update flask

4 years ago · 8f83b5dfdf
parent dccbc8d689
commit 8f83b5dfdf
4 changed files with 56 additions and 54 deletions
--- a/app.py
+++ b/app.py
@ -24,14 +24,14 @@ from flask import (
    session,
    url_for,
 )
-from flask.ext.login import (
-    LoginManager,
-    UserMixin,
-    current_user,
-    login_required,
-    login_user,
-    logout_user,
-)
+# from flask.ext.login import (
+#     LoginManager,
+#     UserMixin,
+#     current_user,
+#     login_required,
+#     login_user,
+#     logout_user,
+# )
 from flask_bootstrap import Bootstrap
 from saml2 import (
    BINDING_HTTP_POST,
@ -52,6 +52,7 @@ import requests
 metadata_url_for = {
    # For testing with http://saml.oktadev.com use the following:
    # 'test': 'http://idp.oktadev.com/metadata',
+    'keycloak': 'https://auth.labcode.de/auth/realms/test/protocol/saml/descriptor'
    # WARNING WARNING WARNING
    #   You MUST remove the testing IdP from a production system,
    #   as the testing IdP will allow ANYBODY to log in as ANY USER!
@ -61,8 +62,8 @@ metadata_url_for = {
 app = Flask(__name__)
 Bootstrap(app)
 app.secret_key = str(uuid.uuid4())  # Replace with your secret key
-login_manager = LoginManager()
-login_manager.setup_app(app)
+# login_manager = LoginManager()
+# login_manager.setup_app(app)
 logging.basicConfig(level=logging.DEBUG)
 # NOTE:
 #   This is implemented as a dictionary for DEMONSTRATION PURPOSES ONLY.
@ -94,6 +95,7 @@ def saml_client_for(idp_name=None):
    rv = requests.get(metadata_url_for[idp_name])

    settings = {
+        'entityid': 'pysaml',
        'metadata': {
            'inline': [rv.text],
            },
@ -126,7 +128,7 @@ def saml_client_for(idp_name=None):
    return saml_client


-class User(UserMixin):
+class User():
    def __init__(self, user_id):
        user = {}
        self.id = None
@ -140,10 +142,10 @@ class User(UserMixin):
        except:
            pass

-
-@login_manager.user_loader
-def load_user(user_id):
-    return User(user_id)
+#
+# @login_manager.user_loader
+# def load_user(user_id):
+#     return User(user_id)


@app.route("/")
@ -160,18 +162,25 @@ def idp_initiated(idp_name):
    authn_response.get_identity()
    user_info = authn_response.get_subject()
    username = user_info.text
+    print('#'*30)
+    print('uinfou', user_info)
+    print('username', username)
+    print('#'*30)
+    print('authn',authn_response)

    # This is what as known as "Just In Time (JIT) provisioning".
    # What that means is that, if a user in a SAML assertion
    # isn't in the user store, we create that user first, then log them in
    if username not in user_store:
+        print('#'*30)
+        print('AVA',authn_response.ava)
        user_store[username] = {
-            'first_name': authn_response.ava['FirstName'][0],
-            'last_name': authn_response.ava['LastName'][0],
+            'first_name': authn_response.ava.get('FirstName',[''])[0],
+            'last_name': authn_response.ava.get('LastName',[''])[0],
            }
    user = User(username)
    session['saml_attributes'] = authn_response.ava
-    login_user(user)
+    # login_user(user)
    url = url_for('user')
    # NOTE:
    #   On a production system, the RelayState MUST be checked
@ -205,9 +214,10 @@ def sp_initiated(idp_name):


@app.route("/user")
-@login_required
+# @login_required
 def user():
-    return render_template('user.html', session=session)
+    pass
+    # return render_template('main_page.html', session=session)


@app.errorhandler(401)
@ -216,7 +226,7 @@ def error_unauthorized(error):


@app.route("/logout")
-@login_required
+# @login_required
 def logout():
    logout_user()
    return redirect(url_for("main_page"))
--- a/requirements.txt
+++ b/requirements.txt
@ -1,29 +1,24 @@
-Flask==0.10.1
-Flask-Bootstrap==3.3.5.7
-Flask-Login==0.3.2
-Jinja2==2.8
-MarkupSafe==0.23
-Paste==2.0.2
-WebOb==1.5.1
-Werkzeug==0.11.4
-argparse==1.4.0
-cffi==1.5.2
-cryptography==1.2.3
-decorator==4.0.9
-enum34==1.1.2
-gunicorn==19.4.5
-idna==2.0
-ipaddress==1.0.16
-itsdangerous==0.24
-pyOpenSSL==0.15.1
-pyasn1==0.1.9
-pycparser==2.14
-pycrypto==2.6.1
-pysaml2==4.0.3
-python-dateutil==2.5.0
-pytz==2015.7
-repoze.who==2.2
-requests==2.9.1
-six==1.10.0
-wsgiref==0.1.2
-zope.interface==4.1.3
+Flask
+Flask-Bootstrap
+Flask-Login
+Jinja2
+MarkupSafe
+Paste
+WebOb
+Werkzeug
+argparse
+cffi
+cryptography
+decorator
+gunicorn
+idna
+ipaddress
+itsdangerous
+pyOpenSSL
+pyasn1
+pycparser
+pycrypto
+pysaml2
+python-dateutil
+pytz
+requests
--- a/templates/base.html
+++ b/templates/base.html
@ -16,9 +16,6 @@
        </div>
        <div id="navbar" class="collapse navbar-collapse">
          <ul class="nav navbar-nav">
-	    {% if current_user.is_authenticated %}
-            <li><a href="{{ url_for('logout') }}">Logout</a></li>
-	    {% endif %}
          </ul>
        </div><!--/.nav-collapse -->
      </div>
--- a/templates/main_page.html
+++ b/templates/main_page.html
@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 {% block content %}
-{% if current_user.is_authenticated %}
+{% if false %}
 <div class="container">
  <h1>Logged in</h1>
  <p class="lead">