From 8f83b5dfdfbe37ad8c6107b8bc04559b6db9efa9 Mon Sep 17 00:00:00 2001
From: Simeon Keske <git@n0emis.eu>
Date: Mon, 11 May 2020 00:54:50 +0200
Subject: [PATCH] update flask

---
 app.py                   | 52 +++++++++++++++++++++++----------------
 requirements.txt         | 53 ++++++++++++++++++----------------------
 templates/base.html      |  3 ---
 templates/main_page.html |  2 +-
 4 files changed, 56 insertions(+), 54 deletions(-)

diff --git a/app.py b/app.py
index e387667..f6624e8 100644
--- a/app.py
+++ b/app.py
@@ -24,14 +24,14 @@ from flask import (
     session,
     url_for,
 )
-from flask.ext.login import (
-    LoginManager,
-    UserMixin,
-    current_user,
-    login_required,
-    login_user,
-    logout_user,
-)
+# from flask.ext.login import (
+#     LoginManager,
+#     UserMixin,
+#     current_user,
+#     login_required,
+#     login_user,
+#     logout_user,
+# )
 from flask_bootstrap import Bootstrap
 from saml2 import (
     BINDING_HTTP_POST,
@@ -52,6 +52,7 @@ import requests
 metadata_url_for = {
     # For testing with http://saml.oktadev.com use the following:
     # 'test': 'http://idp.oktadev.com/metadata',
+    'keycloak': 'https://auth.labcode.de/auth/realms/test/protocol/saml/descriptor'
     # WARNING WARNING WARNING
     #   You MUST remove the testing IdP from a production system,
     #   as the testing IdP will allow ANYBODY to log in as ANY USER!
@@ -61,8 +62,8 @@ metadata_url_for = {
 app = Flask(__name__)
 Bootstrap(app)
 app.secret_key = str(uuid.uuid4())  # Replace with your secret key
-login_manager = LoginManager()
-login_manager.setup_app(app)
+# login_manager = LoginManager()
+# login_manager.setup_app(app)
 logging.basicConfig(level=logging.DEBUG)
 # NOTE:
 #   This is implemented as a dictionary for DEMONSTRATION PURPOSES ONLY.
@@ -94,6 +95,7 @@ def saml_client_for(idp_name=None):
     rv = requests.get(metadata_url_for[idp_name])
 
     settings = {
+        'entityid': 'pysaml',
         'metadata': {
             'inline': [rv.text],
             },
@@ -126,7 +128,7 @@ def saml_client_for(idp_name=None):
     return saml_client
 
 
-class User(UserMixin):
+class User():
     def __init__(self, user_id):
         user = {}
         self.id = None
@@ -140,10 +142,10 @@ class User(UserMixin):
         except:
             pass
 
-
-@login_manager.user_loader
-def load_user(user_id):
-    return User(user_id)
+#
+# @login_manager.user_loader
+# def load_user(user_id):
+#     return User(user_id)
 
 
 @app.route("/")
@@ -160,18 +162,25 @@ def idp_initiated(idp_name):
     authn_response.get_identity()
     user_info = authn_response.get_subject()
     username = user_info.text
+    print('#'*30)
+    print('uinfou', user_info)
+    print('username', username)
+    print('#'*30)
+    print('authn',authn_response)
 
     # This is what as known as "Just In Time (JIT) provisioning".
     # What that means is that, if a user in a SAML assertion
     # isn't in the user store, we create that user first, then log them in
     if username not in user_store:
+        print('#'*30)
+        print('AVA',authn_response.ava)
         user_store[username] = {
-            'first_name': authn_response.ava['FirstName'][0],
-            'last_name': authn_response.ava['LastName'][0],
+            'first_name': authn_response.ava.get('FirstName',[''])[0],
+            'last_name': authn_response.ava.get('LastName',[''])[0],
             }
     user = User(username)
     session['saml_attributes'] = authn_response.ava
-    login_user(user)
+    # login_user(user)
     url = url_for('user')
     # NOTE:
     #   On a production system, the RelayState MUST be checked
@@ -205,9 +214,10 @@ def sp_initiated(idp_name):
 
 
 @app.route("/user")
-@login_required
+# @login_required
 def user():
-    return render_template('user.html', session=session)
+    pass
+    # return render_template('main_page.html', session=session)
 
 
 @app.errorhandler(401)
@@ -216,7 +226,7 @@ def error_unauthorized(error):
 
 
 @app.route("/logout")
-@login_required
+# @login_required
 def logout():
     logout_user()
     return redirect(url_for("main_page"))
diff --git a/requirements.txt b/requirements.txt
index 78b6483..04aa606 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,29 +1,24 @@
-Flask==0.10.1
-Flask-Bootstrap==3.3.5.7
-Flask-Login==0.3.2
-Jinja2==2.8
-MarkupSafe==0.23
-Paste==2.0.2
-WebOb==1.5.1
-Werkzeug==0.11.4
-argparse==1.4.0
-cffi==1.5.2
-cryptography==1.2.3
-decorator==4.0.9
-enum34==1.1.2
-gunicorn==19.4.5
-idna==2.0
-ipaddress==1.0.16
-itsdangerous==0.24
-pyOpenSSL==0.15.1
-pyasn1==0.1.9
-pycparser==2.14
-pycrypto==2.6.1
-pysaml2==4.0.3
-python-dateutil==2.5.0
-pytz==2015.7
-repoze.who==2.2
-requests==2.9.1
-six==1.10.0
-wsgiref==0.1.2
-zope.interface==4.1.3
+Flask
+Flask-Bootstrap
+Flask-Login
+Jinja2
+MarkupSafe
+Paste
+WebOb
+Werkzeug
+argparse
+cffi
+cryptography
+decorator
+gunicorn
+idna
+ipaddress
+itsdangerous
+pyOpenSSL
+pyasn1
+pycparser
+pycrypto
+pysaml2
+python-dateutil
+pytz
+requests
diff --git a/templates/base.html b/templates/base.html
index 69fd37c..f2e832b 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -16,9 +16,6 @@
         </div>
         <div id="navbar" class="collapse navbar-collapse">
           <ul class="nav navbar-nav">
-	    {% if current_user.is_authenticated %}
-            <li><a href="{{ url_for('logout') }}">Logout</a></li>
-	    {% endif %}
           </ul>
         </div><!--/.nav-collapse -->
       </div>
diff --git a/templates/main_page.html b/templates/main_page.html
index 1805a06..834e9b3 100644
--- a/templates/main_page.html
+++ b/templates/main_page.html
@@ -1,6 +1,6 @@
 {% extends 'base.html' %}
 {% block content %}
-{% if current_user.is_authenticated %}
+{% if false %}
 <div class="container">
   <h1>Logged in</h1>
   <p class="lead">