CAS: copy configuration from ScoDoc database at login/logout

This commit is contained in:
Emmanuel Viennet 2023-02-28 21:40:50 +01:00
parent 7fc3108886
commit 015867d726
5 changed files with 40 additions and 28 deletions

View File

@ -228,7 +228,9 @@ class ReverseProxied(object):
def create_app(config_class=DevConfig):
app = Flask(__name__, static_url_path="/ScoDoc/static", static_folder="static")
CAS(app, url_prefix="/cas")
from app.auth import cas
CAS(app, url_prefix="/cas", configuration_function=cas.set_cas_configuration)
app.wsgi_app = ReverseProxied(app.wsgi_app)
app.json_encoder = ScoDocJSONEncoder

View File

@ -42,7 +42,9 @@ def after_cas_login():
)
else:
current_app.logger.info(
f"""CAS login denied for {user.user_name if user else ""} cas_id={cas_id} (unknown or inactive)"""
f"""CAS login denied for {
user.user_name if user else ""
} cas_id={cas_id} (unknown or inactive)"""
)
else:
current_app.logger.info(
@ -75,6 +77,7 @@ def set_cas_configuration(app: flask.app.Flask = None):
"""
app = app or current_app
if ScoDocSiteConfig.is_cas_enabled():
current_app.logger.info("CAS: set_cas_configuration")
app.config["CAS_SERVER"] = ScoDocSiteConfig.get("cas_server")
app.config["CAS_AFTER_LOGIN"] = "auth.after_cas_login"
app.config["CAS_AFTER_LOGOUT"] = "auth.after_cas_logout"

View File

@ -17,6 +17,7 @@ from . import routing
from functools import wraps
class CAS(object):
"""
Required Configs:
@ -39,27 +40,28 @@ class CAS(object):
|CAS_AFTER_LOGOUT | None |
"""
def __init__(self, app=None, url_prefix=None):
def __init__(self, app=None, url_prefix=None, configuration_function=None):
self._app = app
if app is not None:
self.init_app(app, url_prefix)
self.init_app(app, url_prefix, configuration_function)
def init_app(self, app, url_prefix=None):
def init_app(self, app, url_prefix=None, configuration_function=None):
# Configuration defaults
app.config.setdefault('CAS_TOKEN_SESSION_KEY', '_CAS_TOKEN')
app.config.setdefault('CAS_USERNAME_SESSION_KEY', 'CAS_USERNAME')
app.config.setdefault('CAS_ATTRIBUTES_SESSION_KEY', 'CAS_ATTRIBUTES')
app.config.setdefault('CAS_LOGIN_ROUTE', '/cas')
app.config.setdefault('CAS_LOGOUT_ROUTE', '/cas/logout')
app.config.setdefault('CAS_VALIDATE_ROUTE', '/cas/serviceValidate')
app.config.setdefault("CAS_TOKEN_SESSION_KEY", "_CAS_TOKEN")
app.config.setdefault("CAS_USERNAME_SESSION_KEY", "CAS_USERNAME")
app.config.setdefault("CAS_ATTRIBUTES_SESSION_KEY", "CAS_ATTRIBUTES")
app.config.setdefault("CAS_LOGIN_ROUTE", "/cas")
app.config.setdefault("CAS_LOGOUT_ROUTE", "/cas/logout")
app.config.setdefault("CAS_VALIDATE_ROUTE", "/cas/serviceValidate")
app.config.setdefault("CAS_CONFIGURATION_FUNCTION", configuration_function)
# Requires CAS 2.0
app.config.setdefault('CAS_AFTER_LOGOUT', None)
app.config.setdefault("CAS_AFTER_LOGOUT", None)
# Register Blueprint
app.register_blueprint(routing.blueprint, url_prefix=url_prefix)
# Use the newstyle teardown_appcontext if it's available,
# otherwise fall back to the request context
if hasattr(app, 'teardown_appcontext'):
if hasattr(app, "teardown_appcontext"):
app.teardown_appcontext(self.teardown)
else:
app.teardown_request(self.teardown)
@ -73,34 +75,34 @@ class CAS(object):
@property
def username(self):
return flask.session.get(
self.app.config['CAS_USERNAME_SESSION_KEY'], None)
return flask.session.get(self.app.config["CAS_USERNAME_SESSION_KEY"], None)
@property
def attributes(self):
return flask.session.get(
self.app.config['CAS_ATTRIBUTES_SESSION_KEY'], None)
return flask.session.get(self.app.config["CAS_ATTRIBUTES_SESSION_KEY"], None)
@property
def token(self):
return flask.session.get(
self.app.config['CAS_TOKEN_SESSION_KEY'], None)
return flask.session.get(self.app.config["CAS_TOKEN_SESSION_KEY"], None)
def login():
return flask.redirect(flask.url_for('cas.login', _external=True))
return flask.redirect(flask.url_for("cas.login", _external=True))
def logout():
return flask.redirect(flask.url_for('cas.logout', _external=True))
return flask.redirect(flask.url_for("cas.logout", _external=True))
def login_required(function):
@wraps(function)
def wrap(*args, **kwargs):
if 'CAS_USERNAME' not in flask.session:
flask.session['CAS_AFTER_LOGIN_SESSION_URL'] = (
flask.request.script_root +
flask.request.full_path
if "CAS_USERNAME" not in flask.session:
flask.session["CAS_AFTER_LOGIN_SESSION_URL"] = (
flask.request.script_root + flask.request.full_path
)
return login()
else:
return function(*args, **kwargs)
return wrap

View File

@ -32,6 +32,9 @@ def login():
the user's attributes are saved under the key
'CAS_USERNAME_ATTRIBUTE_KEY'
"""
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
if conf_func: # call function setting app configuration
conf_func(current_app)
if not "CAS_SERVER" in current_app.config:
current_app.logger.info("cas_login: no configuration")
return "CAS configuration missing"
@ -72,7 +75,9 @@ def logout():
"""
When the user accesses this route they are logged out.
"""
conf_func = current_app.config.get("CAS_CONFIGURATION_FUNCTION")
if conf_func: # call function setting app configuration
conf_func(current_app)
cas_username_session_key = current_app.config["CAS_USERNAME_SESSION_KEY"]
cas_attributes_session_key = current_app.config["CAS_ATTRIBUTES_SESSION_KEY"]
cas_token_session_key = current_app.config["CAS_TOKEN_SESSION_KEY"]

View File

@ -1,7 +1,7 @@
# -*- mode: python -*-
# -*- coding: utf-8 -*-
SCOVERSION = "9.4.55"
SCOVERSION = "9.4.56"
SCONAME = "ScoDoc"