logout works now and queryparams are getting passed correctly on login now

This commit is contained in:
jasquat 2023-01-12 10:29:37 -05:00
parent 8c3f855246
commit aa6546656e
7 changed files with 49 additions and 96 deletions

View File

@ -9,7 +9,6 @@ def main() -> None:
"""Main."""
app = create_app()
with app.app_context():
print("HEY")
failing_process_models = DataSetupService.save_all_process_models()
for bpmn_errors in failing_process_models:
print(bpmn_errors)

View File

@ -4,7 +4,6 @@ from typing import Any
from typing import Optional
import flask.wrappers
from flask import current_app
from flask import g
from flask import jsonify
from flask import make_response
@ -89,13 +88,7 @@ def process_group_list(
"pages": pages,
},
}
# response = make_response(jsonify(response_json), 200)
response = Response(
json.dumps(response_json), status=200, mimetype="application/json"
)
current_app.logger.info("SETTING COOKIE")
response.set_cookie("TEST_COOKIE", "HEY1")
return response
return make_response(jsonify(response_json), 200)
def process_group_show(

View File

@ -62,9 +62,7 @@ def verify_token(
token = request.headers["Authorization"].removeprefix("Bearer ")
# This should never be set here but just in case
tld = current_app.config["THREAD_LOCAL_DATA"]
if hasattr(tld, "new_access_token"):
tld.new_access_token = None
_clear_auth_tokens_from_thread_local_data()
if token:
user_model = None
@ -100,9 +98,9 @@ def verify_token(
)
)
if auth_token and "error" not in auth_token:
print("SETTING NEW TOKEN")
print(f"auth_token: {auth_token}")
tld = current_app.config["THREAD_LOCAL_DATA"]
tld.new_access_token = auth_token["access_token"]
tld.new_id_token = auth_token["id_token"]
# We have the user, but this code is a bit convoluted, and will later demand
# a user_info object so it can look up the user. Sorry to leave this crap here.
user_info = {
@ -178,11 +176,24 @@ def verify_token(
def set_new_access_token_in_cookie(
response: flask.wrappers.Response,
) -> flask.wrappers.Response:
"""Set_new_access_token_in_cookie."""
"""Checks if a new token has been set in THREAD_LOCAL_DATA and sets cookies if appropriate.
It will also delete the cookies if the user has logged out.
"""
tld = current_app.config["THREAD_LOCAL_DATA"]
if hasattr(tld, "new_access_token") and tld.new_access_token:
response.set_cookie("access_token", tld.new_access_token)
tld.new_access_token = None
# id_token is required for logging out since this gets passed back to the openid server
if hasattr(tld, "new_id_token") and tld.new_id_token:
response.set_cookie("id_token", tld.new_id_token)
if hasattr(tld, 'user_has_logged_out') and tld.user_has_logged_out:
response.set_cookie("id_token", '', max_age=0)
response.set_cookie("access_token", '', max_age=0)
_clear_auth_tokens_from_thread_local_data()
return response
@ -249,12 +260,12 @@ def login_return(code: str, state: str, session_state: str) -> Optional[Response
user_model.id, auth_token_object["refresh_token"]
)
redirect_url = (
f"{state_redirect_url}?"
+ f"access_token={auth_token_object['access_token']}&"
+ f"id_token={id_token}"
f"{state_redirect_url}"
)
tld = current_app.config["THREAD_LOCAL_DATA"]
tld.new_access_token = auth_token_object["access_token"]
tld.new_id_token = auth_token_object["id_token"]
print(f"REDIRECT_URL: {redirect_url}")
return redirect(redirect_url)
raise ApiError(
@ -300,6 +311,8 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response:
"""Logout."""
if redirect_url is None:
redirect_url = ""
tld = current_app.config["THREAD_LOCAL_DATA"]
tld.user_has_logged_out = True
return AuthenticationService().logout(redirect_url=redirect_url, id_token=id_token)
@ -328,15 +341,6 @@ def get_decoded_token(token: str) -> Optional[Dict]:
error_code="unknown_token",
message="Unknown token type in get_decoded_token",
)
# try:
# # see if we have an open_id token
# decoded_token = AuthorizationService.decode_auth_token(token)
# else:
# if 'sub' in decoded_token and 'iss' in decoded_token and 'aud' in decoded_token:
# token_type = 'id_token'
# if 'token_type' in decoded_token and 'sub' in decoded_token:
# return True
def get_scope(token: str) -> str:
@ -363,3 +367,14 @@ def get_user_from_decoded_internal_token(decoded_token: dict) -> Optional[UserMo
return user
user = UserService.create_user(service_id, service, service_id)
return user
def _clear_auth_tokens_from_thread_local_data() -> None:
"""_clear_auth_tokens_from_thread_local_data."""
tld = current_app.config["THREAD_LOCAL_DATA"]
if hasattr(tld, "new_access_token"):
delattr(tld, "new_access_token")
if hasattr(tld, "new_id_token"):
delattr(tld, "new_id_token")
if hasattr(tld, "user_has_logged_out"):
delattr(tld, "user_has_logged_out")

View File

@ -64,9 +64,7 @@ class AuthenticationService:
openid_config_url = f"{cls.server_url()}/.well-known/openid-configuration"
print(f"openid_config_url: {openid_config_url}")
if name not in AuthenticationService.ENDPOINT_CACHE:
print("BEFORE")
response = requests.get(openid_config_url)
print("AFTER")
AuthenticationService.ENDPOINT_CACHE = response.json()
if name not in AuthenticationService.ENDPOINT_CACHE:
raise Exception(
@ -95,6 +93,7 @@ class AuthenticationService:
@staticmethod
def generate_state(redirect_url: str) -> bytes:
"""Generate_state."""
print(f"REDIRECT_URL_HEY: {redirect_url}")
state = base64.b64encode(bytes(str({"redirect_url": redirect_url}), "UTF-8"))
return state
@ -103,6 +102,7 @@ class AuthenticationService:
) -> str:
"""Get_login_redirect_url."""
return_redirect_url = f"{self.get_backend_url()}{redirect_url}"
print(f"RETURN_REDIRECT_URL_ONE: {return_redirect_url}")
login_redirect_url = (
self.open_id_endpoint_for_name("authorization_endpoint")
+ f"?state={state}&"

View File

@ -412,59 +412,6 @@ class AuthorizationService:
status_code=403,
)
# def refresh_token(self, token: str) -> str:
# """Refresh_token."""
# # if isinstance(token, str):
# # token = eval(token)
# (
# open_id_server_url,
# open_id_client_id,
# open_id_realm_name,
# open_id_client_secret_key,
# ) = AuthorizationService.get_open_id_args()
# headers = {"Content-Type": "application/x-www-form-urlencoded"}
# request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token"
# data = {
# "grant_type": "refresh_token",
# "client_id": "spiffworkflow-frontend",
# "subject_token": token,
# "refresh_token": token,
# }
# refresh_response = requests.post(request_url, headers=headers, data=data)
# refresh_token = json.loads(refresh_response.text)
# return refresh_token
# def get_bearer_token(self, basic_token: str) -> dict:
# """Get_bearer_token."""
# (
# open_id_server_url,
# open_id_client_id,
# open_id_realm_name,
# open_id_client_secret_key,
# ) = AuthorizationService.get_open_id_args()
#
# backend_basic_auth_string = f"{open_id_client_id}:{open_id_client_secret_key}"
# backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")
# backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)
#
# headers = {
# "Content-Type": "application/x-www-form-urlencoded",
# "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
# }
# data = {
# "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
# "client_id": open_id_client_id,
# "subject_token": basic_token,
# "audience": open_id_client_id,
# }
# request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token"
#
# backend_response = requests.post(request_url, headers=headers, data=data)
# # json_data = json.loads(backend_response.text)
# # bearer_token = json_data['access_token']
# bearer_token: dict = json.loads(backend_response.text)
# return bearer_token
@staticmethod
def decode_auth_token(auth_token: str) -> dict[str, Union[str, None]]:
"""Decode the auth token.

View File

@ -208,10 +208,10 @@ export const refreshAtInterval = (
timeout: number,
func: Function
) => {
const intervalRef = setInterval(() => func(), interval * 1000);
const intervalRef = setInterval(() => func(), interval * 100000);
const timeoutRef = setTimeout(
() => clearInterval(intervalRef),
timeout * 1000
timeout * 100000
);
return () => {
clearInterval(intervalRef);

View File

@ -19,25 +19,24 @@ const getCookie = (key: string) => {
return null;
};
// const getCurrentLocation = (queryParams: string = window.location.search) => {
const getCurrentLocation = () => {
const queryParamString = '';
// if (queryParams) {
// queryParamString = `?${queryParams}`;
// }
return `${window.location.origin}${window.location.pathname}${queryParamString}`;
const getCurrentLocation = (queryParams: string = window.location.search) => {
let queryParamString = '';
if (queryParams) {
queryParamString = `${queryParams}`;
}
return encodeURIComponent(
`${window.location.origin}${window.location.pathname}${queryParamString}`
);
};
const doLogin = () => {
const url = `${BACKEND_BASE_URL}/login?redirect_url=${getCurrentLocation()}`;
console.log('URL', url);
window.location.href = url;
};
// Use access_token for now since it seems to work but if we need the
// id token then set that in a cookie in backend as well
// required for logging out
const getIdToken = () => {
return getCookie('access_token');
return getCookie('id_token');
};
const doLogout = () => {