hns-login/website/routes.py

import time
from .varo_auth import flask_login as varo_auth_flask_login
from flask import Blueprint, request, session, url_for
from flask import render_template, redirect, jsonify, send_from_directory
from werkzeug.security import gen_salt
from authlib.integrations.flask_oauth2 import current_token
from authlib.oauth2 import OAuth2Error
from .models import db, User, OAuth2Client
from .oauth2 import authorization, require_oauth


bp = Blueprint("home", __name__)


def current_user():
    if "id" in session:
        uid = session["id"]
        return User.query.get(uid)
    return None


def split_by_crlf(s):
    return [v for v in s.splitlines() if v]


@bp.route("/", methods=("GET", "POST"))
def home():
    next_page = request.args.get("next")
    if request.method == "POST":
        auth = varo_auth_flask_login(request)
        if auth == False:
            return redirect("/?error=login_failed")
        print(auth)
        user = User.query.filter_by(username=auth).first()
        if not user:
            user = User(username=auth)
            db.session.add(user)
            db.session.commit()
        session["id"] = user.id
        # if user is not just to log in, but need to head back to the auth page, then go for it
        if next_page:
            return redirect(next_page)
        return redirect("/")
    user = current_user()
    if user:
        clients = OAuth2Client.query.filter_by(user_id=user.id).all()
        if next_page:
            return redirect(next_page)
    else:
        clients = []

    return render_template("home.html", user=user, clients=clients)


@bp.route("/logout")
def logout():
    del session["id"]
    next = request.args.get("next")
    if next:
        return redirect(url_for("home.home", next=next))

    return redirect("/")


@bp.route("/create_client", methods=("GET", "POST"))
def create_client():
    user = current_user()
    if not user:
        return redirect("/")
    if request.method == "GET":
        return render_template("create_client.html")

    client_id = gen_salt(24)
    client_id_issued_at = int(time.time())
    client = OAuth2Client(
        client_id=client_id,
        client_id_issued_at=client_id_issued_at,
        user_id=user.id,
    )

    form = request.form
    client_metadata = {
        "client_name": form["client_name"],
        "client_uri": form["client_uri"],
        "grant_types": split_by_crlf(form["grant_type"]),
        "redirect_uris": split_by_crlf(form["redirect_uri"]),
        "response_types": split_by_crlf(form["response_type"]),
        "scope": form["scope"],
        "token_endpoint_auth_method": form["token_endpoint_auth_method"],
    }
    client.set_client_metadata(client_metadata)

    if form["token_endpoint_auth_method"] == "none":
        client.client_secret = ""
    else:
        client.client_secret = gen_salt(48)

    db.session.add(client)
    db.session.commit()
    return redirect("/")


@bp.route("/delete_client")
def delete_client():
    user = current_user()
    if not user:
        return redirect("/")
    if user.id != 1:
        return redirect("/")

    client_id = request.args.get("client_id")
    client = OAuth2Client.query.filter_by(client_id=client_id).first()
    if client:
        db.session.delete(client)
        db.session.commit()
    return redirect("/")


@bp.route("/oauth/authorize", methods=["GET", "POST"])
def authorize():
    user = current_user()
    # if user log status is not true (Auth server), then to log it in
    if not user:
        return redirect(url_for("home.home", next=request.url))
    if request.method == "GET":
        try:
            grant = authorization.get_consent_grant(end_user=user)
        except OAuth2Error as error:
            return error.error
        return render_template("authorize.html", user=user, grant=grant)

    grant_user = user

    return authorization.create_authorization_response(grant_user=grant_user)


@bp.route("/oauth/token", methods=["POST"])
def issue_token():
    return authorization.create_token_response()


@bp.route("/oauth/revoke", methods=["POST"])
def revoke_token():
    return authorization.create_endpoint_response("revocation")


@bp.route("/api/me")
@require_oauth(["profile", "openid"])
def api_me():
    user = current_token.user
    print(user.id, user.username, flush=True)
    userInfo = {
        "id": user.id,
        "uid": user.id,
        "username": user.username,
        "email": f"{user.username}@login.hns.au",
        "displayName": user.username + "/",
        "sub": user.id,
        "name": user.username,
        "given_name": user.username,
        "family_name": user.username,
        "nickname": user.username,
        "preferred_username": user.username,
        "profile": f"https://login.hns.au/u/{user.username}",
        "picture": f"https://login.hns.au/u/{user.username}/avatar",
        "website": f"https://{user.username}",
        "email_verified": True
    }
    print(userInfo, flush=True)
    # a = [
    #     "sub",
    #     "name",
    #     "given_name",
    #     "family_name",
    #     "middle_name",
    #     "nickname",
    #     "preferred_username",
    #     "profile",
    #     "picture",
    #     "website",
    #     "email",
    #     "email_verified",
    #     "gender",
    #     "birthdate",
    #     "zoneinfo",
    #     "locale",
    #     "phone_number",
    #     "phone_number_verified",
    #     "address",
    #     "updated_at",
    # ]
    return jsonify(userInfo)


@bp.route("/discovery")
def autodiscovery():
    host = request.host
    discovery = {
        "issuer": f"https://{host}/",
        "authorization_endpoint": f"https://{host}/oauth/authorize",
        "token_endpoint": f"https://{host}/oauth/token",
        "userinfo_endpoint": f"https://{host}/api/me",
        "revocation_endpoint": f"https://{host}/oauth/revoke",
        "response_types_supported": ["code"],
        "subject_types_supported": ["public"],
        "id_token_signing_alg_values_supported": ["RS256"],
        "scopes_supported": ["openid", "email", "profile"],
        "token_endpoint_auth_methods_supported": [
            "client_secret_basic",
            "client_secret_post",
        ],
        "grant_types_supported": ["authorization_code"],
    }

    return jsonify(discovery)


@bp.route("/favicon.png")
def favicon():
    return send_from_directory("templates", "favicon.png", mimetype="image/png")
feat: Push initial version 2024-02-09 23:04:20 +11:00			`import time`
			`from .varo_auth import flask_login as varo_auth_flask_login`
			`from flask import Blueprint, request, session, url_for`
			`from flask import render_template, redirect, jsonify, send_from_directory`
			`from werkzeug.security import gen_salt`
			`from authlib.integrations.flask_oauth2 import current_token`
			`from authlib.oauth2 import OAuth2Error`
			`from .models import db, User, OAuth2Client`
			`from .oauth2 import authorization, require_oauth`


feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`bp = Blueprint("home", __name__)`
feat: Push initial version 2024-02-09 23:04:20 +11:00

			`def current_user():`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`if "id" in session:`
			`uid = session["id"]`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`return User.query.get(uid)`
			`return None`


			`def split_by_crlf(s):`
			`return [v for v in s.splitlines() if v]`


feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/", methods=("GET", "POST"))`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def home():`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`next_page = request.args.get("next")`
			`if request.method == "POST":`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`auth = varo_auth_flask_login(request)`
			`if auth == False:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/?error=login_failed")`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`print(auth)`
			`user = User.query.filter_by(username=auth).first()`
			`if not user:`
			`user = User(username=auth)`
			`db.session.add(user)`
			`db.session.commit()`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`session["id"] = user.id`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`# if user is not just to log in, but need to head back to the auth page, then go for it`
			`if next_page:`
			`return redirect(next_page)`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`user = current_user()`
			`if user:`
			`clients = OAuth2Client.query.filter_by(user_id=user.id).all()`
			`if next_page:`
			`return redirect(next_page)`
			`else:`
			`clients = []`

feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return render_template("home.html", user=user, clients=clients)`
feat: Push initial version 2024-02-09 23:04:20 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00
			`@bp.route("/logout")`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def logout():`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`del session["id"]`
			`next = request.args.get("next")`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`if next:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect(url_for("home.home", next=next))`
feat: Push initial version 2024-02-09 23:04:20 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
feat: Push initial version 2024-02-09 23:04:20 +11:00

feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/create_client", methods=("GET", "POST"))`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def create_client():`
			`user = current_user()`
			`if not user:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
			`if request.method == "GET":`
			`return render_template("create_client.html")`
feat: Push initial version 2024-02-09 23:04:20 +11:00
			`client_id = gen_salt(24)`
			`client_id_issued_at = int(time.time())`
			`client = OAuth2Client(`
			`client_id=client_id,`
			`client_id_issued_at=client_id_issued_at,`
			`user_id=user.id,`
			`)`

			`form = request.form`
			`client_metadata = {`
			`"client_name": form["client_name"],`
			`"client_uri": form["client_uri"],`
			`"grant_types": split_by_crlf(form["grant_type"]),`
			`"redirect_uris": split_by_crlf(form["redirect_uri"]),`
			`"response_types": split_by_crlf(form["response_type"]),`
			`"scope": form["scope"],`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`"token_endpoint_auth_method": form["token_endpoint_auth_method"],`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`}`
			`client.set_client_metadata(client_metadata)`

feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`if form["token_endpoint_auth_method"] == "none":`
			`client.client_secret = ""`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`else:`
			`client.client_secret = gen_salt(48)`

			`db.session.add(client)`
			`db.session.commit()`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`

feat: Push initial version 2024-02-09 23:04:20 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/delete_client")`
feat: Add delete client api 2024-02-13 22:46:46 +11:00			`def delete_client():`
			`user = current_user()`
			`if not user:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
feat: Add delete client api 2024-02-13 22:46:46 +11:00			`if user.id != 1:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
feat: Add delete client api 2024-02-13 22:46:46 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`client_id = request.args.get("client_id")`
feat: Add delete client api 2024-02-13 22:46:46 +11:00			`client = OAuth2Client.query.filter_by(client_id=client_id).first()`
			`if client:`
			`db.session.delete(client)`
			`db.session.commit()`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect("/")`
feat: Add delete client api 2024-02-13 22:46:46 +11:00
feat: Push initial version 2024-02-09 23:04:20 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/oauth/authorize", methods=["GET", "POST"])`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def authorize():`
			`user = current_user()`
			`# if user log status is not true (Auth server), then to log it in`
			`if not user:`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return redirect(url_for("home.home", next=request.url))`
			`if request.method == "GET":`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`try:`
			`grant = authorization.get_consent_grant(end_user=user)`
			`except OAuth2Error as error:`
			`return error.error`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return render_template("authorize.html", user=user, grant=grant)`

feat: Push initial version 2024-02-09 23:04:20 +11:00			`grant_user = user`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00
feat: Push initial version 2024-02-09 23:04:20 +11:00			`return authorization.create_authorization_response(grant_user=grant_user)`


feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/oauth/token", methods=["POST"])`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def issue_token():`
			`return authorization.create_token_response()`


feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/oauth/revoke", methods=["POST"])`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def revoke_token():`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return authorization.create_endpoint_response("revocation")`
feat: Push initial version 2024-02-09 23:04:20 +11:00

feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/api/me")`
			`@require_oauth(["profile", "openid"])`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def api_me():`
			`user = current_token.user`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`print(user.id, user.username, flush=True)`
			`userInfo = {`
			`"id": user.id,`
feat: Add more info to auth request 2024-06-13 16:13:27 +10:00			`"uid": user.id,`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`"username": user.username,`
			`"email": f"{user.username}@login.hns.au",`
			`"displayName": user.username + "/",`
			`"sub": user.id,`
			`"name": user.username,`
			`"given_name": user.username,`
			`"family_name": user.username,`
			`"nickname": user.username,`
			`"preferred_username": user.username,`
			`"profile": f"https://login.hns.au/u/{user.username}",`
			`"picture": f"https://login.hns.au/u/{user.username}/avatar",`
feat: Add more info to auth request 2024-06-13 16:13:27 +10:00			`"website": f"https://{user.username}",`
			`"email_verified": True`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`}`
			`print(userInfo, flush=True)`
			`# a = [`
			`# "sub",`
			`# "name",`
			`# "given_name",`
			`# "family_name",`
			`# "middle_name",`
			`# "nickname",`
			`# "preferred_username",`
			`# "profile",`
			`# "picture",`
			`# "website",`
			`# "email",`
			`# "email_verified",`
			`# "gender",`
			`# "birthdate",`
			`# "zoneinfo",`
			`# "locale",`
			`# "phone_number",`
			`# "phone_number_verified",`
			`# "address",`
			`# "updated_at",`
			`# ]`
			`return jsonify(userInfo)`


			`@bp.route("/discovery")`
feat: Add test auto discovery 2024-02-20 22:32:24 +11:00			`def autodiscovery():`
			`host = request.host`
			`discovery = {`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`"issuer": f"https://{host}/",`
			`"authorization_endpoint": f"https://{host}/oauth/authorize",`
			`"token_endpoint": f"https://{host}/oauth/token",`
			`"userinfo_endpoint": f"https://{host}/api/me",`
			`"revocation_endpoint": f"https://{host}/oauth/revoke",`
			`"response_types_supported": ["code"],`
			`"subject_types_supported": ["public"],`
			`"id_token_signing_alg_values_supported": ["RS256"],`
			`"scopes_supported": ["openid", "email", "profile"],`
			`"token_endpoint_auth_methods_supported": [`
			`"client_secret_basic",`
			`"client_secret_post",`
			`],`
			`"grant_types_supported": ["authorization_code"],`
			`}`
feat: Add test auto discovery 2024-02-20 22:32:24 +11:00
			`return jsonify(discovery)`

feat: Push initial version 2024-02-09 23:04:20 +11:00
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`@bp.route("/favicon.png")`
feat: Push initial version 2024-02-09 23:04:20 +11:00			`def favicon():`
feat: Try to add more info to user info route 2024-06-13 16:07:38 +10:00			`return send_from_directory("templates", "favicon.png", mimetype="image/png")`