mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2025-01-24 23:36:48 -06:00
a726635290
2) Fixed OAuth2 integration redirect issue. Fixes #6719 Initial patch for 6657 sent by: Tom Schreiber
120 lines
3.9 KiB
Python
120 lines
3.9 KiB
Python
##########################################################################
|
|
#
|
|
# pgAdmin 4 - PostgreSQL Tools
|
|
#
|
|
# Copyright (C) 2013 - 2021, The pgAdmin Development Team
|
|
# This software is released under the PostgreSQL Licence
|
|
#
|
|
##########################################################################
|
|
|
|
"""A blueprint module implementing the Webserver authentication."""
|
|
|
|
import random
|
|
import string
|
|
import config
|
|
from flask import request, current_app, session, Response, render_template, \
|
|
url_for
|
|
from flask_babelex import gettext
|
|
from flask_security import login_user
|
|
from .internal import BaseAuthentication
|
|
from pgadmin.model import User
|
|
from pgadmin.tools.user_management import create_user
|
|
from pgadmin.utils.constants import WEBSERVER
|
|
from pgadmin.utils import PgAdminModule
|
|
from pgadmin.utils.csrf import pgCSRFProtect
|
|
from flask_security.utils import logout_user
|
|
from os import environ, path, remove
|
|
|
|
|
|
class WebserverModule(PgAdminModule):
|
|
def register(self, app, options, first_registration=False):
|
|
# Do not look for the sub_modules,
|
|
# instead call blueprint.register(...) directly
|
|
super(PgAdminModule, self).register(app, options, first_registration)
|
|
|
|
def get_exposed_url_endpoints(self):
|
|
return ['webserver.login',
|
|
'webserver.logout']
|
|
|
|
|
|
def init_app(app):
|
|
MODULE_NAME = 'webserver'
|
|
|
|
blueprint = WebserverModule(MODULE_NAME, __name__, static_url_path='')
|
|
|
|
@blueprint.route("/login",
|
|
endpoint="login", methods=["GET"])
|
|
@pgCSRFProtect.exempt
|
|
def webserver_login():
|
|
logout_user()
|
|
return Response(render_template("browser/kerberos_login.html",
|
|
login_url=url_for('security.login'),
|
|
))
|
|
|
|
@blueprint.route("/logout",
|
|
endpoint="logout", methods=["GET"])
|
|
@pgCSRFProtect.exempt
|
|
def webserver_logout():
|
|
logout_user()
|
|
return Response(render_template("browser/kerberos_logout.html",
|
|
login_url=url_for('security.login'),
|
|
))
|
|
|
|
app.register_blueprint(blueprint)
|
|
|
|
|
|
class WebserverAuthentication(BaseAuthentication):
|
|
LOGIN_VIEW = 'webserver.login'
|
|
LOGOUT_VIEW = 'webserver.logout'
|
|
|
|
def get_source_name(self):
|
|
return WEBSERVER
|
|
|
|
def get_friendly_name(self):
|
|
return gettext("webserver")
|
|
|
|
def validate(self, form):
|
|
return True
|
|
|
|
def get_user(self):
|
|
return request.environ.get('REMOTE_USER')
|
|
|
|
def authenticate(self, form):
|
|
username = self.get_user()
|
|
|
|
if not username:
|
|
return False, gettext(
|
|
"Webserver authenticate failed.")
|
|
|
|
session['pass_enc_key'] = ''.join(
|
|
(random.choice(string.ascii_lowercase) for x in range(10)))
|
|
useremail = request.environ.get('mail')
|
|
if not useremail:
|
|
useremail = ''
|
|
return self.__auto_create_user(username, '')
|
|
|
|
def login(self, form):
|
|
username = self.get_user()
|
|
if username:
|
|
user = User.query.filter_by(username=username).first()
|
|
status = login_user(user)
|
|
if not status:
|
|
current_app.logger.exception(self.messages('LOGIN_FAILED'))
|
|
return False, self.messages('LOGIN_FAILED')
|
|
return True, None
|
|
return False, self.messages('LOGIN_FAILED')
|
|
|
|
def __auto_create_user(self, username, useremail):
|
|
"""Add the webserver user to the internal SQLite database."""
|
|
if config.WEBSERVER_AUTO_CREATE_USER:
|
|
user = User.query.filter_by(username=username).first()
|
|
if not user:
|
|
return create_user({
|
|
'username': username,
|
|
'email': useremail,
|
|
'role': 2,
|
|
'active': True,
|
|
'auth_source': WEBSERVER
|
|
})
|
|
return True, None
|