Switch to UniAuth.auth

agenda/auth.py

@@ -1,36 +0,0 @@
-"""Authentication via UniAuth."""
-
-import flask
-import werkzeug
-from itsdangerous.url_safe import URLSafeTimedSerializer
-
-max_age = 60 * 60 * 24 * 90
-
-
-def verify_auth_token(token: str) -> str | None:
-    """Verify the authentication token."""
-    serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
-    try:
-        username = serializer.loads(token, salt="auth", max_age=max_age)
-    except Exception:
-        return None
-
-    assert isinstance(username, str)
-    return username
-
-
-def require_authentication() -> werkzeug.Response | None:
-    """Require authentication and redirect with return URL."""
-    if not flask.current_app.config.get("REQUIRE_AUTH"):
-        return None
-
-    token = flask.request.cookies.get("auth_token")
-    if token and verify_auth_token(token):
-        return None
-
-    # Construct the redirect URL with the original URL as a parameter
-    return flask.redirect(
-        flask.current_app.config["UNIAUTH_URL"]
-        + "/login?next="
-        + werkzeug.urls.url_quote(flask.request.url)
-    )

web_view.py

@@ -11,11 +11,11 @@ import typing
 from datetime import date, datetime, timedelta
 
 import flask
+import UniAuth.auth
 import werkzeug
 import werkzeug.debug.tbtools
 import yaml
 
-import agenda.auth
 import agenda.data
 import agenda.error_mail
 import agenda.holidays
@@ -28,7 +28,7 @@ app = flask.Flask(__name__)
 app.debug = False
 app.config.from_object("config.default")
 
-app.before_request(agenda.auth.require_authentication)
+app.before_request(UniAuth.auth.require_authentication)
 
 agenda.error_mail.setup_error_mail(app)