From fc36647d4950084d2307c1d9547db5f65a102a63 Mon Sep 17 00:00:00 2001
From: Edward Betts <edward@4angle.com>
Date: Tue, 23 Jan 2024 10:49:58 +0000
Subject: [PATCH] Switch to UniAuth.auth

---
 agenda/auth.py | 36 ------------------------------------
 web_view.py    |  4 ++--
 2 files changed, 2 insertions(+), 38 deletions(-)
 delete mode 100644 agenda/auth.py

diff --git a/agenda/auth.py b/agenda/auth.py
deleted file mode 100644
index fefbee9..0000000
--- a/agenda/auth.py
+++ /dev/null
@@ -1,36 +0,0 @@
-"""Authentication via UniAuth."""
-
-import flask
-import werkzeug
-from itsdangerous.url_safe import URLSafeTimedSerializer
-
-max_age = 60 * 60 * 24 * 90
-
-
-def verify_auth_token(token: str) -> str | None:
-    """Verify the authentication token."""
-    serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
-    try:
-        username = serializer.loads(token, salt="auth", max_age=max_age)
-    except Exception:
-        return None
-
-    assert isinstance(username, str)
-    return username
-
-
-def require_authentication() -> werkzeug.Response | None:
-    """Require authentication and redirect with return URL."""
-    if not flask.current_app.config.get("REQUIRE_AUTH"):
-        return None
-
-    token = flask.request.cookies.get("auth_token")
-    if token and verify_auth_token(token):
-        return None
-
-    # Construct the redirect URL with the original URL as a parameter
-    return flask.redirect(
-        flask.current_app.config["UNIAUTH_URL"]
-        + "/login?next="
-        + werkzeug.urls.url_quote(flask.request.url)
-    )
diff --git a/web_view.py b/web_view.py
index ea84364..16aa6d7 100755
--- a/web_view.py
+++ b/web_view.py
@@ -11,11 +11,11 @@ import typing
 from datetime import date, datetime, timedelta
 
 import flask
+import UniAuth.auth
 import werkzeug
 import werkzeug.debug.tbtools
 import yaml
 
-import agenda.auth
 import agenda.data
 import agenda.error_mail
 import agenda.holidays
@@ -28,7 +28,7 @@ app = flask.Flask(__name__)
 app.debug = False
 app.config.from_object("config.default")
 
-app.before_request(agenda.auth.require_authentication)
+app.before_request(UniAuth.auth.require_authentication)
 
 agenda.error_mail.setup_error_mail(app)