-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #186 from ZeusWPI/feature/microsoft-auth
Add working microsoft login flow
- Loading branch information
Showing
11 changed files
with
146 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,32 @@ | ||
"Script for everything related to logging in and out" | ||
"""Script for everything related to logging in and out""" | ||
from flask import Blueprint, abort, redirect, session, url_for | ||
from flask_login import current_user, logout_user | ||
from models import User | ||
from werkzeug.wrappers import Response | ||
from zeus import zeus_login | ||
|
||
auth_bp = Blueprint("auth_bp", __name__) | ||
|
||
|
||
def init_login(app) -> None: | ||
"Initialize the login" | ||
"""Initialize the login""" | ||
|
||
# pylint: disable=W0612 | ||
@app.login_manager.user_loader | ||
def load_user(userid) -> User: | ||
"Load the user" | ||
"""Load the user""" | ||
return User.query.filter_by(id=userid).first() | ||
|
||
|
||
@auth_bp.route("/login") | ||
def login(): | ||
"Function to handle a user trying to log in" | ||
return zeus_login() | ||
|
||
|
||
@auth_bp.route("/logout") | ||
def logout() -> Response: | ||
"Function to handle a user trying to log out" | ||
"""Function to handle a user trying to log out""" | ||
if "zeus_token" in session: | ||
session.pop("zeus_token", None) | ||
logout_user() | ||
return redirect(url_for("general_bp.home")) | ||
|
||
|
||
def before_request() -> None: | ||
"Function for what has to be done before a request" | ||
"""Function for what has to be done before a request""" | ||
if current_user.is_anonymous() or not current_user.is_allowed(): | ||
abort(401) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
import typing | ||
|
||
from flask import Blueprint, url_for, request, redirect, flash, Response | ||
from flask_login import login_user | ||
from microsoftgraph.client import Client | ||
|
||
from config import Configuration | ||
from models import User, db | ||
|
||
auth_microsoft_bp = Blueprint("auth_microsoft_bp", __name__) | ||
|
||
client = Client(Configuration.MICROSOFT_AUTH_ID, | ||
Configuration.MICROSOFT_AUTH_SECRET, | ||
account_type='common') # by default common, thus account_type is optional parameter. | ||
|
||
|
||
def microsoft_login(): | ||
"""Log in using Microsoft""" | ||
scope = ["openid", "profile", "User.Read", "User.Read.All"] | ||
url = client.authorization_url(url_for("auth_microsoft_bp.authorized", _external=True), scope, state=None) | ||
return redirect(url) | ||
|
||
|
||
@auth_microsoft_bp.route("/login") | ||
def login(): | ||
"""Function to handle a user trying to log in""" | ||
return microsoft_login() | ||
|
||
|
||
@auth_microsoft_bp.route("callback") # "/authorized") | ||
def authorized() -> typing.Any: | ||
# type is 'typing.Union[str, Response]', but this errors due to | ||
# https://github.com/python/mypy/issues/7187 | ||
"""Check authorized status""" | ||
|
||
oauth_code = request.args['code'] | ||
|
||
resp = client.exchange_code(url_for("auth_microsoft_bp.authorized", _external=True), oauth_code) | ||
client.set_token(resp.data) | ||
|
||
resp = client.users.get_me() | ||
microsoft_uuid = resp.data['id'] | ||
username = resp.data['userPrincipalName'] | ||
|
||
# Fail if fields are not populated | ||
if not microsoft_uuid or not username: | ||
flash("You're not allowed to enter, please contact a system administrator") | ||
return redirect(url_for("general_bp.home")) | ||
|
||
# Find existing user by Microsoft UUID (userPrincipalName can change) | ||
user = User.query.filter_by(microsoft_uuid=microsoft_uuid).first() | ||
if user: | ||
return login_and_redirect_user(user) | ||
|
||
# Find existing user by username (pre-existing account) | ||
user = User.query.filter_by(username=username).first() | ||
if user: | ||
return login_and_redirect_user(user) | ||
|
||
# No user found, create a new one | ||
user = create_user(username, microsoft_uuid=microsoft_uuid) | ||
return login_and_redirect_user(user) | ||
|
||
|
||
def login_and_redirect_user(user) -> Response: | ||
"""Log in the user and then redirect them""" | ||
login_user(user) | ||
return redirect(url_for("general_bp.home")) | ||
|
||
|
||
def create_user(username, *, microsoft_uuid) -> User: | ||
"""Create a temporary user if it is needed""" | ||
user = User() | ||
user.configure(username, False, 1, microsoft_uuid=microsoft_uuid) | ||
db.session.add(user) | ||
db.session.commit() | ||
return user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,4 +12,5 @@ black | |
pymysql | ||
pyyaml | ||
tatsu<5.6 # >=5.6 needs Python >=3.8 | ||
microsoftgraph-python | ||
sentry-sdk[flask] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters