update flask

master
n0emis 5 years ago
parent dccbc8d689
commit 8f83b5dfdf
Signed by: n0emis
GPG Key ID: 00FAF748B777CF10

@ -24,14 +24,14 @@ from flask import (
session, session,
url_for, url_for,
) )
from flask.ext.login import ( # from flask.ext.login import (
LoginManager, # LoginManager,
UserMixin, # UserMixin,
current_user, # current_user,
login_required, # login_required,
login_user, # login_user,
logout_user, # logout_user,
) # )
from flask_bootstrap import Bootstrap from flask_bootstrap import Bootstrap
from saml2 import ( from saml2 import (
BINDING_HTTP_POST, BINDING_HTTP_POST,
@ -52,6 +52,7 @@ import requests
metadata_url_for = { metadata_url_for = {
# For testing with http://saml.oktadev.com use the following: # For testing with http://saml.oktadev.com use the following:
# 'test': 'http://idp.oktadev.com/metadata', # 'test': 'http://idp.oktadev.com/metadata',
'keycloak': 'https://auth.labcode.de/auth/realms/test/protocol/saml/descriptor'
# WARNING WARNING WARNING # WARNING WARNING WARNING
# You MUST remove the testing IdP from a production system, # You MUST remove the testing IdP from a production system,
# as the testing IdP will allow ANYBODY to log in as ANY USER! # as the testing IdP will allow ANYBODY to log in as ANY USER!
@ -61,8 +62,8 @@ metadata_url_for = {
app = Flask(__name__) app = Flask(__name__)
Bootstrap(app) Bootstrap(app)
app.secret_key = str(uuid.uuid4()) # Replace with your secret key app.secret_key = str(uuid.uuid4()) # Replace with your secret key
login_manager = LoginManager() # login_manager = LoginManager()
login_manager.setup_app(app) # login_manager.setup_app(app)
logging.basicConfig(level=logging.DEBUG) logging.basicConfig(level=logging.DEBUG)
# NOTE: # NOTE:
# This is implemented as a dictionary for DEMONSTRATION PURPOSES ONLY. # This is implemented as a dictionary for DEMONSTRATION PURPOSES ONLY.
@ -94,6 +95,7 @@ def saml_client_for(idp_name=None):
rv = requests.get(metadata_url_for[idp_name]) rv = requests.get(metadata_url_for[idp_name])
settings = { settings = {
'entityid': 'pysaml',
'metadata': { 'metadata': {
'inline': [rv.text], 'inline': [rv.text],
}, },
@ -126,7 +128,7 @@ def saml_client_for(idp_name=None):
return saml_client return saml_client
class User(UserMixin): class User():
def __init__(self, user_id): def __init__(self, user_id):
user = {} user = {}
self.id = None self.id = None
@ -140,10 +142,10 @@ class User(UserMixin):
except: except:
pass pass
#
@login_manager.user_loader # @login_manager.user_loader
def load_user(user_id): # def load_user(user_id):
return User(user_id) # return User(user_id)
@app.route("/") @app.route("/")
@ -160,18 +162,25 @@ def idp_initiated(idp_name):
authn_response.get_identity() authn_response.get_identity()
user_info = authn_response.get_subject() user_info = authn_response.get_subject()
username = user_info.text username = user_info.text
print('#'*30)
print('uinfou', user_info)
print('username', username)
print('#'*30)
print('authn',authn_response)
# This is what as known as "Just In Time (JIT) provisioning". # This is what as known as "Just In Time (JIT) provisioning".
# What that means is that, if a user in a SAML assertion # What that means is that, if a user in a SAML assertion
# isn't in the user store, we create that user first, then log them in # isn't in the user store, we create that user first, then log them in
if username not in user_store: if username not in user_store:
print('#'*30)
print('AVA',authn_response.ava)
user_store[username] = { user_store[username] = {
'first_name': authn_response.ava['FirstName'][0], 'first_name': authn_response.ava.get('FirstName',[''])[0],
'last_name': authn_response.ava['LastName'][0], 'last_name': authn_response.ava.get('LastName',[''])[0],
} }
user = User(username) user = User(username)
session['saml_attributes'] = authn_response.ava session['saml_attributes'] = authn_response.ava
login_user(user) # login_user(user)
url = url_for('user') url = url_for('user')
# NOTE: # NOTE:
# On a production system, the RelayState MUST be checked # On a production system, the RelayState MUST be checked
@ -205,9 +214,10 @@ def sp_initiated(idp_name):
@app.route("/user") @app.route("/user")
@login_required # @login_required
def user(): def user():
return render_template('user.html', session=session) pass
# return render_template('main_page.html', session=session)
@app.errorhandler(401) @app.errorhandler(401)
@ -216,7 +226,7 @@ def error_unauthorized(error):
@app.route("/logout") @app.route("/logout")
@login_required # @login_required
def logout(): def logout():
logout_user() logout_user()
return redirect(url_for("main_page")) return redirect(url_for("main_page"))

@ -1,29 +1,24 @@
Flask==0.10.1 Flask
Flask-Bootstrap==3.3.5.7 Flask-Bootstrap
Flask-Login==0.3.2 Flask-Login
Jinja2==2.8 Jinja2
MarkupSafe==0.23 MarkupSafe
Paste==2.0.2 Paste
WebOb==1.5.1 WebOb
Werkzeug==0.11.4 Werkzeug
argparse==1.4.0 argparse
cffi==1.5.2 cffi
cryptography==1.2.3 cryptography
decorator==4.0.9 decorator
enum34==1.1.2 gunicorn
gunicorn==19.4.5 idna
idna==2.0 ipaddress
ipaddress==1.0.16 itsdangerous
itsdangerous==0.24 pyOpenSSL
pyOpenSSL==0.15.1 pyasn1
pyasn1==0.1.9 pycparser
pycparser==2.14 pycrypto
pycrypto==2.6.1 pysaml2
pysaml2==4.0.3 python-dateutil
python-dateutil==2.5.0 pytz
pytz==2015.7 requests
repoze.who==2.2
requests==2.9.1
six==1.10.0
wsgiref==0.1.2
zope.interface==4.1.3

@ -16,9 +16,6 @@
</div> </div>
<div id="navbar" class="collapse navbar-collapse"> <div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
{% if current_user.is_authenticated %}
<li><a href="{{ url_for('logout') }}">Logout</a></li>
{% endif %}
</ul> </ul>
</div><!--/.nav-collapse --> </div><!--/.nav-collapse -->
</div> </div>

@ -1,6 +1,6 @@
{% extends 'base.html' %} {% extends 'base.html' %}
{% block content %} {% block content %}
{% if current_user.is_authenticated %} {% if false %}
<div class="container"> <div class="container">
<h1>Logged in</h1> <h1>Logged in</h1>
<p class="lead"> <p class="lead">

Loading…
Cancel
Save