status-im
/
spiff-arena
mirror of https://github.com/status-im/spiff-arena.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Not all open id systems have realms like KeyCloak does -- so removing this in favor of setting just one value - which is the base url of the openid system -- which will work across all openid systems.

This commit is contained in:
Dan 2022-11-30 11:51:20 -05:00
parent 975b961632
commit d63c410988
2 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
View File

@ -30,9 +30,8 @@ CONNECTOR_PROXY_URL = environ.get(
GIT_COMMIT_ON_SAVE = environ.get("GIT_COMMIT_ON_SAVE", default="false") == "true" GIT_COMMIT_ON_SAVE = environ.get("GIT_COMMIT_ON_SAVE", default="false") == "true"
# Open ID server # Open ID server
OPEN_ID_SERVER_URL = environ.get("OPEN_ID_SERVER_URL", default="http://localhost:7002") OPEN_ID_SERVER_URL = environ.get("OPEN_ID_SERVER_URL", default="http://localhost:7002/realms/spiffworkflow")
OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend") OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend")
OPEN_ID_REALM_NAME = environ.get("OPEN_ID_REALM_NAME", default="spiffworkflow")
OPEN_ID_CLIENT_SECRET_KEY = environ.get( OPEN_ID_CLIENT_SECRET_KEY = environ.get(
"OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q" "OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
) # noqa: S105 ) # noqa: S105

18
spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
View File

@ -15,7 +15,6 @@ from werkzeug.wrappers import Response
from spiffworkflow_backend.models.refresh_token import RefreshTokenModel from spiffworkflow_backend.models.refresh_token import RefreshTokenModel
class AuthenticationProviderTypes(enum.Enum): class AuthenticationProviderTypes(enum.Enum):
"""AuthenticationServiceProviders.""" """AuthenticationServiceProviders."""
@ -31,14 +30,12 @@ class AuthenticationService:
"""Get_open_id_args.""" """Get_open_id_args."""
open_id_server_url = current_app.config["OPEN_ID_SERVER_URL"] open_id_server_url = current_app.config["OPEN_ID_SERVER_URL"]
open_id_client_id = current_app.config["OPEN_ID_CLIENT_ID"] open_id_client_id = current_app.config["OPEN_ID_CLIENT_ID"]
open_id_realm_name = current_app.config["OPEN_ID_REALM_NAME"]
open_id_client_secret_key = current_app.config[ open_id_client_secret_key = current_app.config[
"OPEN_ID_CLIENT_SECRET_KEY" "OPEN_ID_CLIENT_SECRET_KEY"
] # noqa: S105 ] # noqa: S105
return ( return (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) )
@ -55,11 +52,10 @@ class AuthenticationService:
( (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) = AuthenticationService.get_open_id_args() ) = AuthenticationService.get_open_id_args()
request_url = ( request_url = (
f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/logout?" f"{open_id_server_url}/protocol/openid-connect/logout?"
+ f"post_logout_redirect_uri={return_redirect_url}&" + f"post_logout_redirect_uri={return_redirect_url}&"
+ f"id_token_hint={id_token}" + f"id_token_hint={id_token}"
) )
@ -79,12 +75,11 @@ class AuthenticationService:
( (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) = AuthenticationService.get_open_id_args() ) = AuthenticationService.get_open_id_args()
return_redirect_url = f"{self.get_backend_url()}{redirect_url}" return_redirect_url = f"{self.get_backend_url()}{redirect_url}"
login_redirect_url = ( login_redirect_url = (
f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/auth?" f"{open_id_server_url}/protocol/openid-connect/auth?"
+ f"state={state}&" + f"state={state}&"
+ "response_type=code&" + "response_type=code&"
+ f"client_id={open_id_client_id}&" + f"client_id={open_id_client_id}&"
@ -100,7 +95,6 @@ class AuthenticationService:
( (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) = AuthenticationService.get_open_id_args() ) = AuthenticationService.get_open_id_args()
@ -117,7 +111,7 @@ class AuthenticationService:
"redirect_uri": f"{self.get_backend_url()}{redirect_url}", "redirect_uri": f"{self.get_backend_url()}{redirect_url}",
} }
request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token" request_url = f"{open_id_server_url}/protocol/openid-connect/token"
response = requests.post(request_url, data=data, headers=headers) response = requests.post(request_url, data=data, headers=headers)
auth_token_object: dict = json.loads(response.text) auth_token_object: dict = json.loads(response.text)
@ -131,7 +125,6 @@ class AuthenticationService:
( (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) = cls.get_open_id_args() ) = cls.get_open_id_args()
try: try:
@ -142,7 +135,7 @@ class AuthenticationService:
message="Cannot decode id_token", message="Cannot decode id_token",
status_code=401, status_code=401,
) from e ) from e
if decoded_token["iss"] != f"{open_id_server_url}/realms/{open_id_realm_name}": if decoded_token["iss"] != open_id_server_url:
valid = False valid = False
elif ( elif (
open_id_client_id not in decoded_token["aud"] open_id_client_id not in decoded_token["aud"]
@ -207,7 +200,6 @@ class AuthenticationService:
( (
open_id_server_url, open_id_server_url,
open_id_client_id, open_id_client_id,
open_id_realm_name,
open_id_client_secret_key, open_id_client_secret_key,
) = cls.get_open_id_args() ) = cls.get_open_id_args()
@ -226,7 +218,7 @@ class AuthenticationService:
"client_secret": open_id_client_secret_key, "client_secret": open_id_client_secret_key,
} }
request_url = f"{open_id_server_url}/realms/{open_id_realm_name}/protocol/openid-connect/token" request_url = f"{open_id_server_url}/protocol/openid-connect/token"
response = requests.post(request_url, data=data, headers=headers) response = requests.post(request_url, data=data, headers=headers)
auth_token_object: dict = json.loads(response.text) auth_token_object: dict = json.loads(response.text)