Switch to UniAuth.auth
This commit is contained in:
parent
5f0d2e884f
commit
fc36647d49
|
@ -1,36 +0,0 @@
|
||||||
"""Authentication via UniAuth."""
|
|
||||||
|
|
||||||
import flask
|
|
||||||
import werkzeug
|
|
||||||
from itsdangerous.url_safe import URLSafeTimedSerializer
|
|
||||||
|
|
||||||
max_age = 60 * 60 * 24 * 90
|
|
||||||
|
|
||||||
|
|
||||||
def verify_auth_token(token: str) -> str | None:
|
|
||||||
"""Verify the authentication token."""
|
|
||||||
serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
|
|
||||||
try:
|
|
||||||
username = serializer.loads(token, salt="auth", max_age=max_age)
|
|
||||||
except Exception:
|
|
||||||
return None
|
|
||||||
|
|
||||||
assert isinstance(username, str)
|
|
||||||
return username
|
|
||||||
|
|
||||||
|
|
||||||
def require_authentication() -> werkzeug.Response | None:
|
|
||||||
"""Require authentication and redirect with return URL."""
|
|
||||||
if not flask.current_app.config.get("REQUIRE_AUTH"):
|
|
||||||
return None
|
|
||||||
|
|
||||||
token = flask.request.cookies.get("auth_token")
|
|
||||||
if token and verify_auth_token(token):
|
|
||||||
return None
|
|
||||||
|
|
||||||
# Construct the redirect URL with the original URL as a parameter
|
|
||||||
return flask.redirect(
|
|
||||||
flask.current_app.config["UNIAUTH_URL"]
|
|
||||||
+ "/login?next="
|
|
||||||
+ werkzeug.urls.url_quote(flask.request.url)
|
|
||||||
)
|
|
|
@ -11,11 +11,11 @@ import typing
|
||||||
from datetime import date, datetime, timedelta
|
from datetime import date, datetime, timedelta
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
|
import UniAuth.auth
|
||||||
import werkzeug
|
import werkzeug
|
||||||
import werkzeug.debug.tbtools
|
import werkzeug.debug.tbtools
|
||||||
import yaml
|
import yaml
|
||||||
|
|
||||||
import agenda.auth
|
|
||||||
import agenda.data
|
import agenda.data
|
||||||
import agenda.error_mail
|
import agenda.error_mail
|
||||||
import agenda.holidays
|
import agenda.holidays
|
||||||
|
@ -28,7 +28,7 @@ app = flask.Flask(__name__)
|
||||||
app.debug = False
|
app.debug = False
|
||||||
app.config.from_object("config.default")
|
app.config.from_object("config.default")
|
||||||
|
|
||||||
app.before_request(agenda.auth.require_authentication)
|
app.before_request(UniAuth.auth.require_authentication)
|
||||||
|
|
||||||
agenda.error_mail.setup_error_mail(app)
|
agenda.error_mail.setup_error_mail(app)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue