enable authentication, disable kratos stuff

2022-10-25 12:42:35 +02:00 · 2022-10-25 12:42:35 +02:00 · d1838267ea
commit d1838267ea
parent 4c6b7e4414
11 changed files with 171 additions and 46 deletions
--- a/backend/.env.sample
+++ b/backend/.env.sample
@ -3,6 +3,7 @@ HYDRA_CLIENT_SECRET=
 HYDRA_AUTHORIZATION_BASE_URL="https://sso.example.org/application/o/authorize/"
 HYDRA_PUBLIC_URL="https://sso.example.org/application/o/"
 TOKEN_URL="https://sso.example.org/application/o/token/"
+REDIRECT_URL="https://example.org/login-callback"
 SECRET_KEY=
 LOAD_INCLUSTER_CONFIG=false
 DATABASE_URL=sqlite:///database.db
--- a/backend/.gitignore
+++ b/backend/.gitignore
@ -8,3 +8,4 @@ __pycache__
 .envrc
 .direnv
 run_app.local.sh
+*.db
--- a/backend/Makefile
+++ b/backend/Makefile
@ -0,0 +1,11 @@
+
+clean:
+	rm database.db
+	flask db upgrade
+
+demo:
+	flask cli app create nextcloud Dateiablage "https://cloud.dev.local-it.cloud"
+	flask cli app create vikunja Projekte "https://vikunja.dev.local-it.cloud"
+
+run:
+	flask run
--- a/backend/areas/apps/models_lit.py
+++ b/backend/areas/apps/models_lit.py
@ -1,21 +1,7 @@
 """Everything to do with Apps"""

-import os
-import base64
-
-from sqlalchemy import ForeignKey, Integer, String, Boolean
-from sqlalchemy.orm import relationship
-
 from database import db
 from .models import App
-# import helpers.kubernetes as k8s
-
-
-DEFAULT_APP_SUBDOMAINS = {
-    "nextcloud": "files",
-    "wordpress": "www",
-    "monitoring": "grafana",
-}

 class LITApp(App):
    """
--- a/backend/areas/auth/auth.py
+++ b/backend/areas/auth/auth.py
@ -30,38 +30,39 @@ def hydra_callback():
    token = HydraOauth.get_token(state, code)
    user_info = HydraOauth.get_user_info()
    # Match Kratos identity with Hydra
-    identities = KratosApi.get("/identities")
-    identity = None
-    for i in identities.json():
-        if i["traits"]["email"] == user_info["email"]:
-            identity = i
+    # identities = KratosApi.get("/identities")
+    # identity = None
+    # for i in identities.json():
+    #     if i["traits"]["email"] == user_info["email"]:
+    #         identity = i

    access_token = create_access_token(
-        identity=token, expires_delta=timedelta(days=365), additional_claims={"user_id": identity["id"]}
+        identity=token, expires_delta=timedelta(days=365),
+        #additional_claims={"user_id": identity["id"]}
    )

-    apps = App.query.all()
-    app_roles = []
-    for app in apps:
-        tmp_app_role = AppRole.query.filter_by(
-            user_id=identity["id"], app_id=app.id
-        ).first()
-        app_roles.append(
-            {
-                "name": app.slug,
-                "role_id": tmp_app_role.role_id if tmp_app_role else None,
-            }
-        )
+    # apps = App.query.all()
+    # app_roles = []
+    # for app in apps:
+    #     tmp_app_role = AppRole.query.filter_by(
+    #         user_id=identity["id"], app_id=app.id
+    #     ).first()
+    #     app_roles.append(
+    #         {
+    #             "name": app.slug,
+    #             "role_id": tmp_app_role.role_id if tmp_app_role else None,
+    #         }
+    #     )

    return jsonify(
        {
            "accessToken": access_token,
            "userInfo": {
-                "id": identity["id"],
+                "id": user_info["email"],
                "email": user_info["email"],
                "name": user_info["name"],
                "preferredUsername": user_info["preferred_username"],
-                "app_roles": app_roles,
+                # "app_roles": app_roles,
            },
        }
    )
--- a/backend/config.py
+++ b/backend/config.py
@ -5,6 +5,7 @@ HYDRA_CLIENT_ID = os.environ.get("HYDRA_CLIENT_ID")
 HYDRA_CLIENT_SECRET = os.environ.get("HYDRA_CLIENT_SECRET")
 HYDRA_AUTHORIZATION_BASE_URL = os.environ.get("HYDRA_AUTHORIZATION_BASE_URL")
 TOKEN_URL = os.environ.get("TOKEN_URL")
+REDIRECT_URL = os.environ.get("REDIRECT_URL")

 LOGIN_PANEL_URL = os.environ.get("LOGIN_PANEL_URL")

--- a/backend/helpers/hydra_oauth.py
+++ b/backend/helpers/hydra_oauth.py
@ -9,7 +9,7 @@ class HydraOauth:
    @staticmethod
    def authorize():
        try:
-            hydra = OAuth2Session(HYDRA_CLIENT_ID)
+            hydra = OAuth2Session(HYDRA_CLIENT_ID, redirect_uri=REDIRECT_URL)
            authorization_url, state = hydra.authorization_url(
                HYDRA_AUTHORIZATION_BASE_URL
            )