From da6b4f5e493e29cefb4ef0788f58111023a95030 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Tue, 12 May 2020 17:41:38 +0200
Subject: [PATCH] Fix the sso authentication status
---
hiboo/sso/oidc.py | 15 ++++++++-------
hiboo/sso/saml.py | 3 ++-
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index 89f69ab0..019db789 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -7,10 +7,10 @@ It relies heavily on authlib for the OAuth/OIDC implementation.
from authlib.integrations import flask_oauth2, sqla_oauth2
from authlib.oauth2 import rfc6749 as oauth2
from authlib.oidc import core as oidc
-from authlib.common import security
+from authlib.common import security as authlib_security
from hiboo.sso import blueprint, get_service
-from hiboo import models, utils, profile
+from hiboo import models, utils, profile, security
import flask
import time
@@ -22,9 +22,9 @@ def fill_service(service):
"""
if "client_id" not in service.config:
service.config.update(
- client_id=security.generate_token(24),
- client_secret=security.generate_token(48),
- jwt_key=security.generate_token(24),
+ client_id=authlib_security.generate_token(24),
+ client_secret=authlib_security.generate_token(48),
+ jwt_key=authlib_security.generate_token(24),
jwt_alg="HS256"
)
@@ -38,7 +38,7 @@ class AuthorizationCodeMixin(object):
def create_authorization_code(self, client, profile, request):
obj = AuthorizationCodeMixin.AuthorizationCode(
- code=security.generate_token(48), nonce=request.data.get("nonce") or "",
+ code=authlib_security.generate_token(48), nonce=request.data.get("nonce") or "",
client_id=client.client_id, redirect_uri=request.redirect_uri,
scope=request.scope, user_id=profile.uuid,
auth_time=int(time.time())
@@ -145,7 +145,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
""" Specific token generation function to help keep track of the profile associated with a token
"""
return dict(
- client_id=self.client_id, token_type="Bearer", access_token=security.generate_token(48),
+ client_id=self.client_id, token_type="Bearer", access_token=authlib_security.generate_token(48),
issued_at=time.time(), expires_in=expires_in or 3600, profile_uuid=user.uuid, scope=scope or ""
)
@@ -166,6 +166,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
@blueprint.route("/oidc/authorize/<service_uuid>", methods=["GET", "POST"])
+@security.authentication_required()
def oidc_authorize(service_uuid):
client = Client(get_service(service_uuid, __name__))
picked = profile.get_profile(client.service, intent=True) or flask.abort(403)
diff --git a/hiboo/sso/saml.py b/hiboo/sso/saml.py
index e656c545..3599045e 100644
--- a/hiboo/sso/saml.py
+++ b/hiboo/sso/saml.py
@@ -8,7 +8,7 @@ request parsing and response crafting.
"""
from hiboo.sso import blueprint, get_service
-from hiboo import profile
+from hiboo import profile, security
from cryptography import x509
from cryptography.hazmat import primitives, backends
@@ -128,6 +128,7 @@ class MetaData(mdstore.InMemoryMetaData):
@blueprint.route("/saml/redirect/<service_uuid>", methods=["GET", "POST"])
+@security.authentication_required()
def saml_redirect(service_uuid):
service = get_service(service_uuid, __name__)
# Get the profile from user input (implies redirects)
--
GitLab