sartography
/
spiffworkflow-backend
mirror of https://github.com/sartography/spiffworkflow-backend.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added logout_return call w/ cullerton

This commit is contained in:
jasquat 2022-07-28 12:08:31 -04:00
parent 8bb9868b2e
commit a13dcb94df
4 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/spiffworkflow_backend/api.yml
View File

@ -52,6 +52,17 @@ paths:
'200':
description: Test Return Response
/logout:
parameters:
- name: id_token
in: query
required: true
schema:
type: string
- name: redirect_url
in: query
required: false
schema:
type: string
get:
security: []
operationId: spiffworkflow_backend.routes.user.logout
@ -61,6 +72,16 @@ paths:
responses:
'200':
description: Logout Authenticated User
/logout_return:
get:
security: []
operationId: spiffworkflow_backend.routes.user.logout_return
summary: Logout authenticated user
tags:
- Authentication
responses:
'200':
description: Logout Authenticated User
/login_swagger:
parameters:

4
src/spiffworkflow_backend/config/default.py
View File

@ -15,6 +15,6 @@ CORS_ALLOW_ORIGINS = re.split(
# Keycloak server
KEYCLOAK_SERVER_URL = environ.get("KEYCLOAK_SERVER_URL", default="http://localhost:7002")
KEYCLOAK_CLIENT_ID = environ.get("KEYCLOAK_CLIENT_ID", default="spiffworkflow_backend")
KEYCLOAK_CLIENT_ID = environ.get("KEYCLOAK_CLIENT_ID", default="spiffworkflow-backend")
KEYCLOAK_REALM_NAME = environ.get("KEYCLOAK_REALM_NAME", default="spiffworkflow")
KEYCLOAK_CLIENT_SECRET_KEY = environ.get("KEYCLOAK_CLIENT_SECRET_KEY", default="seciKpRanUReL0ksZaFm5nfjhMUKHVAO") # noqa: S105
KEYCLOAK_CLIENT_SECRET_KEY = environ.get("KEYCLOAK_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q") # noqa: S105

13
src/spiffworkflow_backend/routes/user.py
View File

@ -77,7 +77,7 @@ def verify_token(token: Optional[str] = None) -> Dict[str, Optional[str]]:
except Exception as e:
current_app.logger.error(f"Exception raised while adding user in get_token: {e}")
raise ApiError(code="fail_add_user_model",
message="Cannot add user in verify_token")
message="Cannot add user in verify_token") from e
if user_model:
g.user = user_model.id
@ -174,14 +174,17 @@ def login_return(code, state, session_state):
if user_model:
g.user = user_model.id
return redirect(f"http://localhost:7001/?token={id_token_object['access_token']}")
return redirect(f"http://localhost:7001/?access_token={id_token_object['access_token']}&id_token={id_token}")
# return f"{code} {state} {id_token}"
def logout():
return PublicAuthenticationService().logout()
def logout(id_token: str, redirect_url: str | None):
return PublicAuthenticationService().logout(id_token=id_token, redirect_url=redirect_url)
def logout_return():
return redirect(f"http://localhost:7001/")
def is_internal_token(token) -> bool:
decoded_token = UserModel.decode_auth_token(token)
print("is_internal_token")
return True
return True

12
src/spiffworkflow_backend/services/authentication_service.py
View File

@ -38,9 +38,15 @@ class PublicAuthenticationService:
It uses a separate public keycloak client: spiffworkflow-frontend
Used during development to make testing easy.
"""
def logout(self):
def logout(self, redirect_url: str='/', id_token: str | None=None):
if id_token is None:
raise ApiError(code='missing_id_token',
message="id_token is missing",
status_code=400)
return_redirect_url = 'http://localhost:7000/v1.0/logout_return'
keycloak_server_url, keycloak_client_id, keycloak_realm_name, keycloak_client_secret_key = get_keycloak_args()
request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/logout"
request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/logout?post_logout_redirect_uri={return_redirect_url}&id_token_hint={id_token}"
return redirect(request_url)
@ -216,4 +222,4 @@ class KeycloakAuthenticationService:
class KeyCloak:
"""Class to interact with KeyCloak server for authorization"""
"""Class to interact with KeyCloak server for authorization"""