logout works now and queryparams are getting passed correctly on login now
This commit is contained in:
parent
8c3f855246
commit
aa6546656e
|
@ -9,7 +9,6 @@ def main() -> None:
|
|||
"""Main."""
|
||||
app = create_app()
|
||||
with app.app_context():
|
||||
print("HEY")
|
||||
failing_process_models = DataSetupService.save_all_process_models()
|
||||
for bpmn_errors in failing_process_models:
|
||||
print(bpmn_errors)
|
||||
|
|
|
@ -4,7 +4,6 @@ from typing import Any
|
|||
from typing import Optional
|
||||
|
||||
import flask.wrappers
|
||||
from flask import current_app
|
||||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import make_response
|
||||
|
@ -89,13 +88,7 @@ def process_group_list(
|
|||
"pages": pages,
|
||||
},
|
||||
}
|
||||
# response = make_response(jsonify(response_json), 200)
|
||||
response = Response(
|
||||
json.dumps(response_json), status=200, mimetype="application/json"
|
||||
)
|
||||
current_app.logger.info("SETTING COOKIE")
|
||||
response.set_cookie("TEST_COOKIE", "HEY1")
|
||||
return response
|
||||
return make_response(jsonify(response_json), 200)
|
||||
|
||||
|
||||
def process_group_show(
|
||||
|
|
|
@ -62,9 +62,7 @@ def verify_token(
|
|||
token = request.headers["Authorization"].removeprefix("Bearer ")
|
||||
|
||||
# This should never be set here but just in case
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
if hasattr(tld, "new_access_token"):
|
||||
tld.new_access_token = None
|
||||
_clear_auth_tokens_from_thread_local_data()
|
||||
|
||||
if token:
|
||||
user_model = None
|
||||
|
@ -100,9 +98,9 @@ def verify_token(
|
|||
)
|
||||
)
|
||||
if auth_token and "error" not in auth_token:
|
||||
print("SETTING NEW TOKEN")
|
||||
print(f"auth_token: {auth_token}")
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
tld.new_access_token = auth_token["access_token"]
|
||||
tld.new_id_token = auth_token["id_token"]
|
||||
# We have the user, but this code is a bit convoluted, and will later demand
|
||||
# a user_info object so it can look up the user. Sorry to leave this crap here.
|
||||
user_info = {
|
||||
|
@ -178,11 +176,24 @@ def verify_token(
|
|||
def set_new_access_token_in_cookie(
|
||||
response: flask.wrappers.Response,
|
||||
) -> flask.wrappers.Response:
|
||||
"""Set_new_access_token_in_cookie."""
|
||||
"""Checks if a new token has been set in THREAD_LOCAL_DATA and sets cookies if appropriate.
|
||||
|
||||
It will also delete the cookies if the user has logged out.
|
||||
"""
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
if hasattr(tld, "new_access_token") and tld.new_access_token:
|
||||
response.set_cookie("access_token", tld.new_access_token)
|
||||
tld.new_access_token = None
|
||||
|
||||
# id_token is required for logging out since this gets passed back to the openid server
|
||||
if hasattr(tld, "new_id_token") and tld.new_id_token:
|
||||
response.set_cookie("id_token", tld.new_id_token)
|
||||
|
||||
if hasattr(tld, 'user_has_logged_out') and tld.user_has_logged_out:
|
||||
response.set_cookie("id_token", '', max_age=0)
|
||||
response.set_cookie("access_token", '', max_age=0)
|
||||
|
||||
_clear_auth_tokens_from_thread_local_data()
|
||||
|
||||
return response
|
||||
|
||||
|
||||
|
@ -249,12 +260,12 @@ def login_return(code: str, state: str, session_state: str) -> Optional[Response
|
|||
user_model.id, auth_token_object["refresh_token"]
|
||||
)
|
||||
redirect_url = (
|
||||
f"{state_redirect_url}?"
|
||||
+ f"access_token={auth_token_object['access_token']}&"
|
||||
+ f"id_token={id_token}"
|
||||
f"{state_redirect_url}"
|
||||
)
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
tld.new_access_token = auth_token_object["access_token"]
|
||||
tld.new_id_token = auth_token_object["id_token"]
|
||||
print(f"REDIRECT_URL: {redirect_url}")
|
||||
return redirect(redirect_url)
|
||||
|
||||
raise ApiError(
|
||||
|
@ -300,6 +311,8 @@ def logout(id_token: str, redirect_url: Optional[str]) -> Response:
|
|||
"""Logout."""
|
||||
if redirect_url is None:
|
||||
redirect_url = ""
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
tld.user_has_logged_out = True
|
||||
return AuthenticationService().logout(redirect_url=redirect_url, id_token=id_token)
|
||||
|
||||
|
||||
|
@ -328,15 +341,6 @@ def get_decoded_token(token: str) -> Optional[Dict]:
|
|||
error_code="unknown_token",
|
||||
message="Unknown token type in get_decoded_token",
|
||||
)
|
||||
# try:
|
||||
# # see if we have an open_id token
|
||||
# decoded_token = AuthorizationService.decode_auth_token(token)
|
||||
# else:
|
||||
# if 'sub' in decoded_token and 'iss' in decoded_token and 'aud' in decoded_token:
|
||||
# token_type = 'id_token'
|
||||
|
||||
# if 'token_type' in decoded_token and 'sub' in decoded_token:
|
||||
# return True
|
||||
|
||||
|
||||
def get_scope(token: str) -> str:
|
||||
|
@ -363,3 +367,14 @@ def get_user_from_decoded_internal_token(decoded_token: dict) -> Optional[UserMo
|
|||
return user
|
||||
user = UserService.create_user(service_id, service, service_id)
|
||||
return user
|
||||
|
||||
|
||||
def _clear_auth_tokens_from_thread_local_data() -> None:
|
||||
"""_clear_auth_tokens_from_thread_local_data."""
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
if hasattr(tld, "new_access_token"):
|
||||
delattr(tld, "new_access_token")
|
||||
if hasattr(tld, "new_id_token"):
|
||||
delattr(tld, "new_id_token")
|
||||
if hasattr(tld, "user_has_logged_out"):
|
||||
delattr(tld, "user_has_logged_out")
|
||||
|
|
|
@ -64,9 +64,7 @@ class AuthenticationService:
|
|||
openid_config_url = f"{cls.server_url()}/.well-known/openid-configuration"
|
||||
print(f"openid_config_url: {openid_config_url}")
|
||||
if name not in AuthenticationService.ENDPOINT_CACHE:
|
||||
print("BEFORE")
|
||||
response = requests.get(openid_config_url)
|
||||
print("AFTER")
|
||||
AuthenticationService.ENDPOINT_CACHE = response.json()
|
||||
if name not in AuthenticationService.ENDPOINT_CACHE:
|
||||
raise Exception(
|
||||
|
@ -95,6 +93,7 @@ class AuthenticationService:
|
|||
@staticmethod
|
||||
def generate_state(redirect_url: str) -> bytes:
|
||||
"""Generate_state."""
|
||||
print(f"REDIRECT_URL_HEY: {redirect_url}")
|
||||
state = base64.b64encode(bytes(str({"redirect_url": redirect_url}), "UTF-8"))
|
||||
return state
|
||||
|
||||
|
@ -103,6 +102,7 @@ class AuthenticationService:
|
|||
) -> str:
|
||||
"""Get_login_redirect_url."""
|
||||
return_redirect_url = f"{self.get_backend_url()}{redirect_url}"
|
||||
print(f"RETURN_REDIRECT_URL_ONE: {return_redirect_url}")
|
||||
login_redirect_url = (
|
||||
self.open_id_endpoint_for_name("authorization_endpoint")
|
||||
+ f"?state={state}&"
|
||||
|
|
|
@ -412,59 +412,6 @@ class AuthorizationService:
|
|||
status_code=403,
|
||||
)
|
||||
|
||||
# def refresh_token(self, token: str) -> str:
|
||||
# """Refresh_token."""
|
||||
# # if isinstance(token, str):
|
||||
# # token = eval(token)
|
||||
# (
|
||||
# open_id_server_url,
|
||||
# open_id_client_id,
|
||||
# open_id_realm_name,
|
||||
# open_id_client_secret_key,
|
||||
# ) = AuthorizationService.get_open_id_args()
|
||||
# headers = {"Content-Type": "application/x-www-form-urlencoded"}
|
||||
# request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token"
|
||||
# data = {
|
||||
# "grant_type": "refresh_token",
|
||||
# "client_id": "spiffworkflow-frontend",
|
||||
# "subject_token": token,
|
||||
# "refresh_token": token,
|
||||
# }
|
||||
# refresh_response = requests.post(request_url, headers=headers, data=data)
|
||||
# refresh_token = json.loads(refresh_response.text)
|
||||
# return refresh_token
|
||||
|
||||
# def get_bearer_token(self, basic_token: str) -> dict:
|
||||
# """Get_bearer_token."""
|
||||
# (
|
||||
# open_id_server_url,
|
||||
# open_id_client_id,
|
||||
# open_id_realm_name,
|
||||
# open_id_client_secret_key,
|
||||
# ) = AuthorizationService.get_open_id_args()
|
||||
#
|
||||
# backend_basic_auth_string = f"{open_id_client_id}:{open_id_client_secret_key}"
|
||||
# backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")
|
||||
# backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)
|
||||
#
|
||||
# headers = {
|
||||
# "Content-Type": "application/x-www-form-urlencoded",
|
||||
# "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
|
||||
# }
|
||||
# data = {
|
||||
# "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
|
||||
# "client_id": open_id_client_id,
|
||||
# "subject_token": basic_token,
|
||||
# "audience": open_id_client_id,
|
||||
# }
|
||||
# request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token"
|
||||
#
|
||||
# backend_response = requests.post(request_url, headers=headers, data=data)
|
||||
# # json_data = json.loads(backend_response.text)
|
||||
# # bearer_token = json_data['access_token']
|
||||
# bearer_token: dict = json.loads(backend_response.text)
|
||||
# return bearer_token
|
||||
|
||||
@staticmethod
|
||||
def decode_auth_token(auth_token: str) -> dict[str, Union[str, None]]:
|
||||
"""Decode the auth token.
|
||||
|
|
|
@ -208,10 +208,10 @@ export const refreshAtInterval = (
|
|||
timeout: number,
|
||||
func: Function
|
||||
) => {
|
||||
const intervalRef = setInterval(() => func(), interval * 1000);
|
||||
const intervalRef = setInterval(() => func(), interval * 100000);
|
||||
const timeoutRef = setTimeout(
|
||||
() => clearInterval(intervalRef),
|
||||
timeout * 1000
|
||||
timeout * 100000
|
||||
);
|
||||
return () => {
|
||||
clearInterval(intervalRef);
|
||||
|
|
|
@ -19,25 +19,24 @@ const getCookie = (key: string) => {
|
|||
return null;
|
||||
};
|
||||
|
||||
// const getCurrentLocation = (queryParams: string = window.location.search) => {
|
||||
const getCurrentLocation = () => {
|
||||
const queryParamString = '';
|
||||
// if (queryParams) {
|
||||
// queryParamString = `?${queryParams}`;
|
||||
// }
|
||||
return `${window.location.origin}${window.location.pathname}${queryParamString}`;
|
||||
const getCurrentLocation = (queryParams: string = window.location.search) => {
|
||||
let queryParamString = '';
|
||||
if (queryParams) {
|
||||
queryParamString = `${queryParams}`;
|
||||
}
|
||||
return encodeURIComponent(
|
||||
`${window.location.origin}${window.location.pathname}${queryParamString}`
|
||||
);
|
||||
};
|
||||
|
||||
const doLogin = () => {
|
||||
const url = `${BACKEND_BASE_URL}/login?redirect_url=${getCurrentLocation()}`;
|
||||
console.log('URL', url);
|
||||
window.location.href = url;
|
||||
};
|
||||
|
||||
// Use access_token for now since it seems to work but if we need the
|
||||
// id token then set that in a cookie in backend as well
|
||||
// required for logging out
|
||||
const getIdToken = () => {
|
||||
return getCookie('access_token');
|
||||
return getCookie('id_token');
|
||||
};
|
||||
|
||||
const doLogout = () => {
|
||||
|
|
Loading…
Reference in New Issue