From ad38ed9136732844a7b3f84cf9d3d910e7e0ade8 Mon Sep 17 00:00:00 2001
From: Edward Betts <edward@4angle.com>
Date: Sun, 25 Feb 2024 09:10:55 +0000
Subject: [PATCH] Add support for web app unprivileged view

---
 UniAuth/auth.py | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/UniAuth/auth.py b/UniAuth/auth.py
index 75b6deb..88cd80c 100644
--- a/UniAuth/auth.py
+++ b/UniAuth/auth.py
@@ -2,6 +2,8 @@
 
 import json
 import typing
+import urllib
+from dataclasses import dataclass
 from datetime import datetime, timedelta
 
 import flask
@@ -9,9 +11,24 @@ import itsdangerous
 import werkzeug
 from itsdangerous.url_safe import URLSafeTimedSerializer
 
+import UniAuth
+
 max_age = 60 * 60 * 24 * 90
 
 
+@dataclass
+class User:
+    """User."""
+
+    is_authenticated: bool
+
+
+def get_current_user() -> User:
+    token = flask.request.cookies.get("auth_token")
+    is_authenticated = bool(token and verify_auth_token(token))
+    return UniAuth.auth.User(is_authenticated=is_authenticated)
+
+
 def generate_secure_token(data: str, salt: str) -> str:
     """Generate a secure token for the given data."""
     serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
@@ -57,10 +74,15 @@ def require_authentication() -> werkzeug.Response | None:
     if flask.request.endpoint == "auth_callback":
         return None
 
-    token = flask.request.cookies.get("auth_token")
-    if token and verify_auth_token(token):
+    auth_token = flask.request.cookies.get("auth_token")
+    if auth_token and verify_auth_token(auth_token):
         return None
+    else:
+        return redirect_to_login(flask.request.url)
 
+
+def redirect_to_login(original_url: str) -> werkzeug.Response:
+    """Redirect from web app to UniAuth login page."""
     callback_url = flask.url_for("auth_callback", _external=True)
 
     token_payload = {"original_url": flask.request.url, "callback_url": callback_url}
@@ -72,6 +94,16 @@ def require_authentication() -> werkzeug.Response | None:
     return flask.redirect(redirect_to_uniauth)
 
 
+def redirect_to_logout(next_url: str) -> werkzeug.Response:
+    """Redirect from web app to UniAuth logout page."""
+    # Construct the redirect URL with the original URL as a parameter
+    redirect_url = flask.current_app.config["UNIAUTH_URL"] + "/logout"
+    redirect_to_uniauth = redirect_url + "?next=" + urllib.parse.quote(next_url)
+    response = flask.redirect(redirect_to_uniauth)
+    response.set_cookie("auth_token", "", httponly=True, secure=True)
+    return response
+
+
 def auth_callback() -> tuple[str, int] | werkzeug.Response:
     """Process the authentication callback."""
     auth_token = flask.request.args.get("auth_token")