dashboard/backend/areas/auth/auth.py

66 lines
1.9 KiB
Python
Raw Permalink Normal View History

from flask import jsonify, request
2021-09-27 12:03:35 +02:00
from flask_jwt_extended import create_access_token
from flask_cors import cross_origin
2022-01-18 10:48:18 +01:00
from datetime import timedelta
2021-09-27 12:03:35 +02:00
2021-10-28 16:09:10 +02:00
from areas import api_v1
from areas.apps import App, AppRole
2022-01-18 10:48:18 +01:00
from config import *
from helpers import HydraOauth, BadRequest, KratosApi
2021-09-27 12:03:35 +02:00
2022-01-18 10:48:18 +01:00
@api_v1.route("/login", methods=["POST"])
2021-09-27 12:03:35 +02:00
@cross_origin()
def login():
2022-01-18 10:48:18 +01:00
authorization_url = HydraOauth.authorize()
return jsonify({"authorizationUrl": authorization_url})
@api_v1.route("/hydra/callback")
@cross_origin()
def hydra_callback():
state = request.args.get("state")
code = request.args.get("code")
if state == None:
raise BadRequest("Missing state query param")
if code == None:
raise BadRequest("Missing code query param")
token = HydraOauth.get_token(state, code)
2022-02-10 09:43:15 +01:00
user_info = HydraOauth.get_user_info()
# Match Kratos identity with Hydra
2022-11-02 11:32:26 +01:00
identities = KratosApi.get("/identities")
identity = None
for i in identities.json():
if i["traits"]["email"] == user_info["email"]:
identity = i
2022-02-10 09:43:15 +01:00
2022-01-18 10:48:18 +01:00
access_token = create_access_token(
2022-11-02 11:32:26 +01:00
identity=token, expires_delta=timedelta(days=365), additional_claims={"user_id": identity["id"]}
2022-01-18 10:48:18 +01:00
)
2021-09-27 12:03:35 +02:00
2022-11-02 11:32:26 +01:00
apps = App.query.all()
app_roles = []
for app in apps:
tmp_app_role = AppRole.query.filter_by(
user_id=identity["id"], app_id=app.id
).first()
app_roles.append(
{
"name": app.slug,
"role_id": tmp_app_role.role_id if tmp_app_role else None,
}
)
2022-04-15 12:44:30 +02:00
2022-02-10 09:43:15 +01:00
return jsonify(
{
"accessToken": access_token,
"userInfo": {
2022-11-02 11:32:26 +01:00
"id": identity["id"],
2022-02-10 09:43:15 +01:00
"email": user_info["email"],
"name": user_info["name"],
"preferredUsername": user_info["preferred_username"],
2022-11-02 11:32:26 +01:00
"app_roles": app_roles,
2022-02-10 09:43:15 +01:00
},
}
)