Fix authentication on Keycloak

app/__init__.py

@@ -2,6 +2,7 @@ from flask import Flask, render_template, g
 from werkzeug.exceptions import HTTPException
 
 from flask_mobility import Mobility
+from flask_session import Session
 
 from . import filters
 from .lib import OIDCAuthentication
@@ -10,6 +11,8 @@ import os
 mobility = Mobility()
 
 auth = OIDCAuthentication()
+# SESSION_TYPE = 'filesystem'
+sess = Session()
 
 
 def create_app(environment='development'):
@@ -50,6 +53,8 @@ def create_app(environment='development'):
     app.logger.info("jinja2 custom filters loaded")
     filters.init_app(app)
 
+    sess.init_app(app)
+
     # Error handlers.
     @app.errorhandler(HTTPException)
     def handle_http_error(exc):

app/lib.py

@@ -5,7 +5,7 @@ from flask import request, abort, current_app
 from flask import session as flask_session, jsonify
 from flask_pyoidc import OIDCAuthentication as _OIDCAuth
 from flask_pyoidc.user_session import UserSession
-from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
+from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata, ProviderMetadata
 
 from typing import Callable, List
 
@@ -51,35 +51,33 @@ class OIDCAuthentication(_OIDCAuth):
         super().init_app(app)
         app.auth = self
 
+    @property
+    def userinfo(self) -> dict:
+        return flask_session.get('userinfo', {})
+
     @property
     def username(self) -> str:
-        userinfo = flask_session['userinfo']
-        return userinfo['email'].split('@')[0]
+        return self.userinfo.get('preferred_username', 'unknown')
 
     @property
     def email(self) -> str:
-        userinfo = flask_session['userinfo']
-        return userinfo['email']
+        return self.userinfo.get('email', 'unknown')
 
     @property
     def login_name(self) -> str:
-        userinfo = flask_session['userinfo']
-        return userinfo.get('preferred_username', self.username)
+        return self.userinfo.get('preferred_username', self.username)
 
     @property
     def full_name(self) -> str:
-        userinfo = flask_session['userinfo']
-        return userinfo.get('name')
+        return self.userinfo.get('name', self.username)
 
     @property
     def groups(self) -> list:
-        userinfo = flask_session['userinfo']
-        return userinfo.get('groups') or []
+        return self.userinfo.get('groups', [])
 
     @property
     def isAdmin(self) -> bool:
-        userinfo = flask_session['userinfo']
-        user_groups = userinfo.get('groups', [])
+        user_groups = self.userinfo.get('groups', [])
         with current_app.app_context():
             admin_groups = current_app.config.get('ADMIN_GROUPS', [])
             admin_users = current_app.config.get('ADMIN_USERS', [])

app/views/main.py

@@ -6,8 +6,6 @@ from flask import render_template, Blueprint
 from flask import redirect, session, url_for
 from app import auth
 
-# from ..lib import username
-
 from flask import jsonify, make_response
 from flask_pyoidc.user_session import UserSession
 
@@ -47,6 +45,8 @@ def index():
 @main_blueprint.route('/logout')
 @auth.oidc_logout
 def logout():
+    # UserSession(session).clear()
+    session.clear()
     return redirect(url_for('main.index'))