes(self):
|
def attributes(self):
|
||||||
return flask.session.get(
|
return flask.session.get(self.app.config["CAS_ATTRIBUTES_SESSION_KEY"], None)
|
||||||
self.app.config['CAS_ATTRIBUTES_SESSION_KEY'], None)
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def token(self):
|
def token(self):
|
||||||
return flask.session.get(
|
return flask.session.get(self.app.config["CAS_TOKEN_SESSION_KEY"], None)
|
||||||
self.app.config['CAS_TOKEN_SESSION_KEY'], None)
|
|
||||||
|
|
||||||
def login():
|
def login():
|
||||||
return flask.redirect(flask.url_for('cas.login', _external=True))
|
return flask.redirect(flask.url_for("cas.login", _external=True))
|
||||||
|
|
||||||
|
|
||||||
def logout():
|
def logout():
|
||||||
return flask.redirect(flask.url_for('cas.logout', _external=True))
|
return flask.redirect(flask.url_for("cas.logout", _external=True))
|
||||||
|
|
||||||
|
|
||||||
def login_required(function):
|
def login_required(function):
|
||||||
@wraps(function)
|
@wraps(function)
|
||||||
def wrap(*args, **kwargs):
|
def wrap(*args, **kwargs):
|
||||||
if 'CAS_USERNAME' not in flask.session:
|
if "CAS_USERNAME" not in flask.session:
|
||||||
flask.session['CAS_AFTER_LOGIN_SESSION_URL'] = (
|
flask.session["CAS_AFTER_LOGIN_SESSION_URL"] = (
|
||||||
flask.request.script_root +
|
flask.request.script_root + flask.request.full_path
|
||||||
flask.request.full_path
|
|
||||||
)
|
)
|
||||||
return login()
|
return login()
|
||||||
else:
|
else:
|
||||||
return function(*args, **kwargs)
|
return function(*args, **kwargs)
|
||||||
|
|
||||||
return wrap
|
return wrap
|
||||||
|
@ -32,6 +32,9 @@ def login():
|
|||||||
the user's attributes are saved under the key
|
the user's attributes are saved under the key
|
||||||
'CAS_USERNAME_ATTRIBUTE_KEY'
|
'CAS_USERNAME_ATTRIBUTE_KEY'
|
||||||
"""
|
"""
|
||||||
|
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
|
||||||
|
if conf_func: # call function setting app configuration
|
||||||
|
conf_func(current_app)
|
||||||
if not "CAS_SERVER" in current_app.config:
|
if not "CAS_SERVER" in current_app.config:
|
||||||
current_app.logger.info("cas_login: no configuration")
|
current_app.logger.info("cas_login: no configuration")
|
||||||
return "CAS configuration missing"
|
return "CAS configuration missing"
|
||||||
@ -72,7 +75,9 @@ def logout():
|
|||||||
"""
|
"""
|
||||||
When the user accesses this route they are logged out.
|
When the user accesses this route they are logged out.
|
||||||
"""
|
"""
|
||||||
|
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
|
||||||
|
if conf_func: # call function setting app configuration
|
||||||
|
conf_func(current_app)
|
||||||
cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"]
|
cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"]
|
||||||
cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"]
|
cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"]
|
||||||
cas_token_session_key = current_app.config["CAS_TOKEN_SESSION_KEY"]
|
cas_token_session_key = current_app.config["CAS_TOKEN_SESSION_KEY"]
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# -*- mode: python -*-
|
# -*- mode: python -*-
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
SCOVERSION = "9.4.55"
|
SCOVERSION = "9.4.56"
|
||||||
|
|
||||||
SCONAME = "ScoDoc"
|
SCONAME = "ScoDoc"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user