From a1c66152ae20eb5f2a0c85f4a1086929e33f649a Mon Sep 17 00:00:00 2001
From: Andrea Mistrali <akelge@gmail.com>
Date: Thu, 5 Sep 2024 11:12:55 +0200
Subject: [PATCH] Fixed view for non admin users

---
 app/__init__.py          |  9 +++++----
 app/lib.py               | 17 ++++++++++++++++-
 app/templates/base.html  |  2 ++
 app/templates/error.html |  7 ++++---
 app/templates/index.html | 19 ++++++++++---------
 app/templates/node.html  |  1 -
 app/views/main.py        |  9 +++------
 app/views/rest.py        |  6 ++----
 wsgi.py                  |  2 +-
 9 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index dc420de..1ed143b 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -1,9 +1,7 @@
-from flask import Flask, render_template
+from flask import Flask, render_template, g
 from werkzeug.exceptions import HTTPException
 
 from flask_mobility import Mobility
-from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
-
 
 from . import filters
 from .lib import OIDCAuthentication
@@ -53,9 +51,12 @@ def create_app(environment='development'):
     filters.init_app(app)
 
     # Error handlers.
-
     @app.errorhandler(HTTPException)
     def handle_http_error(exc):
         return render_template('error.html', error=exc), exc.code
 
+    @app.context_processor
+    def inject_auth():
+        return dict(auth=auth)
+
     return app
diff --git a/app/lib.py b/app/lib.py
index 303650e..a00670e 100644
--- a/app/lib.py
+++ b/app/lib.py
@@ -56,11 +56,26 @@ class OIDCAuthentication(_OIDCAuth):
         userinfo = flask_session['userinfo']
         return userinfo['email'].split('@')[0]
 
+    @property
+    def email(self) -> str:
+        userinfo = flask_session['userinfo']
+        return userinfo['email']
+
     @property
     def login_name(self) -> str:
         userinfo = flask_session['userinfo']
         return userinfo.get('preferred_username', self.username)
 
+    @property
+    def full_name(self) -> str:
+        userinfo = flask_session['userinfo']
+        return userinfo.get('name')
+
+    @property
+    def groups(self) -> list:
+        userinfo = flask_session['userinfo']
+        return userinfo.get('groups')
+
     @property
     def isAdmin(self) -> bool:
         userinfo = flask_session['userinfo']
@@ -73,7 +88,7 @@ class OIDCAuthentication(_OIDCAuth):
 
             if len(authorized_groups):
                 log.debug(f"'{self.username}' is a member of {
-                          authorized_groups}")
+                          authorized_groups}. isAdmin == True")
                 return True
 
             if self.username in admin_users:
diff --git a/app/templates/base.html b/app/templates/base.html
index bd3d3f6..13ba30c 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -50,6 +50,7 @@
 
         <div class="collapse navbar-collapse" id="navbarNav">
           <ul class="navbar-nav mr-auto">
+          {% if auth.isAdmin %}
             <li class="nav-item">
               <a class="nav-link" href="{{ url_for('main.nodes') }}">nodes</a>
             </li>
@@ -59,6 +60,7 @@
             <li class="nav-item">
               <a class="nav-link" href="{{ url_for('main.routes') }}">routes</a>
             </li>
+          {% endif %}
           </ul>
           <ul class="navbar-nav">
             <li class="nav-item me-right">
diff --git a/app/templates/error.html b/app/templates/error.html
index df46834..28e9fe4 100644
--- a/app/templates/error.html
+++ b/app/templates/error.html
@@ -1,10 +1,11 @@
 {% extends "base.html" %}
 
 {% block content %}
-<div class="jumbotron my-4">
+<div class="jumbotron jumbotron-fluid my-4">
   <div class="text-center">
-    <h1>{{ '%s - %s' % (error.code, error.name) }}</h1>
+    <h1>Oops, something went wrong</h1>
+    <h1>{{ '%s - %s' % (error.code, error.name) }}</h2>
     <p>{{ error.description }}.</p>
   </div>
 </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/app/templates/index.html b/app/templates/index.html
index 982ec7a..284501a 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -2,25 +2,26 @@
 
 {% block content %}
 <h3>
-    Welcome, {{ session.userinfo.name }}
+    Welcome, {{ auth.full_name }}
 </h3>
 <hr>
 <h4>authentication info</h4>
 <div class="row data">
     <div class="col col-2">
-        <strong>email</strong>
+        <strong>username</strong>
     </div>
     <div class="col col-6">
-        {{ session.userinfo.email }}
-        <!-- {{ session.userinfo.email_verified | fancyBool | safe }} -->
+        <span data-toggle="tooltip" data-placement="right" title="OIDC username: {{ auth.login_name }}">
+        {{ auth.username }}
+        </span>
     </div>
 </div>
 <div class="row data">
     <div class="col col-2">
-        <strong>username</strong>
+        <strong>email</strong>
     </div>
     <div class="col col-6">
-        {{ session.userinfo.preferred_username }}
+        {{ auth.email }}
     </div>
 </div>
 <div class="row data">
@@ -29,16 +30,16 @@
     </div>
     <div class="col col-6">
         <i class="fas fa-angle-right"></i>
-       {% if session.userinfo.groups[0] in config['ADMIN_GROUPS'] %}
+        {% if auth.groups[0] in config['ADMIN_GROUPS'] %}
         <span class="badge badge-pill badge-warning">
         {% else %}
         <span class="badge badge-pill badge-dark">
         {% endif %}
-        {{ session.userinfo.groups[0]}}
+        {{ auth.groups[0]}}
         </span>
     </div>
 </div>
-        {% for group in session.userinfo.groups[1:] |sort %}
+        {% for group in auth.groups[1:] |sort %}
 <div class="row data">
     <div class="col col-2">
         &nbsp;
diff --git a/app/templates/node.html b/app/templates/node.html
index a74ae8f..c3aeee3 100644
--- a/app/templates/node.html
+++ b/app/templates/node.html
@@ -39,7 +39,6 @@
             <span class="badge badge-pill badge-warning">
             {{ node.registerMethod.name }}
             </span>
-
         </span>
     </div>
 </div>
diff --git a/app/views/main.py b/app/views/main.py
index 4b05f30..b51b8fa 100644
--- a/app/views/main.py
+++ b/app/views/main.py
@@ -2,7 +2,7 @@ import logging
 import datetime
 import os
 from flask import current_app
-from flask import render_template, Blueprint, request
+from flask import render_template, Blueprint
 from flask import redirect, session, url_for
 from app import auth
 
@@ -38,13 +38,10 @@ def token():
 @main_blueprint.route('/', methods=['GET', 'POST'])
 @auth.access_control('default')
 def index():
-    user_session = UserSession(session)
-    hs_user = user_session.userinfo['email'].split('@')[0]
+    hs_user = auth.username
     userNodeList = [n for n in Node().list().nodes if n.user.name == hs_user]
     return render_template('index.html',
-                           userNodeList=userNodeList,
-                           session=user_session,
-                           auth=auth)
+                           userNodeList=userNodeList)
 
 
 @main_blueprint.route('/logout')
diff --git a/app/views/rest.py b/app/views/rest.py
index 6525790..181ca7d 100644
--- a/app/views/rest.py
+++ b/app/views/rest.py
@@ -4,8 +4,6 @@ from flask import Blueprint, request
 from flask import redirect, url_for
 from app import auth
 
-# from ..lib import login_name, username
-
 from flask import jsonify
 
 from hsapi_client import Node, User, Route, PreAuthKey
@@ -14,8 +12,8 @@ from hsapi_client.preauthkeys import (v1CreatePreAuthKeyRequest,
 
 
 log = logging.getLogger()
-# REST calls
 
+# REST calls
 rest_blueprint = Blueprint(
     'rest', __name__, url_prefix=os.getenv('APPLICATION_ROOT', '/'))
 
@@ -30,7 +28,7 @@ def routeToggle(routeId: int):
         else:
             action = 'enabled'
         log.info(
-            f"route '{route.prefix}' via '{route.node.givenName}'"
+            f"route '{route.prefix}' via '{route.node.givenName}' "
             f"{action} by '{auth.username}'")
         Route().toggle(routeId)
     return redirect(request.referrer)
diff --git a/wsgi.py b/wsgi.py
index 3e32421..6fe396d 100644
--- a/wsgi.py
+++ b/wsgi.py
@@ -19,7 +19,7 @@ log.debug(f"Running in web mode: {lib.webMode()}")
 def get_context():
     # flask cli context setup
     """Objects exposed here will be automatically available from the shell."""
-    return dict(app=app, models=models)
+    return dict(app=app)
 
 
 if __name__ == '__main__':