diff --git a/hsman/TODO.md b/hsman/TODO.md index 063576e..4fad345 100644 --- a/hsman/TODO.md +++ b/hsman/TODO.md @@ -1,4 +1,3 @@ -- improve configuration - improve APP_PREFIX - edit bootstrap CSS to fix fonts and colors - try to use a datatable for routes, with grouping diff --git a/hsman/app/__init__.py b/hsman/app/__init__.py index 80f589e..bfc07d1 100644 --- a/hsman/app/__init__.py +++ b/hsman/app/__init__.py @@ -11,31 +11,15 @@ import os mobility = Mobility() -client_metadata = ClientMetadata( - client_id=os.getenv('HSMAN_OIDC_CLIENT_ID'), - client_secret=os.getenv('HSMAN_OIDC_CLIENT_SECRET')) - - -provider_config = ProviderConfiguration(issuer=os.getenv('HSMAN_OIDC_URL'), - client_metadata=client_metadata, - auth_request_params={ - 'scope': ['openid', - 'profile', - 'groups', - 'email']}, - session_refresh_interval_seconds=1800) - -auth = OIDCAuthentication({'default': provider_config}) +auth = OIDCAuthentication() def create_app(environment='development'): from config import config - from .views import main_blueprint, rest_blueprint - # BRUTTO BRUTTO - app_prefix = os.getenv('APP_PREFIX', '') # Instantiate app. + app_prefix = os.getenv('APPLICATION_ROOT', '') app = Flask(__name__, static_url_path=f"{app_prefix}/static") @@ -46,12 +30,14 @@ def create_app(environment='development'): config[env].configure(app) app.config['APP_TZ'] = os.environ.get('TZ', 'UTC') - # app.static_url_path = f"{app.config['APP_PREFIX']}/static" - app.logger.info("middleware init: mobility") mobility.init_app(app) + app.logger.info("middleware init: auth") + auth.init_app(app) + # Register blueprints. + from .views import main_blueprint, rest_blueprint app.logger.info(f"registering main blueprint with prefix '{ main_blueprint.url_prefix}'") app.register_blueprint(main_blueprint) @@ -63,10 +49,8 @@ def create_app(environment='development'): app.logger.info("jinja2 custom filters loaded") filters.init_app(app) - app.logger.info("middleware init: auth") - auth.init_app(app) - # Error handlers. + @app.errorhandler(HTTPException) def handle_http_error(exc): return render_template('error.html', error=exc), exc.code diff --git a/hsman/app/lib.py b/hsman/app/lib.py index 744dc07..efcceb4 100644 --- a/hsman/app/lib.py +++ b/hsman/app/lib.py @@ -5,6 +5,7 @@ from flask import request, abort, current_app from flask import session as flask_session from flask_pyoidc import OIDCAuthentication as _OIDCAuth from flask_pyoidc.user_session import UserSession +from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata from typing import Callable, List @@ -36,6 +37,27 @@ def webMode() -> bool: class OIDCAuthentication(_OIDCAuth): + def __init__(self): + pass + + def init_app(self, app): + client_metadata = ClientMetadata( + client_id=app.config['OIDC_CLIENT_ID'], + client_secret=app.config['OIDC_CLIENT_SECRET']) + + provider_config = ProviderConfiguration( + issuer=app.config['OIDC_URL'], + client_metadata=client_metadata, + auth_request_params={ + 'scope': ['openid', + 'profile', + 'groups', + 'email']}, + session_refresh_interval_seconds=1800) + # self._provider_configurations = provider_config + super().__init__({'default': provider_config}) + super().init_app(app) + def authorize(self, provider_name: str, authz_fn: Callable, **kwargs): if provider_name not in self._provider_configurations: raise ValueError( @@ -48,7 +70,7 @@ class OIDCAuthentication(_OIDCAuth): # Decorator def oidc_decorator(view_func): - @functools.wraps(view_func) + @ functools.wraps(view_func) def wrapper(*args, **kwargs): # Retrieve session and client session = UserSession(flask_session, provider_name) diff --git a/hsman/app/templates/base.html b/hsman/app/templates/base.html index 9fb2c93..bd3d3f6 100644 --- a/hsman/app/templates/base.html +++ b/hsman/app/templates/base.html @@ -40,7 +40,7 @@