Cleanup auth and config

2024-07-22 16:41:33 +02:00 · 2024-07-22 16:41:33 +02:00 · ffdded6537
parent a1159ac97e
commit ffdded6537
5 changed files with 32 additions and 27 deletions
--- a/hsman/TODO.md
+++ b/hsman/TODO.md
@ -1,4 +1,3 @@
- improve configuration
 - improve APP_PREFIX
 - edit bootstrap CSS to fix fonts and colors
 - try to use a datatable for routes, with grouping
--- a/hsman/app/init.py
+++ b/hsman/app/init.py
@ -11,31 +11,15 @@ import os

 mobility = Mobility()

-client_metadata = ClientMetadata(
-    client_id=os.getenv('HSMAN_OIDC_CLIENT_ID'),
-    client_secret=os.getenv('HSMAN_OIDC_CLIENT_SECRET'))
-
-
-provider_config = ProviderConfiguration(issuer=os.getenv('HSMAN_OIDC_URL'),
-                                        client_metadata=client_metadata,
-                                        auth_request_params={
-                                            'scope': ['openid',
-                                                      'profile',
-                                                      'groups',
-                                                      'email']},
-                                        session_refresh_interval_seconds=1800)
-
-auth = OIDCAuthentication({'default': provider_config})
+auth = OIDCAuthentication()


 def create_app(environment='development'):

    from config import config
-    from .views import main_blueprint, rest_blueprint

-    # BRUTTO BRUTTO
-    app_prefix = os.getenv('APP_PREFIX', '')
    # Instantiate app.
+    app_prefix = os.getenv('APPLICATION_ROOT', '')
    app = Flask(__name__,
                static_url_path=f"{app_prefix}/static")

@ -46,12 +30,14 @@ def create_app(environment='development'):
    config[env].configure(app)
    app.config['APP_TZ'] = os.environ.get('TZ', 'UTC')

-    # app.static_url_path = f"{app.config['APP_PREFIX']}/static"
-
    app.logger.info("middleware init: mobility")
    mobility.init_app(app)

+    app.logger.info("middleware init: auth")
+    auth.init_app(app)
+
    # Register blueprints.
+    from .views import main_blueprint, rest_blueprint
    app.logger.info(f"registering main blueprint with prefix '{
                    main_blueprint.url_prefix}'")
    app.register_blueprint(main_blueprint)
@ -63,10 +49,8 @@ def create_app(environment='development'):
    app.logger.info("jinja2 custom filters loaded")
    filters.init_app(app)

-    app.logger.info("middleware init: auth")
-    auth.init_app(app)
-
    # Error handlers.
+
    @app.errorhandler(HTTPException)
    def handle_http_error(exc):
        return render_template('error.html', error=exc), exc.code
--- a/hsman/app/lib.py
+++ b/hsman/app/lib.py
@ -5,6 +5,7 @@ from flask import request, abort, current_app
 from flask import session as flask_session
 from flask_pyoidc import OIDCAuthentication as _OIDCAuth
 from flask_pyoidc.user_session import UserSession
+from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata

 from typing import Callable, List

@ -36,6 +37,27 @@ def webMode() -> bool:

 class OIDCAuthentication(_OIDCAuth):

+    def __init__(self):
+        pass
+
+    def init_app(self, app):
+        client_metadata = ClientMetadata(
+            client_id=app.config['OIDC_CLIENT_ID'],
+            client_secret=app.config['OIDC_CLIENT_SECRET'])
+
+        provider_config = ProviderConfiguration(
+            issuer=app.config['OIDC_URL'],
+            client_metadata=client_metadata,
+            auth_request_params={
+                'scope': ['openid',
+                          'profile',
+                          'groups',
+                          'email']},
+            session_refresh_interval_seconds=1800)
+        # self._provider_configurations = provider_config
+        super().__init__({'default': provider_config})
+        super().init_app(app)
+
    def authorize(self, provider_name: str, authz_fn: Callable, **kwargs):
        if provider_name not in self._provider_configurations:
            raise ValueError(
@ -48,7 +70,7 @@ class OIDCAuthentication(_OIDCAuth):

        # Decorator
        def oidc_decorator(view_func):
-            @functools.wraps(view_func)
+            @ functools.wraps(view_func)
            def wrapper(*args, **kwargs):
                # Retrieve session and client
                session = UserSession(flask_session, provider_name)
--- a/hsman/app/templates/base.html
+++ b/hsman/app/templates/base.html
@ -40,7 +40,7 @@
    <nav class="navbar navbar-expand-lg navbar-themed">
        <!-- Navbar Brand -->
        <a class="navbar-brand" href="{{ url_for('main.index') }}">
-          <img src="/static/hsman.png">
+          <img src="{{ url_for('static', filename='/hsman.png') }}">
          <!-- HSMAN -->
        </a>
        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav"
--- a/hsman/app/views/rest.py
+++ b/hsman/app/views/rest.py
@ -17,7 +17,7 @@ log = logging.getLogger()
 # REST calls

 rest_blueprint = Blueprint(
-    'rest', __name__, url_prefix=os.getenv('APP_PREFIX', '/'))
+    'rest', __name__, url_prefix=os.getenv('APPLICATION_ROOT', '/'))


@rest_blueprint.route('/routeToggle/<int:routeId>', methods=['GET'])